On Mar 31, 2010, at 2:31 PM, Chris Ridd wrote:
>
> No, all it means is that the certificate chain is trusted, ie is signed by a
> CA that you trust.
>
> The rules for checking the hostname matches are more complex than you
> describe, but luckily it seems that IO::Socket::SSL has a verify_hostname
> method that should do what is needed. eg:
>
> $ldap = Net::LDAP->new("hostname") or die;
> [...start_tls etc...]
> $ldap->socket->verify_hostname("hostname", "ldap") || die "Hostname
> verification error";
>
> We should either document this, or (my preference) add code to call
> verify_hostname ourselves.
patches welcome :-)
or even better create a fork at http://github.com/gbarr/perl-ldap
Graham.
