Re: Certificate checking on LDAP over SSL connection

[Alberto L. <pl...@al...>]

Michael,

Here is what I got after the openssl s_client -connect <server>:<port>
-CAfile /path/to/my/CAcert command:


CONNECTED(00000784)
---
Certificate chain
 0 s:
   i:/DC=srf/CN=AC DN
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIKb11m+wAAAAACNzANBgkqhkiG9w0BAQUFADAzMRMwEQYK
CZImiZPyLGQBGRYDc3JmMRwwGgYDVQQDExNSRkIgRW50ZXJwcmlzZSBDQTAyMB4X
DTA4MTIwODEzNTUzOVoXDTA5MTIwODEzNTUzOVowADCBnzANBgkqhkiG9w0BAQEF

CERTIFICATE VOIDED FOR SECURITY REASONS

4cT9LQqwIZImw43pkJOBb4SpAWgtRFp593ydbecZ3Kp8bGq7nLm5fhTazF0tuH7j
mXj1Y2rkoucgDBDPTDRfIodpbmwiv85KdxVLjYbMwC6UZkJAnbyyZsJMnEV7gvIU
aB8SRTjVy3I2L9qs+PE6VmFEj77s9GJ/uK6sQKe5r9wMhfumB9hhvINdiAZHjDrL
BonD2E6tujKEZFK/Rpy2bB4xACM/Bo2Y9/w8ubsfaREvcA==
-----END CERTIFICATE-----
subject=
issuer=/DC=srf/CN=AC DN
---
Acceptable client certificate CA names
...
LIST OF DNs deleted from screen capture for security reasons
...
---
SSL handshake has read 5964 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID:
180E00000D77AF6764CDEA8AD607E28BB8EF02028EBFB4F2C2C2CBEA354788FD
    Session-ID-ctx:
    Master-Key:
51434AA335DE806D5AC923D057A0A2C865B1D4FDCEB0CF6B3C7B148EA3187E0565B7559B10817BF81A93F79B1E34101E
    Key-Arg   : None
    Start Time: 1228851254
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

>From the "subject=" line, one could see that the server certificate is
subjectless.

Do you think that's the reason why I couldnt' connect via python-ldap?

Thanks,

Alberto