Who is using python-ldap with Python 1.5.x and 2.0-2.2?
Michael Ströder
michael at stroeder.com
Tue Jun 17 00:09:50 CEST 2008
Ryan Lovett wrote:
> I'm sure the gnutls folks would welcome your bug reports about its security
> and stability.
Howard Chu did an analysis and discussed that with gnutls developers
since OpenLDAP users reported crashes when using LDAP with SSL. I'm not
feeling comfortable with what he found out:
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
More related postings:
http://www.openldap.org/lists/openldap-devel/200802/msg00100.html
Well, assuming a single-valued subjectAltName extension is simply naive.
I'm aware of Debian's licensing paranoia regarding OpenSSL. But
deploying a X.509 lib which is not capable of handling widely used
X.509v3 extensions safely is not a solution either.
I'm not a C programmer. But I wrote a X.509 cert parser in Python myself
running it through a collection of several hundred weird formatted
certs when testing. So I know what you have to expect when doing this.
Ciao, Michael.
More information about the python-ldap
mailing list