Fredrik Melander wrote: > Short question: when negotiating TLS with the LDAP server with > start_tls_s(), can I use python-ldap to follow the certificate chain and > verify the server certificate? If so, how?
The OpenLDAP libs are doing that for you (with the help of an underlying lib like OpenSSL, GnuTLS or NSS). Same for CRL checking available in recent versions of OpenLDAP libs. For the most common case with OpenLDAP C libs linked to OpenSSL libs see script Demo/initialize.py: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem') Ciao, Michael. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
