support for wildcard certficates
Michael Ströder
michael at stroeder.com
Thu Jul 3 12:28:02 CEST 2008
Rahul Amaram wrote:
> I have set up a ldap server with a wildcard certificate. Upon trying to
> establish a TLS connection using python ldap, I get the error "TLS:
> hostname does not match CN in peer certificate". This works fine if I
> use a certificate with the exact domain name. Is this a bug? Are there
> any known solutions to this? Looking forward to a response.
Well, personally I'd recommend not to use wildcard certs at all
=> I never tested anything like this.
python-ldap simply relies on OpenLDAP libs which in turn rely on
OpenSSL. Hmm, so this should be probably raised on the openldap-software
mailing list.
> P.S: "ldapwhoami" command establishes a TLS connection properly even
> when using a wild-card certificate. So I am assuming it might be a
> problem with python-ldap library.
You might wanna dive into the source of ldapwhoami and look up which
options they set. BTW: Are you sure that your local python-ldap
installation uses the same OpenLDAP client libs like the ldapwhoami
command-line tool?
Ciao, Michael.
More information about the python-ldap
mailing list