> > Not exactly ;-) For historical reasons (i.e. my previous employer) the > security tools were created with a BSD license. But that's not a problem > for > your GPL application.
Noted :) > > Note: This has been discuted in the past but I don't know if the feature > made it into a release of the LDAP library. > > The SSL client code allows what you want to do (e.g. accepting any > certificate) so it is possible to accept it (if the user click yes) and > add > it to the store (like you're doing). Because this is accepted by your own > code you don't need to restart your application. The "tlstest" tool shows > how to do this: > http://svn.myrealbox.com/source/trunk/mcs/class/Mono.Security/Test/tools/tls > test/tlstest.cs > > The problem is (or was ?) that the LDAP library doesn't expose the > SslClientStream instance nor does it (or didn't) provide a similar > functionality to accept a certificate. If this is still the case then you > should contact the LDAP developers. They have a mailing list available on > Novell Forge. That's cool, it's the exact behaviour I'm looking for. I'll take a look at the tlstest code and see if it works with the LDAP libraries. If not, maybe I can write a patch for the LDAP developers. > > So now the suggestion... You should consider to take the FireFox approach: > * Yes (always) -> which imports the certificate > * Yes (this time only) -> only accept the certificate for this session > * No -> cancel the connection (that should be the > default) > That's a really good idea, I'll definately use that approach. Thanks for the information/advice! -- Loren Bandiera, CISSP <[EMAIL PROTECTED]> MMG Security, Inc. _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
