Chris Ridd wrote:
> On 31 Mar 2010, at 19:25, Prentice Bisbal wrote:
>
>> It's my understanding that using LDAPS->new or $ldap->start_tls with the
>> option
>>
>> verify => 'require'
>>
>> Should verify that the host name should be checked and fail if it's not
>> an exact match. From my experien
On Mar 31, 2010, at 2:31 PM, Chris Ridd wrote:
>
> No, all it means is that the certificate chain is trusted, ie is signed by a
> CA that you trust.
>
> The rules for checking the hostname matches are more complex than you
> describe, but luckily it seems that IO::Socket::SSL has a verify_hostn
On 31 Mar 2010, at 19:25, Prentice Bisbal wrote:
> It's my understanding that using LDAPS->new or $ldap->start_tls with the
> option
>
> verify => 'require'
>
> Should verify that the host name should be checked and fail if it's not
> an exact match. From my experience with websites, TLS/SSL re
It's my understanding that using LDAPS->new or $ldap->start_tls with the
option
verify => 'require'
Should verify that the host name should be checked and fail if it's not
an exact match. From my experience with websites, TLS/SSL requires that
if the cert contains the FQDN for the server, the ver
It's my understanding that using LDAPS->new or $ldap->start_tls with the
option
verify => 'require'
Should verify that the host name should be checked and fail if it's not
an exact match. From my experience with websites, TLS/SSL requires that
if the cert contains the FQDN for the server, the ver
