Patrick wrote:
>Hello,
>
>With my JSS-enabled apps I wish to potentially ignore errors such as
>the "CRL Expired" error, on both client AND server sides. The
>SSLCertificationApprovalCallback interface gives me a way to do that.
>However it exits only for SSLSocket but not for SSLServerSocket!!! (I'm
>assuming a SSLServerSocket checks an incoming client cert against the
>CRLs in its cert DB, need to verify this)
>
On NSS there's an SSL callback called to deal with errors in the server
certificate parsing. You set the callback with the SSL_BadCertHook()
call. Documentation for this can be found at
http://www.mozilla.org/projects/security/pki/nss/ref/ssl . You have to
register the callback on *BOTH* sides. I don't know if the interface is
surfaced for JSS.
bob
>
>
>-- Patrick
>
>
