Menu
▾
▴
Re: Expired server certificate
|
From: Michael S. <mi...@st...> - 2009-08-11 11:05:18
|
Fredrik Melander wrote: > I've given my LDAP server an expired cert for testing, but when calling > start_tls_s() the script just proceeds as were nothing wrong. Hmm, there's nothing you can do at the python-ldap level. AFAIK cert validation is completely done within the OpenSSL libs, except the host name checking. Could you please test with OpenLDAP's command-line tool ldapsearch. This is important: Please use the tool which uses the very same libldap also used for python-ldap. If ldapsearch fails this would be something to raise on the openldap-software mailing list together with information about your build of libldap and the SSL/TLS libs used. Note that libldap could be build with GnuTLS or today even with Mozilla's libnss. Ciao, Michael. |
