From: Ewa S. <Ewa...@un...> - 2002-05-10 13:13:17
|
Hi, I found the reason why I couldn't use start_tls function in my programms. I have used IO::Socket::SSL v.0.81 package and in this socketToSSL function differ from this in v.0.80 this package. Difference is in result of this method. In version 0.81 aren't implemented TIEHANDLE method ,because socketToSSL has implemented association with IO::Socket::SSL and using tie *{$sock}, 'IO::Socket::SSL', $sock in Net::LDAP::start_tls function couses an error. To use latest version of IO::Socket::SSL is possible to change following line of start_tls function od Net::LDAP package from this: (IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 'IO::Socket::SSL', $sock) to this IO::Socket::SSL::socketToSSL($sock) I am not sure that everything will be OK, my programms work correctlly, better for now (in my opinion) is to use 0.80 version of IO::Socket::SSL package. When I use IO::Socket::SSL v0.80 I have successfully TLS connection. It seems that perl-ldap packages are implemented for IO::Socket::SSL v.0.80, not for the newer 0.81 version. Are you going to make changes in Net::LDAP to take into consideration the latest version of IO::Socket::SSL package? Sincerely Eva On Fri, 10 May 2002, Ewa Skrenty wrote: > > Hello, > > Thanks for your answer. > > I have corecct PEM certificate (I've generated new ones) and key without > passphrase. I've change parameters for start_tls function from > > start_tls(verify => 'none, "sslversion => sslv3") > > to > > start_tls( verify => "optional", > sslversion => "sslv3", > cafile => "/usr/local/openldap2/etc/openldap/cacert.pem"); > > And my program result was changed. Now I get following error: > > Can't locate object method "TIEHANDLE" via package "IO::Socket::SSL" at > /usr/lib/perl5/site_perl/5.6.0/Net/LDAP.pm line 793. > > Now in my slapd's log I' not found errors like "bad certificate" , it > seems that everything was correct but was stopped , because of (I think) > this "TIEHANDLE" error above. > > How can I correct this, I checked that TIEHANDLE method is implemented in > IO::Socket::SSL package so what do I have to do? > > I will be grateful for any help. > > Eva. > > > > > > > It looks like the problem may be the format of the files containing your > > > client certificate and key. > > > > > > Someone else recently was doing client auth with TLS and got it working, > > > but since I can't find their messages these are guesses: > > > > > > 1) make sure your cert and key are both in PEM format. OpenSSL has some > > > utilities to convert things into PEM format. > > > > > > 2) the private key has got to be unencrypted, because of the way Net::LDAP > > > uses the SSL code. (We should fix that by eg having a callback argument on > > > the SSL connect which returns the passphrase for the key. Doesn't look > > > hard..) > > > > > > Cheers, > > > > > > Chris > > > > > > > > > |