ldapssl_advclientauth_init()

Syntax

#include <ldap_ssl.h>
int LDAP_CALL ldapssl_advclientauth_init( char *certdbpath, 
   void *certdbhandle, int needkeydb, char *keydbpath, 
   void *keydbhandle, int needsecmoddb, char *secmodpath, 
   const int sslstrength);

Parameters

certdbpath	Path to the database containing certificates for your client. The database must be the cert7.db certificate database used by Netscape Communicator 4.x. Note the following: You can include the database filename in the path (for example, /usr/mozilla/cert7.db). If you specify the path to the directory containing the certificate database (for example, /usr/mozilla), the function assumes that the database file is named cert7.db. If you pass NULL for this parameter, the function looks for the certificate database used by Netscape Communicator (for example, ~/.netscape/cert7.db on UNIX).
certdbhandle	Pass a NULL value for this. (This parameter is not used currently.)
needkeydb	Specifies whether or not the private key database needs to be opened for use. This parameter can have one of the following values: If it is a non-zero value, the function opens the private key database, which is identified by the keydbpath argument. If 0, the function does not open the private key database.
keydbpath	Path to the database containing the private key certified by your certificate. The database must be the key3.db private key database used by Netscape Communicator 4.x. Note the following: You can include the database filename in the path (for example, /usr/mozilla/key3.db). If you specify the path to the directory containing the private key database (for example, /usr/mozilla), the function assumes that the database file is named key3.db. If you pass NULL for this parameter, the function looks for the private key database used by Netscape Communicator (for example, ~/.netscape/key3.db on UNIX).
certdbhandle	Pass a NULL value for this. (This parameter is not used currently.)
needsecmoddb	Specifies whether or not the security module database file needs to be opened for use. This parameter can have one of the following values: If it is a non-zero value, the function opens the security module database, which is identified by the keydbpath argument. If 0, the function does not open the security modules database.
secmodpath	Path to the database containing security modules. The database must be the secmod.db private key database used by Netscape Communicator 4.x. Note the following: You can include the database filename in the path (for example, /usr/mozilla/secmod.db). If you specify the path to the directory containing the security module database (for example, /usr/mozilla), the function assumes that the database file is named secmod.db. If you pass NULL for this parameter, the function looks for the security module database used by Netscape Communicator (for example, ~/.netscape/secmod.db on UNIX).
sslstrength	Specifies how the server certificate is evaluated. You can specify one of the following values: LDAPSSL_AUTH_WEAK indicates that you accept the server's certificate without checking the CA who issued the certificate. LDAPSSL_AUTH_CERT indicates that you accept the server's certificate only if you trust the CA who issued the certificate. LDAPSSL_AUTH_CNCHECK indicates that you accept the server's certificate only if you trust the CA who issued the certificate and if the value of the cn attribute is the DNS hostname of the server.

Returns

• 0 if successful.
• -1 if unsuccessful.

Description

• Specify the name and path of a security module database.
• Specify the method used to verify the server's certificate.

Example

#include <ldap.h>

#include <ldap_ssl.h>

#include <stdio.h>

...

/* Initialize client, using mozilla's certificate database */

if ( ldapssl_advclientauth_init( "/u/mozilla/.netscape/cert7.db", 

   NULL, 1, "/u/mozilla/.netscape/key3.db", NULL , 1, 

   "/u/mozilla/.netscape/secmod.db", LDAPSSL_AUTH_CNCHECK) < 0 ) {

   perror( "ldap_advclientauth_init" );

      return( 1 );

   }

} 

...

See Also

Last Updated: 10/01/98 17:06:23