Just keep update for this post. Except the SSLVerifyDepth, the other two issues can be solved by modified the ldap lib code a little bit.
On Apr 14, 11:56 am, huican <[email protected]> wrote: > Thanks. Anton, > > Do you have more detailed suggestions, especially for 1:). > > For: > 1:) And I am trying to let my ldap client (using c-sdk) to > accept some > > > authentication cases, such as: > > =========== > > Certificate Has Expired. > > Allow Self Signed > > Certificate Not Yet Valid > > ... > > Can the c-sdk allow me to override them? > > I still do know how. > > For > 2:) Also can NSS allow me to specify SSLVerifyDepth when > > > authentication the Cert from ldap server? > > Probably NSS doesn't do that, so there is no way to achieve it. > > For 3:) How can I specify the Cipher Suites I want to use for the ssl > > > connection? > > I noticed that I can crack the lib API, such as: > ldapssl_advclientauth_init to SSL_CipherPrefSetDefault to do that. > So it is not a problem anymore. > > Thanks > > On Apr 14, 3:59 am, Anton Bobrov <[email protected]> wrote: > > > yes, you gonna have to address that via NSS SSL API. > > > On 14/04/2010 04:16, huican wrote: > > > > Hello Anton, > > > > Do you have any suggestions here? Is there any easy way to crack on > > > the csdk level? or I have to crack it on the NSS lib, and how? > > > I am using the ldap csdk 6.0.4.1. > > > > Thanks > > > > On Apr 12, 4:02 pm, huican<[email protected]> wrote: > > >> Hello, > > > >> I read through the doc about the c-sdk about the "connection over > > >> ssl". It is not very detailed, and now I have some questions. > > > >> 1:) And I am trying to let my ldap client (using c-sdk) to accept some > > >> authentication cases, such as: > > >> =========== > > >> Certificate Has Expired. > > >> Allow Self Signed > > >> Certificate Not Yet Valid > > >> ... > > >> Can the c-sdk allow me to override them? > > > >> 2:) Also can NSS allow me to specify SSLVerifyDepth when > > >> authentication the Cert from ldap server? > > > >> 3:) How can I specify the Cipher Suites I want to use for the ssl > > >> connection? > > > >> Thanks > > >> Huican Ping > > > > _______________________________________________ > > > dev-tech-ldap mailing list > > > [email protected] > > >https://lists.mozilla.org/listinfo/dev-tech-ldap _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
