[Mono-list] Certificate Store / LDAP
Loren Bandiera
lorenb at mmgsecurity.com
Wed Jun 1 10:19:40 EDT 2005
>
> Not exactly ;-) For historical reasons (i.e. my previous employer) the
> security tools were created with a BSD license. But that's not a problem
> for
> your GPL application.
Noted :)
>
> Note: This has been discuted in the past but I don't know if the feature
> made it into a release of the LDAP library.
>
> The SSL client code allows what you want to do (e.g. accepting any
> certificate) so it is possible to accept it (if the user click yes) and
> add
> it to the store (like you're doing). Because this is accepted by your own
> code you don't need to restart your application. The "tlstest" tool shows
> how to do this:
> http://svn.myrealbox.com/source/trunk/mcs/class/Mono.Security/Test/tools/tls
> test/tlstest.cs
>
> The problem is (or was ?) that the LDAP library doesn't expose the
> SslClientStream instance nor does it (or didn't) provide a similar
> functionality to accept a certificate. If this is still the case then you
> should contact the LDAP developers. They have a mailing list available on
> Novell Forge.
That's cool, it's the exact behaviour I'm looking for. I'll take a look at
the tlstest code and see if it works with the LDAP libraries. If not,
maybe I can write a patch for the LDAP developers.
>
> So now the suggestion... You should consider to take the FireFox approach:
> * Yes (always) -> which imports the certificate
> * Yes (this time only) -> only accept the certificate for this session
> * No -> cancel the connection (that should be the default)
>
That's a really good idea, I'll definately use that approach. Thanks for
the information/advice!
--
Loren Bandiera, CISSP <lorenb at mmgsecurity.com>
MMG Security, Inc.
More information about the Mono-list
mailing list