FW: Net::LDAPS and verifying the CA certificate

[Christian G. <cgi...@ti...>]

[ Sorry for the initial, icomplete post ]

I've successfully queried an SSL-enabled LDAPv3 service with Net::LDAPS,
but the software continually dies when I attempt to verify the CA
certificate. I have followed the instructions for creating the hash-valued
symlink to the CA cert file.

lrwxrwxrwx   ce23b666.0 -> equifaxca2.crt
-r--r--r--   equifaxca2.crt

tomcat% more ce23b666.0
-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIBEDANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTkwNTI1
MDMwMDAwWhcNMDIwNjEwMDMwMDAwWjBTMQswCQYDVQQGEwJVUzEbMBkGA1UEChMS
RXF1aWZheCBTZWN1cmUgSW5jMScwJQYDVQQDEx5FcXVpZmF4IFNlY3VyZSBFLUJ1
c2luZXNzIENBLTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYna8GjS9mG
q4Cb8L0VwDBMZ+ztPI05urQb8F0t1Dp4I3gOFUs2WZJJv9Y1zCFwQbQbfJuBuXmZ
QKIZJOw3jwPbfcvoTyqQhM0Yyb1YzgM2ghuv8Zz/+LYrjBo2yrmf86zvMhDVOD7z
dhDzyTxCh5F6+K6Mcmmar+ncFMmIum2bAgMBAAGjYjBgMBIGA1UdEwEB/wQIMAYB
Af8CAQAwSgYDVR0lBEMwQQYIKwYBBQUHAwEGCCsGAQUFBwMDBgorBgEEAYI3CgMD
BglghkgBhvhCBAEGCCsGAQUFBwMIBgorBgEEAYI3CgMCMA0GCSqGSIb3DQEBBAUA
A4GBALIfbC0RQ9g4Zxf/Y8IA2jWm8Tt+jvFWPt5wT3n5k0orRAvbmTROVPHGSLw7
oMNeapH1eRG5yn+erwqYazcoFXJ6AsIC5WUjAnClsSrHBCAnEn6rDU080F38xIQ3
j1FBvwMOxAq/JR5eZZcBHlSpJad88Twfd7E+0fQcqgk+nnjH
-----END CERTIFICATE-----

I get the following information back regarding the certificates returned:

Cipher used: DES-CBC3-SHA
Subject DN: /C=US/ST=Colorado/L=Boulder/OU=IBM Global
Services/O=IBM/CN=bluepages.ibm.com
Issuer Name: /C=US/O=Equifax Secure Inc/CN=Equifax Secure E-Business CA-2

This information matches the CA's certificate information. As soon as I
attempt to change the ldap object's verify status from none to require,
the software dies during connection establishment. Has anyone had a
similar problem? If so, how did you resolve it?

perl-5.6.1
perl-ldap-0.23
IO-Socket-SSL-0.79
Crypt-SSLeay-0.27
Net_SSLeay-1.07

Regards,
Christian

-----------------
Christian Gilmore
Infrastructure & Tools Team Lead
Web & Multimedia Development
IBM Software Group