On 8/11/05 8:16, Eric Nichols <[EMAIL PROTECTED]> wrote: > I am using Net::LDAPS to connect to a server (no problems). How can I get the > actual x.509 server certificate that is being used for the connection? I > found a lib called Crypt::X509 which can decode the certificate.
If you call $ldap->certificate(), you get an X509_Certificate object which is documented in IO::Socket::SSL. (Or was when I wrote the LDAPS code :-) > My goal is to halt the program if the server certificate is expired. > Many thanks I'd have hoped that OpenSSL's standard certificate verification would notice an expired cert! Cheers, Chris
