======================================================================
FAIL: test_tls_ext_noca (Tests.t_cext.TestLdapCExtension)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/src/RPM/BUILD/python-module-ldap-3.0.0/Tests/t_cext.py", line 838, in test_tls_ext_noca
    l.start_tls_s()
AssertionError: CONNECT_ERROR not raised

----------------------------------------------------------------------
Ran 200 tests in 24.535s

FAILED (failures=1, skipped=1, expected failures=5)
Test failed: <unittest.runner.TextTestResult run=200 errors=0 failures=1>
error: Test failed: <unittest.runner.TextTestResult run=200 errors=0 failures=1>
ERROR: InvocationError: '/usr/src/RPM/BUILD/python-module-ldap-3.0.0/.tox/py27/bin/python -m coverage run --parallel setup.py test'
py27 finish: runtests after 24.97 seconds

test_tls_ext_noca (Tests.t_cext.TestLdapCExtension) ... 5a5f4f3f slap_listener_activate(8):
5a5f4f3f >>> slap_listener(ldap://127.0.0.1:51757/)
5a5f4f3f connection_get(13): got connid=1039
5a5f4f3f connection_read(13): checking for input on id=1039
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
5a5f4f3f op tag 0x77, time 1516195647
ber_get_next
5a5f4f3f conn=1039 op=0 do_extended
ber_scanf fmt ({m) ber:
5a5f4f3f send_ldap_extended: err=0 oid= len=0
5a5f4f3f send_ldap_response: msgid=1 tag=120 err=0
ber_flush2: 14 bytes to sd 13
5a5f4f3f connection_get(13): got connid=1039
5a5f4f3f connection_read(13): checking for input on id=1039
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
5a5f4f3f connection_get(13): got connid=1039
5a5f4f3f connection_read(13): checking for input on id=1039
TLS trace: SSL_accept:SSLv3 read client certificate A
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read certificate verify A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write session ticket A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
5a5f4f3f connection_read(13): unable to get TLS client DN, error=49 id=1039

/usr/sbin/slapd -V  
@(#) $OpenLDAP: slapd 2.4.45 (Dec 22 2017 17:43:47)

openssl version
OpenSSL 1.0.2n  7 Dec 2017

(Pdb) l
833         def test_tls_ext_noca(self):
834             l = self._open_conn(bind=False)
835             l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3)
836             l.set_option(_ldap.OPT_X_TLS_NEWCTX, 0)
837             import pdb;pdb.set_trace()
838  ->         with self.assertRaises(_ldap.CONNECT_ERROR) as e:
839                 l.start_tls_s()
840             # known resaons:
841             # Ubuntu on Travis: '(unknown error code)'
842             # OpenSSL 1.1: error:1416F086:SSL routines:\
843             #    tls_process_server_certificate:certificate verify failed
(Pdb) pp l.get_option(_ldap.OPT_X_TLS_REQUIRE_CERT)
0
(Pdb) pp _ldap.OPT_X_TLS_NEVER
0
(Pdb)

# fedora
(Pdb) l
830         @requires_tls()
831         def test_tls_ext_noca(self):
832             l = self._open_conn(bind=False)
833             l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3)
834             import pdb;pdb.set_trace()
835  ->         with self.assertRaises(_ldap.CONNECT_ERROR) as e:
836                 l.start_tls_s()
837             # known resaons:
838             # Ubuntu on Travis: '(unknown error code)'
839             # OpenSSL 1.1: error:1416F086:SSL routines:\
840             #    tls_process_server_certificate:certificate verify failed
(Pdb) pp l.get_option(_ldap.OPT_X_TLS_REQUIRE_CERT)
2
(Pdb) pp _ldap.OPT_X_TLS_DEMAND
2