problems with start_tls

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Folks,

Here is my program on RedHat 8.0 with perl 5.8.0 and the current 
versions of perl-ldap and IO::Socket::SSL:

use Net::LDAP;

my $lds=Net::LDAP->new('oracleOidServer',
                        version=>'3',
                        debug => '12',
                        );

$result = $lds->start_tls ( verify => 'required',
                       cafile => 'oracle.pem',
                        );

print "TLS_RESULT: $result\n";
print "TLS_CODE: " . $result->code . "\n";
print "TLS_MESS: " . $result->error . "\n";
print "TLS_Cipher: " . $lds->version . "\n";

Here is the result:
Net::LDAP=HASH(0x804c120) sending:
0000   29: SEQUENCE {
0002    1:   INTEGER = 1
0005   24:   [APPLICATION 23] {
0007   22:     [CONTEXT 0]
0009     :       31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 
1.3.6.1.4.1.1466
0019     :       2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037
001F     :   }
001F     : }
Net::LDAP=HASH(0x804c120) received:
0000   35: SEQUENCE {
0002    1:   INTEGER = 1
0005   30:   [APPLICATION 24] {
0007    1:     ENUM = 12
000A    0:     STRING = ''
000C   23:     STRING = 'Currently Not Supported'
0025     :   }
0025     : }
TLS_RESULT: Net::LDAP::Extension=HASH(0x8066c10)
TLS_CODE: 12
TLS_MESS: Currently Not Supported
TLS_Cipher: 3

When I run the following:

openssl s_client -host oracleOidServer -port 636 -CAfile oracle.pem -debug

SSL handshake has read 1328 bytes and written 342 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DES-CBC3-SHA
    Session-ID: E0E6EDA8AE37D9DA4167D30F68699A3F
    Session-ID-ctx:
    Master-Key: 
3FB9984032B664D176E1613DB156D45022BD8A64698CD879C6282049E78D4F2A66D72C7467D462738C839234DEE19A12
    Key-Arg   : None
    Start Time: 1042737956
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

If I try to run this port 389 I get the following:

CONNECTED(00000003)
write to 0814DAC8 [0814DB10] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 4c 82 1f 51 66 17-63 ad 57 4b 57 ae b7 08   ..L..Qf.c.WKW...
0070 - a6 00 41 95 b7 c7 94 d5-aa e0 5e 43 c2 2a 88 84   ..A.......^C.*..
0080 - 47 b3                                             G.
read from 0814DAC8 [08153070] (7 bytes => 0 (0x0))
24369:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:226:

I would assume the start_tls would point to port 636 rather than 389. 
 When I set the port to 636 in the constructor it just hangs the program.

keith

-- 
-------------------------------------------------
Keith Clay, Kei...@ac...
Lead Programmer, Web Integration and Programming
286 Adams Center for Teaching Excellence
Abilene Christian University
Abilene, TX 79699
(915) 674-2187
(915) 674-2834
-------------------------------------------------