RE: ignore server cert verification.

[Abdul Basit <abasit@basit.cc>]

Hello,

infact i did that.

   int i = ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,"never");

   printf("i = %d\n", i);

[abasit@client ldap_ssl_client]$ ./ldap_ssl_client
i = -1
simple bind:: Can't contact LDAP server (-1)
        additional info: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[abasit@client ldap_ssl_client]$ vi ldap_ssl_client.c


its returning -1 :(...

thanks
basit


On Thu, 3 Mar 2005, Tay, Gary wrote:

> "man -M $MANPATH_FOR_OPENLDAP ldap.conf", read "TLS_REQUEST", I guess
> the LDAP API should have the corresponding one.
>
> Gary
>
> -----Original Message-----
> From: Abdul Basit [mailto:abasit@basit.cc]
> Sent: Friday, March 04, 2005 9:37 AM
> To: Tay, Gary
> Cc: openldap-software@openldap.org
> Subject: RE: ignore server cert verification.
>
>
>
> Right, but is there a way to ignore server CA verification
> in ldap API? by default openssl does not verify it.
> is it LDAP that's bailing out?
>
> thanks
> basit
>
>
> On Thu, 3 Mar 2005, Tay, Gary wrote:
>
> > I think Verisign shld send u an "intermediate trust CA cert" or
> > something like that to help u add it to CA list and then yr test cert
> > can be recognized.
> >
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Abdul Basit
> > Sent: Friday, March 04, 2005 7:25 AM
> > To: openldap-software@OpenLDAP.org
> > Subject: ignore server cert verification.
> >
> >
> >
> > Hello,
> >
> >  my slapd is using a test certificate from verisign, and is not
> > available in trusted CA file that the client is using, therefore i am
> > getting this inside my client code.
> >
> > SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >
> >  Can anyone please tell me how can i ignore server cert verification?
> >
> > Thanks
> > Basit