Expired server certificate
michael at stroeder.com
Tue Aug 11 13:05:00 CEST 2009
Fredrik Melander wrote:
> I've given my LDAP server an expired cert for testing, but when calling
> start_tls_s() the script just proceeds as were nothing wrong.
Hmm, there's nothing you can do at the python-ldap level. AFAIK cert
validation is completely done within the OpenSSL libs, except the host name
Could you please test with OpenLDAP's command-line tool ldapsearch. This is
important: Please use the tool which uses the very same libldap also used for
If ldapsearch fails this would be something to raise on the openldap-software
mailing list together with information about your build of libldap and the
SSL/TLS libs used. Note that libldap could be build with GnuTLS or today even
with Mozilla's libnss.
More information about the python-ldap