[Mono-list] Novell.Directory.Ldap Custom SSL Handler Patch
Loren Bandiera
lorenb at mmgsecurity.com
Sat Sep 3 09:28:43 EDT 2005
I've been writing an LDAP Administration Tool called LAT. The
Novell.Directory.Ldap library works for most of my needs but SSL has
been a problem for me.
The default behaviour for SSL support in Novell.Directory.Ldap is that
if you haven't previously imported the server's certificate using
certmgr.exe the connection fails.
Popping up a dialog to ask the user to exit the program, open a terminal
and run certmgr.exe is not an acceptable solution to me.
My current workaround was to distribute my own custom version of
Novell.Directory.Ldap.dll with my software. That works but it's far from
an ideal situation.
I've tried to bring this to the attention of the Novell.Directory.Ldap
developers[1] but that didn't really go anywhere.
So I've taken matters into my own hands and I've written a patch (see
attached) that allows you to set a custom CertificateValidationCallback
in LdapConnection.
If you don't set an SSL handler then it defaults to the current
behaviour.
Any chance of getting this included in Mono 1.1.9?
Sample usage:
public static bool mySSLHandler (X509Certificate certificate, int[]
certificateErrors)
{
// Don't stop the ssl connection for any reason
return true;
}
try
{
LdapConnection conn = new LdapConnection();
conn.SecureSocketLayer = true;
conn.SSLHandler = new CertificateValidationCallback (mySSLHandler);
conn.Connect (ldapHost, ldapPort);
conn.Bind (ldapUser, ldapPass);
Console.WriteLine(" SSL Bind Successfull");
conn.Disconnect();
}
catch (Exception e)
{
Console.WriteLine (e.Message);
}
[1] -
http://forge.novell.com/modules/xfmod/tracker/index.php?func=detail&aid=1233&group_id=1318&atid=1362
--
Loren Bandiera <lorenb at mmgsecurity.com>
MMG Security, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mono-Novell.Directory.Ldap-custom-SSL-handler.patch
Type: text/x-patch
Size: 2896 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-list/attachments/20050903/2a17e55f/mono-Novell.Directory.Ldap-custom-SSL-handler.bin
More information about the Mono-list
mailing list