45 lines
1.5 KiB
Diff
45 lines
1.5 KiB
Diff
From be16775bdacfe19ee0af38bd157272e137581640 Mon Sep 17 00:00:00 2001
|
|
From: Peter Marschall <peter@adpm.de>
|
|
Date: Sat, 14 Dec 2013 15:17:46 +0100
|
|
Subject: [PATCH] RT#90459: LDAP.pm: make LDAPS work after LDAP+start_tls
|
|
|
|
Stop setting global SSL settings via IO::Socket::SSL::context_init()
|
|
in Net::LDAP::start_tls().
|
|
According to Steffen Ullrich, the IO::Socket::SSL maintainer, setting
|
|
the global SSL settings is not necessary.
|
|
|
|
While looking at it, Steffen found that connect_ldaps() does not make sure
|
|
the 'sslserver' argument is set to allow checking for the correct host name.
|
|
Fix this as well.
|
|
|
|
Thanks to Klara Mall for reporting the bug and to Steffen Ullrich for
|
|
the patch ideas.
|
|
---
|
|
lib/Net/LDAP.pm | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm
|
|
index 7ddd26a..2ee6898 100644
|
|
--- a/lib/Net/LDAP.pm
|
|
+++ b/lib/Net/LDAP.pm
|
|
@@ -186,6 +186,8 @@ sub connect_ldaps {
|
|
# separate port from host overwriting given/default port
|
|
$host =~ s/^([^:]+|\[.*\]):(\d+)$/$1/ and $port = $2;
|
|
|
|
+ $arg->{sslserver} = $host unless defined $arg->{sslserver};
|
|
+
|
|
$ldap->{net_ldap_socket} = IO::Socket::SSL->new(
|
|
PeerAddr => $host,
|
|
PeerPort => $port,
|
|
@@ -1080,7 +1082,6 @@ sub start_tls {
|
|
$arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
|
|
$arg->{sslserver} = $ldap->{net_ldap_host} unless defined $arg->{sslserver};
|
|
|
|
- IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } );
|
|
my $sock_class = ref($sock);
|
|
|
|
return $mesg
|
|
--
|
|
2.1.0
|
|
|