[Date Prev][Date Next] [Chronological] [Thread] [Top]

Client App and STARTLS auth

Hi all,

are there examples on how to use STARTLS without requiring that the
server's certificate is trusted ?

If the crypto api used in the ldap library is OpenSSL, that is easy:
- create a new ssl_ctx() with SSL_CTX_new()
- set my function as the verify function with SSL_CTX_set_verify()
- use the LDAP_OPT_X_TLS_CTX option to point to my new ssl_ctx

My problem is: when GnuTLS or NSS crypto libraries are used instead,
how do I force the same behavior ? Or, if providing my own function
is not possible, how do I force the STARTLS to go on also if it finds
non-trusted server/CA certificates ?




Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature