Hi Matt,
please have a look at the patches in
* https://github.com/gbarr/perl-ldap/pull/3
* https://github.com/gbarr/perl-ldap/pull/4
on Graham's perl-ldap git repository.
In addition to fixing the issue they should add a few other minor glitches as
well as adding some new Controls.
The former one is already included in the next branch of the perl-ldap repo.
For ther latter I'm still hoping that Graham will do the same, and after that
realease a new version.
It would be cool you reported feedback on the mailing list
Peter
On Wednesday, 2. November 2011, Hart, Matthew MR 2 wrote:
> UNCLASSIFIED
>
> Hey Guys,
>
> I think there is a problem with Net::LDAP using start_tls with later
> versions of IO::Socket::SSL. I've just tryed to get perl-ldap-0.43
> working with IO-Socket-SSL-1.49, but I kept getting
> "LDAP_OPERATIONS_ERROR" errors, which didn't have any detail. By tracing
> through the code, at about line 1043:
>
> if ($sock_class ne ref($sock)) {
> $err = $sock->errstr;
> bless $sock, $sock_class;
> }
>
> print "ERR: $err\n";
>
> _error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $err);
>
> The actual value of $err was "Cannot determine peer hostname for
> verificationerror:00000000:lib(0):func(0):reason(0)", which didn't seem
> to be reported back when I did a:
>
> $result = $ldap->start_tls(%ssl);
> if ($result->is_error()){
> print $result->error_name().":
> ".$result->error_desc()."\n".$result->error_text()."\n";
> }
>
>
> (It just said operations error, which was hard to determine the cause).
>
> So it seems that IO::Socket::SSL 1.49 does some extra checking of peers
> at IO-Socket-SSL-1.49 IO/Socket/SSL.pm line 284. I think it is expecting
> 'PeerHost' or 'PeerAddr' to be passed (or scheme to be 'none' or a
> coderef), which Net::LDAP isn't doing in _SSL_context_init_args?
>
> Anyway, long story short, by backgrading IO::Socket::SSL to v1.06, the
> issue seems to go away, as these sort of checks are not performed at all
> in older versions of the module.
>
> Cheers,
>
> -Matt
>
>
>
> IMPORTANT: This email remains the property of the Department of Defence
> and is subject to the jurisdiction of section 70 of the Crimes Act 1914.
> If you have received this email in error, you are requested to contact
> the sender and delete the email.
--
Peter Marschall
[email protected]
