[python-ldap] python ldap windows OPT_X_TLS_CACERTFILE not working
Daniel Watrous
dwmaillist at gmail.com
Thu Mar 17 16:11:33 EDT 2016
It's a path to a windows file.
[Dbg]>>> print pathtocacertfile
C:\Users\me\Documents\GitHub\automation\ephemeralca-cacert.crt
The exact same file works as expected on Linux, so the cert file is valid.
>>> import ldap
>>> ldap.__version__
'2.4.25'
Python 2.7.9 (default, Dec 10 2014, 12:28:03) [MSC v.1500 64 bit (AMD64)]
on win32.
On Thu, Mar 17, 2016 at 2:48 PM, Michael Ströder <michael at stroeder.com>
wrote:
> Daniel Watrous wrote:
> > I am able to make a connection to my LDAPS server with my own certificate
> > setting the following option on Linux
> > ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, CACERTFILE)
>
> Good.
>
> > However, on Windows the same approach fails with
> > SERVER_DOWN: {'info': 'error:14090086:SSL
> > routines:ssl3_get_server_certificate:certificate verify failed (unable to
> > get issuer certificate)', 'desc': "Can't contact LDAP server"}
> >
> > It seems that either python-ldap can't follow the Windows based path to
> the
> > certificate OR python-ldap has a hard dependency on a Linux library that
> > isn't available on Windows.
>
> The good news is that the 'info' message is actually generated by the
> OpenSSL
> libs. AFAIK Waldemar compiles OpenSSL into his python-ldap builds for
> Windows.
>
> OpenSSL simply cannot find the CA cert needed to validate the LDAP server
> cert.
>
> > Any help getting this working on Windows is appreciated. Here's a larger
> > snippet from my script
> >
> > try:
> > ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, pathtocacertfile)
>
> What's the content of var pathtocacertfile?
> Does it contain a Windows path name?
> Does the referenced file really contain the CA cert?
>
> Ciao, Michael.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20160317/52d7ac91/attachment-0001.html>
More information about the python-ldap
mailing list