Re: start_tls error

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,
I found the reason why I couldn't use start_tls function in my
programms. I have used IO::Socket::SSL v.0.81 package and in this
socketToSSL function differ from this in v.0.80 this package. Difference
is in result of this method. In version 0.81 aren't implemented TIEHANDLE
method ,because socketToSSL has implemented association with 
IO::Socket::SSL and using 

tie *{$sock}, 'IO::Socket::SSL', $sock 

in Net::LDAP::start_tls function couses an error.

To use latest version of IO::Socket::SSL is possible to change
following line of start_tls function od Net::LDAP package 
from this:

(IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 'IO::Socket::SSL', $sock)

to this 

IO::Socket::SSL::socketToSSL($sock)

I am not sure that everything will be OK, my programms work correctlly,
better for now (in my opinion) is to use 0.80 version of IO::Socket::SSL
package. When I use IO::Socket::SSL v0.80 I have successfully TLS
connection.

It seems that perl-ldap packages are implemented for IO::Socket::SSL 
v.0.80, not for the newer 0.81 version. 

Are you going to make changes in Net::LDAP to take into consideration the
latest version of IO::Socket::SSL package?

Sincerely
Eva

On Fri, 10 May 2002, Ewa Skrenty wrote:

> 
>  Hello,
>  
>  Thanks for your answer. 
>  
>  I have corecct PEM certificate (I've generated new ones) and key without
>  passphrase. I've change parameters for start_tls function from 
>  
>  start_tls(verify => 'none, "sslversion => sslv3") 
>  
>  to
>  
>  start_tls(     verify => "optional",
>             sslversion => "sslv3", 
>                cafile => "/usr/local/openldap2/etc/openldap/cacert.pem");
>  
>  And my program result was changed. Now I get following error: 
>  
>  Can't locate object method "TIEHANDLE" via package "IO::Socket::SSL" at
>  /usr/lib/perl5/site_perl/5.6.0/Net/LDAP.pm line 793. 
>  
>  Now in my slapd's log I' not found errors like "bad certificate" , it
>  seems that everything was correct but was stopped , because of (I think)  
>  this "TIEHANDLE" error above. 
>  
>  How can I correct this, I checked that TIEHANDLE method is implemented in
>  IO::Socket::SSL package so what do I have to do? 
>  
>  I will be grateful for any help.
>  
>  Eva.
>  
> > > 
> > > It looks like the problem may be the format of the files containing your
> > > client certificate and key.
> > > 
> > > Someone else recently was doing client auth with TLS and got it working,
> > > but since I can't find their messages these are guesses:
> > > 
> > > 1) make sure your cert and key are both in PEM format. OpenSSL has some
> > > utilities to convert things into PEM format.
> > > 
> > > 2) the private key has got to be unencrypted, because of the way Net::LDAP
> > > uses the SSL code. (We should fix that by eg having a callback argument on
> > > the SSL connect which returns the passphrase for the key. Doesn't look
> > > hard..)
> > > 
> > > Cheers,
> > > 
> > > Chris
> > > 
> > 
> > 
> 
> 