Re: start_tls error

[Ewa S. <Ewa...@un...>]

 Hello,
 
 Thanks for your answer. 
 
 I have corecct PEM certificate (I've generated new ones) and key without
 passphrase. I've change parameters for start_tls function from 
 
 start_tls(verify => 'none, "sslversion => sslv3") 
 
 to
 
 start_tls(     verify => "optional",
            sslversion => "sslv3", 
               cafile => "/usr/local/openldap2/etc/openldap/cacert.pem");
 
 And my program result was changed. Now I get following error: 
 
 Can't locate object method "TIEHANDLE" via package "IO::Socket::SSL" at
 /usr/lib/perl5/site_perl/5.6.0/Net/LDAP.pm line 793. 
 
 Now in my slapd's log I' not found errors like "bad certificate" , it
 seems that everything was correct but was stopped , because of (I think)  
 this "TIEHANDLE" error above. 
 
 How can I correct this, I checked that TIEHANDLE method is implemented in
 IO::Socket::SSL package so what do I have to do? 
 
 I will be grateful for any help.
 
 Eva.
 
> > 
> > It looks like the problem may be the format of the files containing your
> > client certificate and key.
> > 
> > Someone else recently was doing client auth with TLS and got it working,
> > but since I can't find their messages these are guesses:
> > 
> > 1) make sure your cert and key are both in PEM format. OpenSSL has some
> > utilities to convert things into PEM format.
> > 
> > 2) the private key has got to be unencrypted, because of the way Net::LDAP
> > uses the SSL code. (We should fix that by eg having a callback argument on
> > the SSL connect which returns the passphrase for the key. Doesn't look
> > hard..)
> > 
> > Cheers,
> > 
> > Chris
> > 
> 
>