Re: start_tls

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Fri, Jul 06, 2001 at 02:17:03PM +0100, Chris Ridd wrote:
> Graham Barr <gb...@po...> wrote:
> > On Fri, Jul 06, 2001 at 01:35:47PM +0100, Chris Ridd wrote:
> >> Graham Barr <gb...@po...> wrote:
> >> > On Fri, Jul 06, 2001 at 01:03:16PM +0100, Chris Ridd wrote:
> >> >> The setting of capth/cafile to '' instead of undef is required by
> >> >> 0.78. Hm, we could make our code check the IO::Socket::SSL version
> >> >> and set the defaults appropriately...
> >> > 
> >> > Hm, I have o.78 here and it works fine with undef or ''
> >> > 
> >> > Graham.
> >> 
> >> You have to actually try verifying a server's cert using capath to see
> >> this problem.
> > 
> > Ah, that would explain it.
> > 
> > Graham.
> 
> Would this patch be appropriate?

Yes. But it seems Marcus is going to release a new IO::Socket::SSL with my fix.

So rather than fill with version comparisons, I was thinking of the Makefile.PL
warning if the version was < 0.80

What do you think ?

Graham.

> 
> Cheers,
> 
> Chris
> Index: lib/Net/LDAPS.pm
> ===================================================================
> RCS file: /cvsroot/perl-ldap/ldap/lib/Net/LDAPS.pm,v
> retrieving revision 1.8
> diff -b -c -r1.8 LDAPS.pm
> *** lib/Net/LDAPS.pm	2001/07/06 11:53:01	1.8
> --- lib/Net/LDAPS.pm	2001/07/06 13:15:35
> ***************
> *** 49,56 ****
>   
>     (
>       SSL_cipher_list => defined $arg->{'ciphers'} ? $arg->{'ciphers'} :
> 'ALL',
> !     SSL_ca_file     => exists  $arg->{'cafile'}  ? $arg->{'cafile'}  : '',
> !     SSL_ca_path     => exists  $arg->{'capath'}  ? $arg->{'capath'}  : '',
>       SSL_key_file    => $clientcert ? $clientkey : undef,
>       SSL_use_cert    => $clientcert ? 1 : 0,
>       SSL_cert_file   => $clientcert,
> --- 49,58 ----
>   
>     (
>       SSL_cipher_list => defined $arg->{'ciphers'} ? $arg->{'ciphers'} :
> 'ALL',
> !     SSL_ca_file     => exists  $arg->{'cafile'}  ? $arg->{'cafile'}  :
> !        ($IO::Socket::SSL::VERSION >= "0.78" ? '' : undef),
> !     SSL_ca_path     => exists  $arg->{'capath'}  ? $arg->{'capath'}  :
> !        ($IO::Socket::SSL::VERSION >= "0.78" ? '' : undef),
>       SSL_key_file    => $clientcert ? $clientkey : undef,
>       SSL_use_cert    => $clientcert ? 1 : 0,
>       SSL_cert_file   => $clientcert,