Hi again, > Why should it be broken?
It's deliberately broken to test the program, and thanks to your reply
I've been able to catch this exception:
CONNECT_ERROR: {'info': 'TLS: hostname does not match CN in peer
certificate', 'desc': 'Connect error'}
What I've so far *not* been able to provoke is an error because of an
expired certificate. Is there some way to do this?
> If the cert or hostname validation fails ldap.SERVER_DOWN is raised.
ehm.. I caught a CONNECT_ERROR (see above)... ?
> Well, there's a reason why in Demo/initialize.py the TLS-related
options are
> set globally. Only in recent versions of OpenLDAP you can set these
options
> per connection.
Thanks, didn't know this. The thing is that I want to verify some
certificates and accept others no matter what, but I've been (what seems
to be) successfully to toggle this with ldap.OPT_X_TLS_NEVER and
ldap.OPT_X_TLS_DEMAND respectively.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
