How to perform SSL certificate validation ?

["Nagareshwar Talekar" <tnagareshwar () gmail com>]

Hi List,

I am working on implementation of LDAP client where in there is requirement
to validate the server's ssl certificate. This is similar to what
browser  does in case of ssl enabled website. After reading few
articles over net  I came to know that following checks needs to be
done for verfication of ssl certificate.

      1) Check if certificate is not expired.
      2) Common name on the certificate matches the DNS name of the server.
      3) Checks if the CA is trused.

 I don't know how to perform the check for 3rd step. How can we ensure
 that CA is trusted? One of my colleague told that I have to store all trusted
 root certificates and then compare incoming certificate with existing ones..

 Is there any better way to check this ...?

 Also I was told that certificate validation is done to prevent the
SSL-MITM attack
 Is this the only reason or is there any other reason for which the
SSL certificate
 validation is done ?

It will be great if you can throw some light in this matter. Any
links to relevant
websites will do as well.

Thanks

--
With Regards
Nagareshwar

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using 
manual processes, or by using automated systems and tools. Watchfire's 
"Web Application Security: Automated Scanning or Manual Penetration 
Testing?" whitepaper examines a few vulnerability detection methods - 
specifically comparing and contrasting manual penetration testing with 
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------