Hello Anton, Thanks for your reply. On Apr 15, 8:48 pm, Anton Bobrov <[email protected]> wrote: > if you are looking for some code sample i dont have it for you. > while back i did implement interactive cert handling for LDAP > tools like ldapsearch, ldapmodify etc, similar to what you have > in Firefox when site certificate is invalid. that code never > made it to them tools because of bureaucracy and i dont have it > anymore. i dont remember what i was doing there exactly but you > should start with this NSS > APIhttp://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#... > > On 14/04/2010 18:56, huican wrote: > > > Thanks. Anton, > > > Do you have more detailed suggestions, especially for 1:). > > > For:> 1:) And I am trying to let my ldap client (using c-sdk) to > > accept some > >> authentication cases, such as: > >> =========== > >> Certificate Has Expired. > >> Allow Self Signed > >> Certificate Not Yet Valid > >> ... > >> Can the c-sdk allow me to override them? > > > I still do know how. > > > For> 2:) Also can NSS allow me to specify SSLVerifyDepth when > >> authentication the Cert from ldap server? > > > Probably NSS doesn't do that, so there is no way to achieve it. > > > For 3:) How can I specify the Cipher Suites I want to use for the ssl > >> connection? > > > I noticed that I can crack the lib API, such as: > > ldapssl_advclientauth_init to SSL_CipherPrefSetDefault to do that. > > So it is not a problem anymore. > > > Thanks > > > On Apr 14, 3:59 am, Anton Bobrov<[email protected]> wrote: > >> yes, you gonna have to address that via NSS SSL API. > > >> On 14/04/2010 04:16, huican wrote: > > >>> Hello Anton, > > >>> Do you have any suggestions here? Is there any easy way to crack on > >>> the csdk level? or I have to crack it on the NSS lib, and how? > >>> I am using the ldap csdk 6.0.4.1. > > >>> Thanks > > >>> On Apr 12, 4:02 pm, huican<[email protected]> wrote: > >>>> Hello, > > >>>> I read through the doc about the c-sdk about the "connection over > >>>> ssl". It is not very detailed, and now I have some questions. > > >>>> 1:) And I am trying to let my ldap client (using c-sdk) to accept some > >>>> authentication cases, such as: > >>>> =========== > >>>> Certificate Has Expired. > >>>> Allow Self Signed > >>>> Certificate Not Yet Valid > >>>> ... > >>>> Can the c-sdk allow me to override them? > > >>>> 2:) Also can NSS allow me to specify SSLVerifyDepth when > >>>> authentication the Cert from ldap server? > > >>>> 3:) How can I specify the Cipher Suites I want to use for the ssl > >>>> connection? > > >>>> Thanks > >>>> Huican Ping > > >>> _______________________________________________ > >>> dev-tech-ldap mailing list > >>> [email protected] > >>>https://lists.mozilla.org/listinfo/dev-tech-ldap > > > _______________________________________________ > > dev-tech-ldap mailing list > > [email protected] > >https://lists.mozilla.org/listinfo/dev-tech-ldap
_______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
