Menu
▾
▴
Re: start_tls
|
From: Chris R. <chr...@me...> - 2001-07-06 12:03:32
|
Graham Barr <gb...@po...> wrote:
> On Fri, Jul 06, 2001 at 12:12:13PM +0100, Chris Ridd wrote:
>> Graham Barr <gb...@po...> wrote:
>> > On Fri, Jul 06, 2001 at 10:23:44AM +0100, Chris Ridd wrote:
>> >> I've committed additional changes to LDAPS.pm, LDAP.pm and LDAP.pod. I
>> >> just copied the documentation across because I thought it was still
>> >> useful to see directly on the LDAPS page.
>> >
>> > I see you have overridded start_tls in LDAPS with a croak.
>> >
>> > I want to avoid croaks if we can. We could just return a sucess
>> > as afterall we are already using SSL.
>> >
>> > This check really needs to go into Net::LDAP, as what should happen
>> > if start_tls is called twice ?
>> >
>> > I suggest we add a check in start_tls for $sock->isa('IO::Socket::SSL')
>> >
>> > Graham.
>> >
>>
>> That makes more sense. Does the attached patch look any better?
>
> Actually I have made it return an error. I checked what openldap did if
> you called start_tls twice, it returned an error (which was expected)
>
> Note start_tls returns a message object, from the extension call.
>
>> It also changes the default values for cafile and capath to '', which is
>> required for versions of IO::Socket::SSL since 0.78. I've tested using
>> both cafile and capath options, and without this change using capath
>> fails.
>
> OK, I will change those.
>
>> (We should incidentally require at least this version of IO::Socket::SSL
>> in Makefile.PL.)
>
> We should check, but I am not sure about require.
> Graham.
>
The setting of capth/cafile to '' instead of undef is required by 0.78. Hm,
we could make our code check the IO::Socket::SSL version and set the
defaults appropriately...
Cheers,
Chris
|
