|
 |
d62d69 |
From 22d4a8728799fd978c358c9b8f7726170f14a1e4 Mon Sep 17 00:00:00 2001
|
|
|
d62d69 |
From: Peter Marschall <peter@adpm.de>
|
|
|
d62d69 |
Date: Sun, 23 Nov 2014 19:35:02 +0100
|
|
|
d62d69 |
Subject: [PATCH] LDAP.pm: do not set default sslversion for LDAPS
|
|
|
d62d69 |
MIME-Version: 1.0
|
|
|
d62d69 |
Content-Type: text/plain; charset=UTF-8
|
|
|
d62d69 |
Content-Transfer-Encoding: 8bit
|
|
|
d62d69 |
|
|
|
d62d69 |
Instead of setting a default sslversion for LDAPS, rely on the default
|
|
|
d62d69 |
value used by IO::Socket::SSL.
|
|
|
d62d69 |
|
|
|
d62d69 |
Petr Písař: Ported to 0.56.
|
|
|
d62d69 |
|
|
|
d62d69 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
d62d69 |
---
|
|
|
d62d69 |
lib/Net/LDAP.pm | 4 ++--
|
|
|
d62d69 |
lib/Net/LDAP.pod | 6 +++---
|
|
|
d62d69 |
2 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
d62d69 |
|
|
|
d62d69 |
diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm
|
|
|
d62d69 |
index fc5649a..5969785 100644
|
|
|
d62d69 |
--- a/lib/Net/LDAP.pm
|
|
|
d62d69 |
+++ b/lib/Net/LDAP.pm
|
|
|
d62d69 |
@@ -247,6 +247,8 @@ sub _SSL_context_init_args {
|
|
|
d62d69 |
(
|
|
|
d62d69 |
defined $arg->{ciphers} ?
|
|
|
d62d69 |
( SSL_cipher_list => $arg->{ciphers} ) : (),
|
|
|
d62d69 |
+ defined $arg->{sslversion} ?
|
|
|
d62d69 |
+ ( SSL_version => $arg->{sslversion} ) : (),
|
|
|
d62d69 |
SSL_ca_file => exists $arg->{cafile} ? $arg->{cafile} : '',
|
|
|
d62d69 |
SSL_ca_path => exists $arg->{capath} ? $arg->{capath} : '',
|
|
|
d62d69 |
SSL_key_file => $clientcert ? $clientkey : undef,
|
|
|
d62d69 |
@@ -255,8 +257,6 @@ sub _SSL_context_init_args {
|
|
|
d62d69 |
SSL_use_cert => $clientcert ? 1 : 0,
|
|
|
d62d69 |
SSL_cert_file => $clientcert,
|
|
|
d62d69 |
SSL_verify_mode => $verify,
|
|
|
d62d69 |
- SSL_version => defined $arg->{sslversion} ? $arg->{sslversion} :
|
|
|
d62d69 |
- 'sslv23',
|
|
|
d62d69 |
%verifycn_ctx,
|
|
|
d62d69 |
);
|
|
|
d62d69 |
}
|
|
|
d62d69 |
diff --git a/lib/Net/LDAP.pod b/lib/Net/LDAP.pod
|
|
|
d62d69 |
index 1a3bcca..06bab70 100644
|
|
|
d62d69 |
--- a/lib/Net/LDAP.pod
|
|
|
d62d69 |
+++ b/lib/Net/LDAP.pod
|
|
|
d62d69 |
@@ -186,9 +186,9 @@ B<Example>
|
|
|
d62d69 |
$ldap = Net::LDAP->new( 'remote.host', async => 1 );
|
|
|
d62d69 |
|
|
|
d62d69 |
LDAPS connections have some extra valid options, see the
|
|
|
d62d69 |
-L<start_tls|/start_tls> method for details. Note the default value for
|
|
|
d62d69 |
-'sslversion' for LDAPS is 'sslv23', and the default port for LDAPS
|
|
|
d62d69 |
-is 636.
|
|
|
d62d69 |
+L<start_tls|/start_tls> method for details. Note the default port
|
|
|
d62d69 |
+for LDAPS is 636, and the default value for 'sslversion' is the
|
|
|
d62d69 |
+value used as default by L<IO::Socket::SSL>.
|
|
|
d62d69 |
|
|
|
d62d69 |
For LDAPI connections, HOST is actually the location of a UNIX domain
|
|
|
d62d69 |
socket to connect to. The default location is '/var/run/ldapi'.
|
|
|
d62d69 |
--
|
|
|
d62d69 |
2.13.6
|
|
|
d62d69 |
|