Yes that is what I was looking for. I was using Opensolaris/Solaris 10 which use the C SDK doesn't it (although I couldn't find the start_tls call )?
I had initially a call rc = ldapssl_client_init( ssl_certdbpath, NULL ); which seems to be the same as rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 2); Now I use rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 0); which seems to do what I wanted. BTW do you know if this setting can be stored in a default configuration file on Solaris (like ldap.conf) so that nss_ldap or ldapclient can use it ? Thank you Markus "Anton Bobrov" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > actually it should work. we have these levels of cert checking currently > http://lxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/include/ldap_ssl.h#47 > and LDAPSSL_AUTH_CERT is default level. which version are you using and > what kinda error/s you are getting ? > > Markus Moeller wrote: >> I am using the C SDK to do ldap connections with SSL protection. Does >> the C SDK have an option to allow hostname mismatches ? I have the right >> certs in ther cert.db, but in some situations I don't connect with the >> fqdn but with an alias or cname which means my SSL connection is not >> working . Openldap has a possibility to set in ldap.conf "tls_reqcert >> allow" does a similar setting exist for the C SDK ? >> >> Thank you >> Markus >> >> >> _______________________________________________ >> dev-tech-ldap mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-tech-ldap _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
