Menu
▾
▴
Re: start_tls
|
From: Graham B. <gb...@po...> - 2001-07-06 11:44:11
|
On Fri, Jul 06, 2001 at 12:12:13PM +0100, Chris Ridd wrote:
> Graham Barr <gb...@po...> wrote:
> > On Fri, Jul 06, 2001 at 10:23:44AM +0100, Chris Ridd wrote:
> >> I've committed additional changes to LDAPS.pm, LDAP.pm and LDAP.pod. I
> >> just copied the documentation across because I thought it was still
> >> useful to see directly on the LDAPS page.
> >
> > I see you have overridded start_tls in LDAPS with a croak.
> >
> > I want to avoid croaks if we can. We could just return a sucess
> > as afterall we are already using SSL.
> >
> > This check really needs to go into Net::LDAP, as what should happen
> > if start_tls is called twice ?
> >
> > I suggest we add a check in start_tls for $sock->isa('IO::Socket::SSL')
> >
> > Graham.
> >
>
> That makes more sense. Does the attached patch look any better?
Actually I have made it return an error. I checked what openldap did if
you called start_tls twice, it returned an error (which was expected)
Note start_tls returns a message object, from the extension call.
> It also changes the default values for cafile and capath to '', which is
> required for versions of IO::Socket::SSL since 0.78. I've tested using both
> cafile and capath options, and without this change using capath fails.
OK, I will change those.
> (We should incidentally require at least this version of IO::Socket::SSL in
> Makefile.PL.)
We should check, but I am not sure about require.
Graham.
|
