Menu
▾
▴
Re: support for wildcard certficates
|
From: Michael S. <mi...@st...> - 2008-07-03 10:29:44
|
Rahul Amaram wrote: > I have set up a ldap server with a wildcard certificate. Upon trying to > establish a TLS connection using python ldap, I get the error "TLS: > hostname does not match CN in peer certificate". This works fine if I > use a certificate with the exact domain name. Is this a bug? Are there > any known solutions to this? Looking forward to a response. Well, personally I'd recommend not to use wildcard certs at all => I never tested anything like this. python-ldap simply relies on OpenLDAP libs which in turn rely on OpenSSL. Hmm, so this should be probably raised on the openldap-software mailing list. > P.S: "ldapwhoami" command establishes a TLS connection properly even > when using a wild-card certificate. So I am assuming it might be a > problem with python-ldap library. You might wanna dive into the source of ldapwhoami and look up which options they set. BTW: Are you sure that your local python-ldap installation uses the same OpenLDAP client libs like the ldapwhoami command-line tool? Ciao, Michael. |
