How to verify server certificate
melander at dfn-cert.de
Tue Aug 4 18:20:49 CEST 2009
Michael Ströder schrieb:
> Fredrik Melander wrote:
>> Short question: when negotiating TLS with the LDAP server with
>> start_tls_s(), can I use python-ldap to follow the certificate chain and
>> verify the server certificate? If so, how?
> The OpenLDAP libs are doing that for you (with the help of an underlying lib
> like OpenSSL, GnuTLS or NSS). Same for CRL checking available in recent
> versions of OpenLDAP libs.
> For the most common case with OpenLDAP C libs linked to OpenSSL libs see
> script Demo/initialize.py:
> Ciao, Michael.
Thanks for the very fast reply!
I've been playing around with a certificate that should be broken
without having my script complain the least. I would have expected
python-ldap to throw an exception or similar but for the time being it
seems to be pretending that everything's alright.
Here's my connect-method in the class that's using ldap:
def get_connection(self, connection_string):
"Connect to ldap and return the handle"
conn = ldap.initialize(connection_string)
conn.protocol_version = ldap.VERSION3
What is it that I'm misunderstanding here?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5927 bytes
Desc: S/MIME Cryptographic Signature
More information about the python-ldap