You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, OpenSSL supports the -partial_chain argument. Is there any way to use this with ldap3? I only see options for full chain verification, or disabled verification.
If ldap3 can't do partial_chain verification, why not?
The text was updated successfully, but these errors were encountered:
hi @wayneworkman - what's the use case you're trying to achieve?
the TLS used by ldap3 just builds on the native python ssl module. it looks like ssl.VERIFY_X509_PARTIAL_CHAIN was just added recently-ish in python3.10. so support for passing verify_flags could be added to Tls.
honestly it might make sense to just support passing a whole SSLContext object in case there's more things in the future, now that SSLContexts are the default for everything in python
My use case is for LDAP-S where I'm unable (for reasons) to to get a copy of the root public certificate that I need to enable full chain verification. All I have available to me is the specific LDAP server's public certificate, an an intermediate certificate.
Hi, OpenSSL supports the
-partial_chain
argument. Is there any way to use this with ldap3? I only see options for full chain verification, or disabled verification.If ldap3 can't do partial_chain verification, why not?
The text was updated successfully, but these errors were encountered: