[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ignore server cert verification.




Hello,

infact i did that.

   int i = ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,"never");

   printf("i = %d\n", i);

[abasit@client ldap_ssl_client]$ ./ldap_ssl_client
i = -1
simple bind:: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[abasit@client ldap_ssl_client]$ vi ldap_ssl_client.c



its returning -1 :(...

thanks
basit


On Thu, 3 Mar 2005, Tay, Gary wrote:

"man -M $MANPATH_FOR_OPENLDAP ldap.conf", read "TLS_REQUEST", I guess
the LDAP API should have the corresponding one.

Gary

-----Original Message-----
From: Abdul Basit [mailto:abasit@basit.cc]
Sent: Friday, March 04, 2005 9:37 AM
To: Tay, Gary
Cc: openldap-software@openldap.org
Subject: RE: ignore server cert verification.



Right, but is there a way to ignore server CA verification
in ldap API? by default openssl does not verify it.
is it LDAP that's bailing out?

thanks
basit


On Thu, 3 Mar 2005, Tay, Gary wrote:

I think Verisign shld send u an "intermediate trust CA cert" or
something like that to help u add it to CA list and then yr test cert
can be recognized.

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Abdul Basit
Sent: Friday, March 04, 2005 7:25 AM
To: openldap-software@OpenLDAP.org
Subject: ignore server cert verification.



Hello,

 my slapd is using a test certificate from verisign, and is not
available in trusted CA file that the client is using, therefore i am
getting this inside my client code.

SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

 Can anyone please tell me how can i ignore server cert verification?

Thanks
Basit