[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ignore server cert verification.
- To: "Abdul Basit" <abasit@basit.cc>
- Subject: RE: ignore server cert verification.
- From: "Tay, Gary" <Gary_Tay@platts.com>
- Date: Thu, 3 Mar 2005 10:00:57 +0800
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcUfk8UsXByEJfq6SueraBUkoSgaOQAAIktA
- Thread-topic: ignore server cert verification.
Pls let the list know the version of OpenLDAP, and OS platform, so that
the list folks can further assist you.
TLS support is only available since OL 2.1.X, not 2.0.X
Gary
-----Original Message-----
From: Abdul Basit [mailto:abasit@basit.cc]
Sent: Friday, March 04, 2005 9:56 AM
To: Tay, Gary
Cc: openldap-software@openldap.org
Subject: RE: ignore server cert verification.
Hello,
infact i did that.
int i = ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,"never");
printf("i = %d\n", i);
[abasit@client ldap_ssl_client]$ ./ldap_ssl_client
i = -1
simple bind:: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[abasit@client ldap_ssl_client]$ vi ldap_ssl_client.c
its returning -1 :(...
thanks
basit
On Thu, 3 Mar 2005, Tay, Gary wrote:
> "man -M $MANPATH_FOR_OPENLDAP ldap.conf", read "TLS_REQUEST", I guess
> the LDAP API should have the corresponding one.
>
> Gary
>
> -----Original Message-----
> From: Abdul Basit [mailto:abasit@basit.cc]
> Sent: Friday, March 04, 2005 9:37 AM
> To: Tay, Gary
> Cc: openldap-software@openldap.org
> Subject: RE: ignore server cert verification.
>
>
>
> Right, but is there a way to ignore server CA verification
> in ldap API? by default openssl does not verify it.
> is it LDAP that's bailing out?
>
> thanks
> basit
>
>
> On Thu, 3 Mar 2005, Tay, Gary wrote:
>
>> I think Verisign shld send u an "intermediate trust CA cert" or
>> something like that to help u add it to CA list and then yr test cert
>> can be recognized.
>>
>> -----Original Message-----
>> From: owner-openldap-software@OpenLDAP.org
>> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Abdul
>> Basit
>> Sent: Friday, March 04, 2005 7:25 AM
>> To: openldap-software@OpenLDAP.org
>> Subject: ignore server cert verification.
>>
>>
>>
>> Hello,
>>
>> my slapd is using a test certificate from verisign, and is not
>> available in trusted CA file that the client is using, therefore i am
>> getting this inside my client code.
>>
>> SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>
>> Can anyone please tell me how can i ignore server cert verification?
>>
>> Thanks
>> Basit
>>
>