The following session-handle options are specific to SSL and can
    be set by the ldap_set_option() function:

    o  LDAP_OPT_TLS_CERT_REQUIRED (0x7001) void *

       Set to LDAP_OPT_ON if the client library requires a server
       certificate to be present the next time the ldap_tls_start()
       function is called. The default value is LDAP_OPT_OFF; a
       server certificate is not required.

    o  LDAP_OPT_TLS_VERIFY_REQUIRED (0x7002) void *

       Set to LDAP_OPT_ON if the client library requires that a
       server certificate path be validated the next time the ldap_
       tls_start() function is called. The default value is LDAP_OPT_
       OFF; the server certificate, if any, is not verified.

    o  LDAP_OPT_TLS_CERT_FILE (0x7003) char *

       Set to the name of a file containing the client's certificate
       for use by the ldap_tls_start() function.

    o  LDAP_OPT_TLS_PKEY_FILE (0x7004) char *

       Set to the name of a file containing the client's private key
       for use by the ldap_tls_start() function.

    o  LDAP_OPT_TLS_CA_FILE (0x7005) char *

       Set to the name of a file containing CA public keys used for
       validation of the server by the ldap_tls_start() function.

    o  LDAP_OPT_TLS_CA_PATH (0x7006) char *

       Set to the name of a directory on disk containing CA public
       key files used for validation of the server by the ldap_tls_
       start() function.

    o  LDAP_OPT_TLS_VERSION (0x7007) int *

       Set to the desired SSL protocol version. This option takes one
       of the following values:

           1: TLSv1 only
          20: SSLv2 only
          23: SSLv2 or SSLv3
          30: SSLv3 only (default)
          31: TLSv1 only

    If LDAP_OPT_TLS_VERIFY_REQUIRED is set to ON, either the LDAP_
    OPT_TLS_CA_FILE or the LDAP_OPT_TLS_CA_PATH option must be set.

    If client authentication is required, both LDAP_OPT_TLS_CERT_FILE
    and LDAP_OPT_TLS_PKEY_FILE must be set.