On Thu, Oct 8, 2009 at 4:12 PM, Nelson B Bolyard <nel...@bolyard.me> wrote: > > Have you read through the documentation on libSSL? > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/index.html > > The determination that a certificate is or is not acceptable is the > responsibility of the application that uses libSSL. The application > registers a callback function that libSSL calls, when it receives the > peer's certificate, to ask "is this certificate acceptable for the peer > with whom you're trying to communicate?". This is explained in > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1089578 > > NSS supplies a function that an application may elect to use for this > purpose, rather than writing its own. That function is SSL_AuthCertificate, > documented in the libSSL function reference at > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1088888 > > There is a way to mark any peer certificate as trusted, all by itself, > without any regard to who issued it. That is done by importing the > certificate into the cert DB and setting the "trusted peer" flag on the > certificate. That' probably your simplest bet.
Is it possible to negotiate SSL/TLS without any certificates at all? I believe that was the OP's question. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
