Self-signed certificates are not accepted

nginxinc / nginx-ldap-auth

Example of LDAP authentication using ngx_http_auth_request_module

BSD 2-Clause "Simplified" License

686 stars 202 forks source link

Self-signed certificates are not accepted #27

Closed AndreaGiardini closed 6 years ago

AndreaGiardini commented 6 years ago

By default the ldap library does not accept self-signed certificates

To let the library accept and verify even self-signed certificate you need to set the following option: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)

Maybe worth creating an option?

geor-g commented 6 years ago

See #25 for an implementation.

garethhumphriesmoh commented 6 years ago

I fixed this on my fork - https://github.com/nginxinc/nginx-ldap-auth/pull/38/commits/5d6e8e4f9312f0922b76f1f23deec0376c68c3fd

Perhaps I should split it out into two commits, so people can cherry-pick just the verifyCA bit?

vl-homutov commented 6 years ago

It is trivial to set manually for testing purposes, and is not needed when used in production.