From: Chris R. <chr...@us...> - 2002-05-28 11:16:08
|
Update of /cvsroot/perl-ldap/ldap/lib/Net In directory usw-pr-cvs1:/tmp/cvs-serv29078 Modified Files: LDAP.pod Log Message: Added decryptkey parameter Index: LDAP.pod =================================================================== RCS file: /cvsroot/perl-ldap/ldap/lib/Net/LDAP.pod,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- LDAP.pod 24 Oct 2001 12:37:14 -0000 1.14 +++ LDAP.pod 28 May 2002 11:16:05 -0000 1.15 @@ -724,12 +724,25 @@ =item clientkey +=item decryptkey + If you want to use the client to offer a certificate to the server for SSL authentication (which is not the same as for the LDAP Bind operation) then set clientcert to the user's certificate file, and clientkey to the user's private key file. These files must be in PEM format. +If the private key is encrypted (highly recommended!) then set +decryptkey to a reference to a subroutine that returns the decrypting +key. For example: + + $ldap = new Net::LDAP('myhost.example.com', version => 3); + $ldap->start_tls(verify => 'require', + clientcert => 'mycert.pem', + clientkey => 'mykey.pem', + decryptkey => sub { 'secret'; }, + capath => '/usr/local/cacerts/'); + =item capath =item cafile @@ -740,8 +753,8 @@ server's certificate. These certificates must all be in PEM format. The directory in 'capath' must contain certificates named using the -hash value of themselves. To generate these names, use OpenSSL like -this in Unix: +hash value of the certificates' subject names. To generate these +names, use OpenSSL like this in Unix: ln -s cacert.pem `openssl x509 -hash -noout < cacert.pem`.0 @@ -852,8 +865,8 @@ This document is based on a document originally written by Russell Fulton <r.f...@au...>. -Chris Ridd @isode.com for the many hours spent testing and contribution -of the ldap* command line utilities. +Chris Ridd <chr...@me...> for the many hours spent +testing and contribution of the ldap* command line utilities. =head1 AUTHOR |