Fredrik Melander wrote: > I've given my LDAP server an expired cert for testing, but when calling > start_tls_s() the script just proceeds as were nothing wrong.
Hmm, there's nothing you can do at the python-ldap level. AFAIK cert validation is completely done within the OpenSSL libs, except the host name checking. Could you please test with OpenLDAP's command-line tool ldapsearch. This is important: Please use the tool which uses the very same libldap also used for python-ldap. If ldapsearch fails this would be something to raise on the openldap-software mailing list together with information about your build of libldap and the SSL/TLS libs used. Note that libldap could be build with GnuTLS or today even with Mozilla's libnss. Ciao, Michael. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
