https://bugs.openldap.org/show_bug.cgi?id=8753
--- Comment #12 from Michael Ströder <[email protected]> --- (In reply to Ondřej Kuzník from comment #11) > It should be analogous to HTTP Public Key Pinning, that's why it's > working with keys, not certificates. Ah, ok. For python-ldap0 tests I've used for generation the SHA-256 hash: openssl rsa -in tests/tls/localhost.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 But it does not work (with libldap 2.6.1): ldap0.CONNECT_ERROR: {'result': -11, 'desc': b'Connect error', 'ctrls': [], 'info': b'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)'} See the (commented) lines in the test: https://code.stroeder.com/pymod/python-ldap0/src/branch/main/tests/test_ldapobject.py#L1031 Assuming I got this right: https://code.stroeder.com/pymod/python-ldap0/commit/1ec4ad7ada7388835d5df8c8dfe60791debaa8d0 -- You are receiving this mail because: You are on the CC list for the issue.
