From 22d4a8728799fd978c358c9b8f7726170f14a1e4 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 23 Nov 2014 19:35:02 +0100 Subject: [PATCH] LDAP.pm: do not set default sslversion for LDAPS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of setting a default sslversion for LDAPS, rely on the default value used by IO::Socket::SSL. Petr Písař: Ported to 0.56. Signed-off-by: Petr Písař --- lib/Net/LDAP.pm | 4 ++-- lib/Net/LDAP.pod | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm index fc5649a..5969785 100644 --- a/lib/Net/LDAP.pm +++ b/lib/Net/LDAP.pm @@ -247,6 +247,8 @@ sub _SSL_context_init_args { ( defined $arg->{ciphers} ? ( SSL_cipher_list => $arg->{ciphers} ) : (), + defined $arg->{sslversion} ? + ( SSL_version => $arg->{sslversion} ) : (), SSL_ca_file => exists $arg->{cafile} ? $arg->{cafile} : '', SSL_ca_path => exists $arg->{capath} ? $arg->{capath} : '', SSL_key_file => $clientcert ? $clientkey : undef, @@ -255,8 +257,6 @@ sub _SSL_context_init_args { SSL_use_cert => $clientcert ? 1 : 0, SSL_cert_file => $clientcert, SSL_verify_mode => $verify, - SSL_version => defined $arg->{sslversion} ? $arg->{sslversion} : - 'sslv23', %verifycn_ctx, ); } diff --git a/lib/Net/LDAP.pod b/lib/Net/LDAP.pod index 1a3bcca..06bab70 100644 --- a/lib/Net/LDAP.pod +++ b/lib/Net/LDAP.pod @@ -186,9 +186,9 @@ B $ldap = Net::LDAP->new( 'remote.host', async => 1 ); LDAPS connections have some extra valid options, see the -L method for details. Note the default value for -'sslversion' for LDAPS is 'sslv23', and the default port for LDAPS -is 636. +L method for details. Note the default port +for LDAPS is 636, and the default value for 'sslversion' is the +value used as default by L. For LDAPI connections, HOST is actually the location of a UNIX domain socket to connect to. The default location is '/var/run/ldapi'. -- 2.13.6