Re: Certificate checking on LDAP over SSL connection

Tue, 09 Dec 2008 11:45:28 -0800 

Michael,

Here is what I got after the openssl s_client -connect <server>:<port>
-CAfile /path/to/my/CAcert command:


CONNECTED(00000784)
---
Certificate chain
 0 s:
   i:/DC=srf/CN=AC DN
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIKb11m+wAAAAACNzANBgkqhkiG9w0BAQUFADAzMRMwEQYK
CZImiZPyLGQBGRYDc3JmMRwwGgYDVQQDExNSRkIgRW50ZXJwcmlzZSBDQTAyMB4X
DTA4MTIwODEzNTUzOVoXDTA5MTIwODEzNTUzOVowADCBnzANBgkqhkiG9w0BAQEF

CERTIFICATE VOIDED FOR SECURITY REASONS

4cT9LQqwIZImw43pkJOBb4SpAWgtRFp593ydbecZ3Kp8bGq7nLm5fhTazF0tuH7j
mXj1Y2rkoucgDBDPTDRfIodpbmwiv85KdxVLjYbMwC6UZkJAnbyyZsJMnEV7gvIU
aB8SRTjVy3I2L9qs+PE6VmFEj77s9GJ/uK6sQKe5r9wMhfumB9hhvINdiAZHjDrL
BonD2E6tujKEZFK/Rpy2bB4xACM/Bo2Y9/w8ubsfaREvcA==
-----END CERTIFICATE-----
subject=
issuer=/DC=srf/CN=AC DN
---
Acceptable client certificate CA names
...
LIST OF DNs deleted from screen capture for security reasons
...
---
SSL handshake has read 5964 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID:
180E00000D77AF6764CDEA8AD607E28BB8EF02028EBFB4F2C2C2CBEA354788FD
    Session-ID-ctx:
    Master-Key:
51434AA335DE806D5AC923D057A0A2C865B1D4FDCEB0CF6B3C7B148EA3187E0565B7559B10817BF81A93F79B1E34101E
    Key-Arg   : None
    Start Time: 1228851254
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

>From the "subject=" line, one could see that the server certificate is
subjectless.

Do you think that's the reason why I couldnt' connect via python-ldap?

Thanks,

Alberto

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev

Reply via email to