On 3 Aug 2011, at 18:06, Kevan Carstensen wrote: > We can easily address this by changing the options we pass to > IO::Socket::SSL's new and start_SSL functions. I'm attaching a patch > that does this, setting SSL_verifycn_name to 'ldap'. This behaves > correctly in my tests: LDAPS connections to a server only succeed if the > server presents a certificate (signed by a CA trusted by the client) > that correctly identifies the name that the client connected to. > > Any thoughts? Does this seem appropriate for inclusion in a future > release of the perl-ldap software?
The patch looks good to me, I think it should go in. Does it force a new minimum version of IO::Socket::SSL? Chris