[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Info message for LDAP_SERVER_DOWN in case of SSL/TLS failure (ITS#1995)
The CVS HEAD has been patched to provide an error message in the latter case.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of
> michael@stroeder.com
> Sent: Monday, August 05, 2002 5:35 AM
> To: openldap-its@OpenLDAP.org
> Subject: Re: Info message for LDAP_SERVER_DOWN in case of SSL/TLS
> failure (ITS#1995)
>
>
> Howard Chu wrote:
> > The library already copies the SSL error string into the LDAP
> handle when an SSL
> > connection attempt fails.
>
> I can see the info message if certificate verification fails
> (turned into a Python exception instance in this example):
>
> ldap.CONNECT_ERROR: {'info': 'error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed',
> 'desc': 'Connect error'}
>
> But is that also true if the certificate and host name comparison
> failed which is a very common error? The following example is from
> the OpenLDAP debug log:
>
> TLS: hostname (abcdef.domain.my) does not match common name in
> certificate (localhost).
>
> In this case the info field seems to be empty:
>
> ldap.CONNECT_ERROR: {'info': '', 'desc': 'Connect error'}
>
> Ciao, Michael.
>
>
>