[Mono-list] Novell.Directory.Ldap Custom SSL Handler Patch

Sebastien Pouliot sebastien.pouliot at gmail.com
Sat Sep 3 12:01:21 EDT 2005 

Hello Loren,

On Sat, 2005-03-09 at 09:28 -0400, Loren Bandiera wrote:
...
> So I've taken matters into my own hands and I've written a patch (see
> attached) that allows you to set a custom CertificateValidationCallback
> in LdapConnection.
> 
> If you don't set an SSL handler then it defaults to the current
> behaviour.

This is, IMHO, the right thing to do. I.e. (a) let the application deal
with the situation itself if it wants to, or (b) provide a secure
default in the library. So your patch is ok from a behaviour point of
view.

> Any chance of getting this included in Mono 1.1.9?

Sadly your change _could_ cause problem if someone installs Mono and
then updates Novell.Directory.Ldap from the forge site (as it will loose
the new callback). This would break your (and possible other)
application fails.

Now there were some changes committed (IIRC mainly from Boris) to fix
some problems in Novell.Directory.Ldap. However I don't know if the
changes affected binary compatibility (or not) - so this may not be a
"new" issue.

Anyway there are solution to this problem (like changing version
numbers, strongnames...) but that may be a little too late to change for
1.1.9.

On a positive note there were recent discussions on the list about
maintaining the Novell.Directory.Ldap assembly - maybe things will get
better soon...

> Sample usage:
> 
> public static bool mySSLHandler (X509Certificate certificate, int[]
> certificateErrors)
> {
> 	// Don't stop the ssl connection for any reason
> 	return true;
> }
> 
> try
> {
> 	LdapConnection conn = new LdapConnection();
> 	conn.SecureSocketLayer = true;
> 	conn.SSLHandler = new CertificateValidationCallback (mySSLHandler);
> 	conn.Connect (ldapHost, ldapPort);
> 	conn.Bind (ldapUser, ldapPass);
> 	Console.WriteLine(" SSL Bind Successfull");
> 	conn.Disconnect();
> }
> catch (Exception e)
> {
> 	Console.WriteLine (e.Message);
> }
> 
> [1] -
> http://forge.novell.com/modules/xfmod/tracker/index.php?func=detail&aid=1233&group_id=1318&atid=1362

-- 
Sebastien Pouliot
email: sebastien at ximian.com
blog: http://pages.infinit.net/ctech/

More information about the Mono-list mailing list