You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.5 KiB
44 lines
1.5 KiB
From be16775bdacfe19ee0af38bd157272e137581640 Mon Sep 17 00:00:00 2001 |
|
From: Peter Marschall <peter@adpm.de> |
|
Date: Sat, 14 Dec 2013 15:17:46 +0100 |
|
Subject: [PATCH] RT#90459: LDAP.pm: make LDAPS work after LDAP+start_tls |
|
|
|
Stop setting global SSL settings via IO::Socket::SSL::context_init() |
|
in Net::LDAP::start_tls(). |
|
According to Steffen Ullrich, the IO::Socket::SSL maintainer, setting |
|
the global SSL settings is not necessary. |
|
|
|
While looking at it, Steffen found that connect_ldaps() does not make sure |
|
the 'sslserver' argument is set to allow checking for the correct host name. |
|
Fix this as well. |
|
|
|
Thanks to Klara Mall for reporting the bug and to Steffen Ullrich for |
|
the patch ideas. |
|
--- |
|
lib/Net/LDAP.pm | 3 ++- |
|
1 file changed, 2 insertions(+), 1 deletion(-) |
|
|
|
diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm |
|
index 7ddd26a..2ee6898 100644 |
|
--- a/lib/Net/LDAP.pm |
|
+++ b/lib/Net/LDAP.pm |
|
@@ -186,6 +186,8 @@ sub connect_ldaps { |
|
# separate port from host overwriting given/default port |
|
$host =~ s/^([^:]+|\[.*\]):(\d+)$/$1/ and $port = $2; |
|
|
|
+ $arg->{sslserver} = $host unless defined $arg->{sslserver}; |
|
+ |
|
$ldap->{net_ldap_socket} = IO::Socket::SSL->new( |
|
PeerAddr => $host, |
|
PeerPort => $port, |
|
@@ -1080,7 +1082,6 @@ sub start_tls { |
|
$arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion}; |
|
$arg->{sslserver} = $ldap->{net_ldap_host} unless defined $arg->{sslserver}; |
|
|
|
- IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } ); |
|
my $sock_class = ref($sock); |
|
|
|
return $mesg |
|
-- |
|
2.1.0 |
|
|
|
|