UNCLASSIFIED Sweet, thanks Peter.
I can't really pull from git at my workplace, so I'll wait for the next release on CPAN :) Thanks for all the work guys, it's a great module. Cheers, -Matt -----Original Message----- From: Peter Marschall [mailto:pe...@adpm.de] Sent: Friday, 4 November 2011 23:32 To: perl-ldap@perl.org Cc: Hart, Matthew MR 2 Subject: Re: Net::LDAP fails with later versions of IO::Socket::SSL [SEC=UNCLASSIFIED] Hi Matt, please have a look at the patches in * https://github.com/gbarr/perl-ldap/pull/3 * https://github.com/gbarr/perl-ldap/pull/4 on Graham's perl-ldap git repository. In addition to fixing the issue they should add a few other minor glitches as well as adding some new Controls. The former one is already included in the next branch of the perl-ldap repo. For ther latter I'm still hoping that Graham will do the same, and after that realease a new version. It would be cool you reported feedback on the mailing list Peter On Wednesday, 2. November 2011, Hart, Matthew MR 2 wrote: > UNCLASSIFIED > > Hey Guys, > > I think there is a problem with Net::LDAP using start_tls with later > versions of IO::Socket::SSL. I've just tryed to get perl-ldap-0.43 > working with IO-Socket-SSL-1.49, but I kept getting > "LDAP_OPERATIONS_ERROR" errors, which didn't have any detail. By > tracing through the code, at about line 1043: > > if ($sock_class ne ref($sock)) { > $err = $sock->errstr; > bless $sock, $sock_class; > } > > print "ERR: $err\n"; > > _error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $err); > > The actual value of $err was "Cannot determine peer hostname for > verificationerror:00000000:lib(0):func(0):reason(0)", which didn't > seem to be reported back when I did a: > > $result = $ldap->start_tls(%ssl); > if ($result->is_error()){ > print $result->error_name().": > ".$result->error_desc()."\n".$result->error_text()."\n"; > } > > > (It just said operations error, which was hard to determine the cause). > > So it seems that IO::Socket::SSL 1.49 does some extra checking of > peers at IO-Socket-SSL-1.49 IO/Socket/SSL.pm line 284. I think it is > expecting 'PeerHost' or 'PeerAddr' to be passed (or scheme to be > 'none' or a coderef), which Net::LDAP isn't doing in _SSL_context_init_args? > > Anyway, long story short, by backgrading IO::Socket::SSL to v1.06, the > issue seems to go away, as these sort of checks are not performed at > all in older versions of the module. > > Cheers, > > -Matt > > > > IMPORTANT: This email remains the property of the Department of > Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. > If you have received this email in error, you are requested to contact > the sender and delete the email. -- Peter Marschall pe...@adpm.de IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email.
