Re: [Fwd] perl-ldap and multiple start_tls errors

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Did anyone else try this ?

I know it is a hack, but do others think we should include it ?

Graham.

On Wed, Oct 24, 2001 at 04:46:32PM +0100, Graham Barr wrote:
> On Wed, Oct 24, 2001 at 04:31:08PM +0100, Graham Barr wrote:
> > On Wed, Oct 24, 2001 at 04:13:43PM +0100, Chris Ridd wrote:
> > > Graham Barr <gb...@po...> wrote:
> > > > ----- Forwarded message from Todd Woods <tw...@di...> -----
> > > > 
> > > > Date: Wed, 24 Oct 2001 09:18:20 -0500 (CDT)
> > > > To: gb...@po...
> > > > From: Todd Woods <tw...@di...>
> > > > Subject: perl-ldap and multiple start_tls errors
> > > > 
> > > > 	Couldn't find anything using google on this error so e-mailing
> > > > you. 8) 
> > > > 	I can't start more then 1 LDAP bind using start_tls in a perl
> > > > script.  It errors out from IO::Socket::SSL when issuing start_tls on the
> > > > subsequent ldap objects event if I do an unbind first.
> > > > 	Reading under IO::Socket::SSL I noticed that it mentions you can
> > > > only have one SSL context at a given time.  I've seen scripts (haven't run
> > > 
> > > Yeah, I saw that too. I suspect that only having a single SSL context means
> > > you can only have a single SSL connection at a time.
> > 
> > IO::Socket::SSL does create a new context each time, but it stores it in
> > a global. I wonder it the problem is that on the second connect the
> > refcount for the first context goes to zero and it is freed, thus causing
> > problems for Net::SSLeay on the inital connection.
> > 
> > It may be worth trying to save the contents of $IO::Socket::SSL::SSL_Context_obj,
> > after calling context_init, in the ldap object.
> 
> OK, this is a hack, but it seems to work around the limitation in IO::Socket::SSL
> 
> Graham.

> Index: lib/Net/LDAP.pm
> ===================================================================
> RCS file: /cvsroot/perl-ldap/ldap/lib/Net/LDAP.pm,v
> retrieving revision 1.27
> diff -u -u -r1.27 LDAP.pm
> --- lib/Net/LDAP.pm	2001/10/22 12:32:33	1.27
> +++ lib/Net/LDAP.pm	2001/10/24 15:48:45
> @@ -789,7 +789,12 @@
>  
>    require Net::LDAPS;
>    $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
> +
> +  local $IO::Socket::SSL::SSL_Context_obj = 0;
>    IO::Socket::SSL::context_init( { Net::LDAPS::SSL_context_init_args($arg) } );
> +
> +  $ldap->{ssl_context} = $IO::Socket::SSL::SSL_Context_obj;
> +
>    (IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 'IO::Socket::SSL', $sock)
>      ? $mesg
>      : _error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $@);