http://lxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/examples/ssearch.c#43 http://docs.sun.com/source/816-6704-10/ssl.html#22531 http://docs.sun.com/source/817-6707/ssl.html#wp26071
Markus Moeller wrote: > I know that for an SSL connection to a server I need the following to > control the strength of server certificate control. > > ldapssl_advclientauth_init(cacertdir or cacertfile, NULL , 0 ,NULL, NULL, 0, > NULL, sslstrength); > > with cacertdir / file pointing to cert8.db which contains the CA (usually > /etc/certs ) > and sslstrength LDAPSSL_AUTH_WEAK , LAPSSL_AUTH_CERT, LDAPSSL_AUTH_CNCHECK > > ld = ldapssl_init(server, port, 1) > > > Now if I want client certificate authentication what do I need to add ? > > Do I need to add the key.db AND secmod.db ? Do I need to set needkey AND > needsecmod to 1 ? > > ldapssl_advclientauth_init(cacertdir or cacertfile, NULL , 0 ,NULL, NULL, 0, > NULL, sslstrength); > ld = ldapssl_init(server, port, 1) > > Does the keynickname AND certnickname need to match an entry somewhere ? Can > I user certutil to get the names ? If yes how ? > > ldapssl_enable_clientauth(ld, keynickname, keypasswd, certnickname ); > > Is there anything else I need ? > > Thank you > Markus _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
