How to verify server certificate
Michael Ströder
michael at stroeder.com
Tue Aug 4 16:50:48 CEST 2009
Fredrik Melander wrote:
> Short question: when negotiating TLS with the LDAP server with
> start_tls_s(), can I use python-ldap to follow the certificate chain and
> verify the server certificate? If so, how?
The OpenLDAP libs are doing that for you (with the help of an underlying lib
like OpenSSL, GnuTLS or NSS). Same for CRL checking available in recent
versions of OpenLDAP libs.
For the most common case with OpenLDAP C libs linked to OpenSSL libs see
script Demo/initialize.py:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem')
Ciao, Michael.
More information about the python-ldap
mailing list