From be16775bdacfe19ee0af38bd157272e137581640 Mon Sep 17 00:00:00 2001
From: Peter Marschall <peter@adpm.de>
Date: Sat, 14 Dec 2013 15:17:46 +0100
Subject: [PATCH] RT#90459: LDAP.pm: make LDAPS work after LDAP+start_tls

Stop setting global SSL settings via IO::Socket::SSL::context_init()
in Net::LDAP::start_tls().
According to Steffen Ullrich, the IO::Socket::SSL maintainer, setting
the global SSL settings is not necessary.

While looking at it, Steffen found that connect_ldaps() does not make sure
the 'sslserver' argument is set to allow checking for the correct host name.
Fix this as well.

Thanks to Klara Mall for reporting the bug and to Steffen Ullrich for
the patch ideas.
---
 lib/Net/LDAP.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm
index 7ddd26a..2ee6898 100644
--- a/lib/Net/LDAP.pm
+++ b/lib/Net/LDAP.pm
@@ -186,6 +186,8 @@ sub connect_ldaps {
   # separate port from host overwriting given/default port
   $host =~ s/^([^:]+|\[.*\]):(\d+)$/$1/ and $port = $2;
 
+  $arg->{sslserver} = $host  unless defined $arg->{sslserver};
+
   $ldap->{net_ldap_socket} = IO::Socket::SSL->new(
     PeerAddr 	    => $host,
     PeerPort 	    => $port,
@@ -1080,7 +1082,6 @@ sub start_tls {
   $arg->{sslversion} = 'tlsv1'  unless defined $arg->{sslversion};
   $arg->{sslserver} = $ldap->{net_ldap_host}  unless defined $arg->{sslserver};
 
-  IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } );
   my $sock_class = ref($sock);
 
   return $mesg
-- 
2.1.0