Certificate checking on LDAP over SSL connection
Alberto Lopes
plone at alopes.com
Tue Dec 9 20:44:49 CET 2008
Michael,
Here is what I got after the openssl s_client -connect <server>:<port>
-CAfile /path/to/my/CAcert command:
CONNECTED(00000784)
---
Certificate chain
0 s:
i:/DC=srf/CN=AC DN
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIKb11m+wAAAAACNzANBgkqhkiG9w0BAQUFADAzMRMwEQYK
CZImiZPyLGQBGRYDc3JmMRwwGgYDVQQDExNSRkIgRW50ZXJwcmlzZSBDQTAyMB4X
DTA4MTIwODEzNTUzOVoXDTA5MTIwODEzNTUzOVowADCBnzANBgkqhkiG9w0BAQEF
CERTIFICATE VOIDED FOR SECURITY REASONS
4cT9LQqwIZImw43pkJOBb4SpAWgtRFp593ydbecZ3Kp8bGq7nLm5fhTazF0tuH7j
mXj1Y2rkoucgDBDPTDRfIodpbmwiv85KdxVLjYbMwC6UZkJAnbyyZsJMnEV7gvIU
aB8SRTjVy3I2L9qs+PE6VmFEj77s9GJ/uK6sQKe5r9wMhfumB9hhvINdiAZHjDrL
BonD2E6tujKEZFK/Rpy2bB4xACM/Bo2Y9/w8ubsfaREvcA==
-----END CERTIFICATE-----
subject=
issuer=/DC=srf/CN=AC DN
---
Acceptable client certificate CA names
...
LIST OF DNs deleted from screen capture for security reasons
...
---
SSL handshake has read 5964 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
180E00000D77AF6764CDEA8AD607E28BB8EF02028EBFB4F2C2C2CBEA354788FD
Session-ID-ctx:
Master-Key:
51434AA335DE806D5AC923D057A0A2C865B1D4FDCEB0CF6B3C7B148EA3187E0565B7559B10817BF81A93F79B1E34101E
Key-Arg : None
Start Time: 1228851254
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
>From the "subject=" line, one could see that the server certificate is
subjectless.
Do you think that's the reason why I couldnt' connect via python-ldap?
Thanks,
Alberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20081209/3e4a11ed/attachment.html>
More information about the python-ldap
mailing list