Hi,
I'm trying to use Net::LDAP to do LDAPS authentication against my Server 2008
Active Directory and I'm having a hard time getting server verification to work.
So far, my (super simple) code works if I use verify => none in start_tls, but
as soon as I set it to "require" or "optional", I get this error:
SSL connect attempt failed with unknown error error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm at ./ldap.pl line
23, line 522.
When I test from the command line using Openssl s_client it works okay, so I
don't think it's an OpenSSL problem. But I'm kind of a noob with Perl, so I'm
not sure what else to debug next.
Here's the relevant code snippet:
#!/usr/bin/perl
use Net::LDAP;
$ldap = Net::LDAP->new('ho.mydomain.com',
) or die "LDAP error";
$mesg = $ldap->start_tls(
sslversion => 'tlsv1',
verify => 'require',
capath => '/etc/ssl/certs/',
);
die $mesg->error if $mesg->is_error;
All the certs in the chain are signed with SHA512RSA. Also the CA Cert is 4096
bits and the server certs I am checking are all 2048 bits. I thought I might be
missing a module or something, but I am pretty sure I have all the
prerequisites installed, including Digest::SHA, Digest::HMAC and
IO::Socket::SSL. I'm kind of stuck. Has anyone ever had this problem before?
I'm working with Perl 5.10 on SLES 11 SP1. My OpenSSL version is 0.9.8h.
Thanks very much,
Paul
