Re: start_tls error

[Graham B. <gb...@po...>]

On Tue, May 28, 2002 at 10:24:16AM +0100, Chris Ridd wrote:
> On 28/5/02 9:20 am, Graham Barr <gb...@po...> wrote:
> 
> > On Fri, May 10, 2002 at 02:32:07PM +0100, Chris Ridd wrote:
> >>> To use latest version of IO::Socket::SSL is possible to change
> >>> following line of start_tls function od Net::LDAP package
> >>> from this:
> >>> 
> >>> (IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 'IO::Socket::SSL',
> >>> $sock)
> >>> 
> >>> to this 
> >>> 
> >>> IO::Socket::SSL::socketToSSL($sock)
> >> 
> >> If I recall (Graham?) the 'and tie ...' was to avoid a bug in
> >> IO::Socket::SSL::socketToSSL. I guess that bug workaround could go, but
> >> then there would need to be a test in the Makefile.PL for a specific (ie >=
> >> 0.81) version of IO::Socket::SSL.
> > 
> > Yes.
> 
> I committed a fix for that (removed the 'and tie...' and tweaked the
> Makefile.PL to check for the IO::Socket version) last week, so hopefully it
> made it into the interim 0.251 release. Julian Onions also noticed a
> regression in the start_tls method, and I've committed his fix for that.

It was not in 0.251, That release contained ONLY the changes for Authen::SASL

> Since we're talking about SSL...
> 
> Someone here (I can't remember who) was asking if we could use encrypted
> private key files in client SSL authentication - we couldn't because there
> was no support for it in IO::Socket::SSL and Net::SSLeay.
> 
> I've since sent some changes to the authors of the IO::Socket::SSL and
> Net::SSLeay modules that allow for this, so there'll be another minor change
> coming to expose that functionality in LDAPS/start_tls. I could probably
> commit those changes now, except they'd have zero effect until revised
> IO::Socket::SSL and Net:: SSLeay libraries came out.. Any preferences,
> Graham?

Sounds good to me.

Graham.