Hi all, are there examples on how to use STARTLS without requiring that the server's certificate is trusted ? If the crypto api used in the ldap library is OpenSSL, that is easy: - create a new ssl_ctx() with SSL_CTX_new() - set my function as the verify function with SSL_CTX_set_verify() - use the LDAP_OPT_X_TLS_CTX option to point to my new ssl_ctx My problem is: when GnuTLS or NSS crypto libraries are used instead, how do I force the same behavior ? Or, if providing my own function is not possible, how do I force the STARTLS to go on also if it finds non-trusted server/CA certificates ? Thanks, Max -- http://member.acm.org/~openca/ Massimiliano Pala, Ph.D. Director, OpenCA Labs Professor, NYU Poly
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature