|
|
0a869d |
From be16775bdacfe19ee0af38bd157272e137581640 Mon Sep 17 00:00:00 2001
|
|
|
0a869d |
From: Peter Marschall <peter@adpm.de>
|
|
|
0a869d |
Date: Sat, 14 Dec 2013 15:17:46 +0100
|
|
|
0a869d |
Subject: [PATCH] RT#90459: LDAP.pm: make LDAPS work after LDAP+start_tls
|
|
|
0a869d |
|
|
|
0a869d |
Stop setting global SSL settings via IO::Socket::SSL::context_init()
|
|
|
0a869d |
in Net::LDAP::start_tls().
|
|
|
0a869d |
According to Steffen Ullrich, the IO::Socket::SSL maintainer, setting
|
|
|
0a869d |
the global SSL settings is not necessary.
|
|
|
0a869d |
|
|
|
0a869d |
While looking at it, Steffen found that connect_ldaps() does not make sure
|
|
|
0a869d |
the 'sslserver' argument is set to allow checking for the correct host name.
|
|
|
0a869d |
Fix this as well.
|
|
|
0a869d |
|
|
|
0a869d |
Thanks to Klara Mall for reporting the bug and to Steffen Ullrich for
|
|
|
0a869d |
the patch ideas.
|
|
|
0a869d |
---
|
|
|
0a869d |
lib/Net/LDAP.pm | 3 ++-
|
|
|
0a869d |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
0a869d |
|
|
|
0a869d |
diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm
|
|
|
0a869d |
index 7ddd26a..2ee6898 100644
|
|
|
0a869d |
--- a/lib/Net/LDAP.pm
|
|
|
0a869d |
+++ b/lib/Net/LDAP.pm
|
|
|
0a869d |
@@ -186,6 +186,8 @@ sub connect_ldaps {
|
|
|
0a869d |
# separate port from host overwriting given/default port
|
|
|
0a869d |
$host =~ s/^([^:]+|\[.*\]):(\d+)$/$1/ and $port = $2;
|
|
|
0a869d |
|
|
|
0a869d |
+ $arg->{sslserver} = $host unless defined $arg->{sslserver};
|
|
|
0a869d |
+
|
|
|
0a869d |
$ldap->{net_ldap_socket} = IO::Socket::SSL->new(
|
|
|
0a869d |
PeerAddr => $host,
|
|
|
0a869d |
PeerPort => $port,
|
|
|
0a869d |
@@ -1080,7 +1082,6 @@ sub start_tls {
|
|
|
0a869d |
$arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
|
|
|
0a869d |
$arg->{sslserver} = $ldap->{net_ldap_host} unless defined $arg->{sslserver};
|
|
|
0a869d |
|
|
|
0a869d |
- IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } );
|
|
|
0a869d |
my $sock_class = ref($sock);
|
|
|
0a869d |
|
|
|
0a869d |
return $mesg
|
|
|
0a869d |
--
|
|
|
0a869d |
2.1.0
|
|
|
0a869d |
|