[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Info message for LDAP_SERVER_DOWN in case of SSL/TLS failure (ITS#1995)

To: openldap-its@OpenLDAP.org
Subject: Re: Info message for LDAP_SERVER_DOWN in case of SSL/TLS failure (ITS#1995)
From: michael@stroeder.com
Date: Mon, 5 Aug 2002 12:35:02 GMT

Howard Chu wrote:
> The library already copies the SSL error string into the LDAP handle when an SSL
> connection attempt fails.

I can see the info message if certificate verification fails 
(turned into a Python exception instance in this example):

ldap.CONNECT_ERROR: {'info': 'error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 
'desc': 'Connect error'}

But is that also true if the certificate and host name comparison 
failed which is a very common error? The following example is from 
the OpenLDAP debug log:

TLS: hostname (abcdef.domain.my) does not match common name in 
certificate (localhost).

In this case the info field seems to be empty:

ldap.CONNECT_ERROR: {'info': '', 'desc': 'Connect error'}

Ciao, Michael.

Prev by Date: Patch: ACL #access-id#<invalid-DN> granted access to everyone (ITS#2006)
Next by Date: RE: access violation in slapd (userCerficate search) (ITS#2004)
Index(es):
- Chronological
- Thread