[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ignore server cert verification.




Oh i got it.

it should actually be

int i = LDAP_OPT_X_TLS_NEVER;

ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&i);

it seems to be working now.

thanks Gary,

Basit


On Thu, 3 Mar 2005, Tay, Gary wrote:

Pls let the list know the version of OpenLDAP, and OS platform, so that
the list folks can further assist you.

TLS support is only available since OL 2.1.X, not 2.0.X

Gary

-----Original Message-----
From: Abdul Basit [mailto:abasit@basit.cc]
Sent: Friday, March 04, 2005 9:56 AM
To: Tay, Gary
Cc: openldap-software@openldap.org
Subject: RE: ignore server cert verification.



Hello,

infact i did that.

   int i = ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,"never");

   printf("i = %d\n", i);

[abasit@client ldap_ssl_client]$ ./ldap_ssl_client
i = -1
simple bind:: Can't contact LDAP server (-1)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[abasit@client ldap_ssl_client]$ vi ldap_ssl_client.c


its returning -1 :(...

thanks
basit


On Thu, 3 Mar 2005, Tay, Gary wrote:

"man -M $MANPATH_FOR_OPENLDAP ldap.conf", read "TLS_REQUEST", I guess
the LDAP API should have the corresponding one.

Gary

-----Original Message-----
From: Abdul Basit [mailto:abasit@basit.cc]
Sent: Friday, March 04, 2005 9:37 AM
To: Tay, Gary
Cc: openldap-software@openldap.org
Subject: RE: ignore server cert verification.



Right, but is there a way to ignore server CA verification
in ldap API? by default openssl does not verify it.
is it LDAP that's bailing out?

thanks
basit


On Thu, 3 Mar 2005, Tay, Gary wrote:

I think Verisign shld send u an "intermediate trust CA cert" or
something like that to help u add it to CA list and then yr test cert

can be recognized.

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Abdul
Basit
Sent: Friday, March 04, 2005 7:25 AM
To: openldap-software@OpenLDAP.org
Subject: ignore server cert verification.



Hello,

 my slapd is using a test certificate from verisign, and is not
available in trusted CA file that the client is using, therefore i am

getting this inside my client code.

SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

 Can anyone please tell me how can i ignore server cert verification?

Thanks
Basit