On 10/5/20 8:10 PM, Quanah Gibson-Mount wrote:
--On Monday, October 5, 2020 6:48 PM +0000 Siddharth Jain siddjain@live.com wrote:
TLS: during handshake: peer cert is valid, or was ignored if verification disabled (-9841) TLS: during handshake: Peer certificate is not trusted: kSecTrustResultRecoverableTrustFailure
This message comes from Apple's TLS library. This would indicate that you're using a hacked version of OpenLDAP. We cannot offer support for a hacked version of OpenLDAP. You will need to ask Apple for help on how to correctly configure TLS within their environment.
To add to that:
AFAIK the patched libldap in MacOS simply uses the system-wide trust store and nothing else.
Furthermore using ldap_set_option() to set trusted CA certs file or directory leads to errors. This results in weird work-arounds like this:
https://gitlab.com/ae-dir/python-ldap0/-/blob/master/ldap0/ldapobject.py#L25...
Ciao, Michael.