Start_TLS fails (perl-ldap-0.24)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I have been successful with LDAPS, though the documentation needs to be
updated, but have not been able to get LDAP-startTLS to work:

../test_tls_<remote host>
$VAR1 =3D bless( {
                 'net_ldap_async' =3D> 0,
                 'net_ldap_resp' =3D> {},
                 'net_ldap_debug' =3D> 1,
                 'net_ldap_host' =3D> '<remote host>',
                 'net_ldap_version' =3D> 3,
                 'net_ldap_socket' =3D> bless( \*Symbol::GEN0, 'IO::Socke=
t::INET' )
               }, 'Net::LDAP' );
Net::LDAP=3DHASH(0x805a084) sending:

30 1D 02 01 01 77 18 80 16 31 2E 33 2E 36 2E 31 0....w...1.3.6.1
2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 33 37 __ .4.1.1466.20037

$VAR1 =3D bless( {
                 'callback' =3D> undef,
                 'parent' =3D> bless( {
                                      'net_ldap_async' =3D> 0,
                                      'net_ldap_resp' =3D> {},
                                      'net_ldap_mesg' =3D> {
                                                           '1' =3D> $VAR1
                                                         },
                                      'net_ldap_debug' =3D> 1,
                                      'net_ldap_host' =3D> '<remote host>=
',
                                      'net_ldap_version' =3D> 3,
                                      'net_ldap_socket' =3D> bless( \*Sym=
bol::GEN0, 'IO::Socket::INET' )
                                    }, 'Net::LDAP' ),
                 'mesgid' =3D> 1,
                 'errorMessage' =3D> 'I/O Error  494f3a3a536f636b65743a3a=
494e45543d474c4f422830783833313764613429',
                 'resultCode' =3D> '1',
                 'pdu' =3D> '0|a``ww=80u1.3.6.1.4.1.1466.20037'
               }, 'Net::LDAP::Extension' );

openssl s_server -cert slapd.ssl.certificate -key slapd.ssl.key
 -CAfile /var/OpenSSL_CA/cacert.pem -debug -state -accept 637
 -tls1 -bugs -hack
Using default temp DH parameters
Enter PEM pass phrase:
ACCEPT
SSL_accept:before/accept initialization
read from 0015B270 [00165190] (5 bytes =3D> 5 (0x5))
0000 - 30 1d 02 01 01                                    0....
SSL_accept:error in SSLv3 read client hello B
ERROR
11599:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3=
_pkt.c:290:
shutting down SSL
CONNECTION CLOSED
ACCEPT

00001 #!/usr/local/bin/perl
00002 use Net::LDAP qw(:all);
00003 #use Net::LDAP::LDIF;
00004 #use Net::LDAP::Message;
00005 #use Net::LDAP::Util qw(ldap_error_name ldap_error_text);
00006 use Data::Dumper;
00007
00008 my $ldaphost =3D "<remote host>";
00009 #my $ldaphost =3D "127.0.0.1";
00010 my $ldapconn =3D Net::LDAP->new($ldaphost,port=3D>637,version=3D>3,=
debug=3D>1) or die "$@";
00011 print Dumper($ldapconn);
00012
00013 my $cafile =3D "<remote host cacert.pem>";
00014 #my $cafile =3D "/var/OpenSSL_CA/cacert.pem";
00015 my $result =3D $ldapconn->start_tls(verify=3D>'require',cafile=3D>"=
$cafile");
00016 print Dumper($result);
00017 exit;

/usr/local/libexec/slapd -d9 -h 'ldaps://:637/'
@(#) $OpenLDAP: slapd 2.0.11-Release (Mon Jul 30 10:17:59 CDT 2001) $
        <remote host mailbox>:/var/stage/openldap-2.0.11/servers/slapd
daemon_init: listen on ldaps://:637/
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldaps://:637/)
daemon: initialized ldaps://:637/
daemon_init: 1 listeners opened
slapd init: initiated server.
Enter PEM pass phrase:
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=3D6 active_threads=3D0 tvp=3DNULL
daemon: activity on 1 descriptors
daemon: new connection on 7
daemon: added 7r
daemon: activity on:
daemon: select: listen=3D6 active_threads=3D0 tvp=3DNULL
daemon: activity on 1 descriptors
daemon: activity on: 7r
daemon: read activity on 7
connection_get(7): got connid=3D0
connection_read(7): checking for input on id=3D0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol =
s23_srvr.c:565
connection_read(7): TLS accept error error=3D-1 id=3D0, closing
connection_closing: readying conn=3D0 sd=3D7 for close
connection_close: conn=3D0 sd=3D7
daemon: removing 7
daemon: select: listen=3D6 active_threads=3D0 tvp=3DNULL
daemon: activity on 1 descriptors
daemon: select: listen=3D6 active_threads=3D0 tvp=3DNULL