if you are looking for some code sample i dont have it for you.
while back i did implement interactive cert handling for LDAP
tools like ldapsearch, ldapmodify etc, similar to what you have
in Firefox when site certificate is invalid. that code never
made it to them tools because of bureaucracy and i dont have it
anymore. i dont remember what i was doing there exactly but you
should start with this NSS API
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1088928
On 14/04/2010 18:56, huican wrote:
Thanks. Anton,
Do you have more detailed suggestions, especially for 1:).
For:> 1:) And I am trying to let my ldap client (using c-sdk) to
accept some
authentication cases, such as:
===========
Certificate Has Expired.
Allow Self Signed
Certificate Not Yet Valid
...
Can the c-sdk allow me to override them?
I still do know how.
For> 2:) Also can NSS allow me to specify SSLVerifyDepth when
authentication the Cert from ldap server?
Probably NSS doesn't do that, so there is no way to achieve it.
For 3:) How can I specify the Cipher Suites I want to use for the ssl
connection?
I noticed that I can crack the lib API, such as:
ldapssl_advclientauth_init to SSL_CipherPrefSetDefault to do that.
So it is not a problem anymore.
Thanks
On Apr 14, 3:59 am, Anton Bobrov<[email protected]> wrote:
yes, you gonna have to address that via NSS SSL API.
On 14/04/2010 04:16, huican wrote:
Hello Anton,
Do you have any suggestions here? Is there any easy way to crack on
the csdk level? or I have to crack it on the NSS lib, and how?
I am using the ldap csdk 6.0.4.1.
Thanks
On Apr 12, 4:02 pm, huican<[email protected]> wrote:
Hello,
I read through the doc about the c-sdk about the "connection over
ssl". It is not very detailed, and now I have some questions.
1:) And I am trying to let my ldap client (using c-sdk) to accept some
authentication cases, such as:
===========
Certificate Has Expired.
Allow Self Signed
Certificate Not Yet Valid
...
Can the c-sdk allow me to override them?
2:) Also can NSS allow me to specify SSLVerifyDepth when
authentication the Cert from ldap server?
3:) How can I specify the Cipher Suites I want to use for the ssl
connection?
Thanks
Huican Ping
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
