- Debug( LDAP_DEBUG_ANY,
- "TLS: error: the certificate %s is not valid - error %d:%s\n",
- certname, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+
+ if ( errcode == SEC_ERROR_UNTRUSTED_ISSUER ) {
+ CERTCertificate *issuer = CERT_FindCertIssuer( cert, PR_Now(), certUsageSSLServer );
+ if ( NULL == issuer ) {
+ /* no issuer - fail */
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: the server certificate %s has no issuer - "
+ "please check this certificate for validity\n",
+ certname, 0, 0 );
+ } else if ( CERT_CompareCerts( cert, issuer ) ) {
+ /* self signed - warn and allow */
+ status = SECSuccess;
+ rc = 0;
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: warning: using self-signed server certificate %s\n",
+ certname, 0, 0 );
+ }
+ CERT_DestroyCertificate( issuer );
+ }
+
+ if ( status != SECSuccess ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: the certificate %s is not valid - error %d:%s\n",
+ certname, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ }