Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Net::LDAP fails with later versions of IO::Socket::SSL [SEC=UNCLASSIFIED]
34 views
Skip to first unread message
Hart, Matthew MR 2
Nov 2, 2011, 2:08:59 AM11/2/11
to perl...@perl.org
UNCLASSIFIED
Hey Guys,
I think there is a problem with Net::LDAP using start_tls with later
versions of IO::Socket::SSL. I've just tryed to get perl-ldap-0.43
working with IO-Socket-SSL-1.49, but I kept getting
"LDAP_OPERATIONS_ERROR" errors, which didn't have any detail. By tracing
through the code, at about line 1043:
if ($sock_class ne ref($sock)) {
$err = $sock->errstr;
bless $sock, $sock_class;
}
print "ERR: $err\n";
_error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $err);
The actual value of $err was "Cannot determine peer hostname for
verificationerror:00000000:lib(0):func(0):reason(0)", which didn't seem
to be reported back when I did a:
$result = $ldap->start_tls(%ssl);
if ($result->is_error()){
print $result->error_name().":
".$result->error_desc()."\n".$result->error_text()."\n";
}
(It just said operations error, which was hard to determine the cause).
So it seems that IO::Socket::SSL 1.49 does some extra checking of peers
at IO-Socket-SSL-1.49 IO/Socket/SSL.pm line 284. I think it is expecting
'PeerHost' or 'PeerAddr' to be passed (or scheme to be 'none' or a
coderef), which Net::LDAP isn't doing in _SSL_context_init_args?
Anyway, long story short, by backgrading IO::Socket::SSL to v1.06, the
issue seems to go away, as these sort of checks are not performed at all
in older versions of the module.
Cheers,
-Matt
IMPORTANT: This email remains the property of the Department of Defence
and is subject to the jurisdiction of section 70 of the Crimes Act 1914.
If you have received this email in error, you are requested to contact
the sender and delete the email.
Hey Guys,
I think there is a problem with Net::LDAP using start_tls with later
versions of IO::Socket::SSL. I've just tryed to get perl-ldap-0.43
working with IO-Socket-SSL-1.49, but I kept getting
"LDAP_OPERATIONS_ERROR" errors, which didn't have any detail. By tracing
through the code, at about line 1043:
if ($sock_class ne ref($sock)) {
$err = $sock->errstr;
bless $sock, $sock_class;
}
print "ERR: $err\n";
_error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $err);
The actual value of $err was "Cannot determine peer hostname for
verificationerror:00000000:lib(0):func(0):reason(0)", which didn't seem
to be reported back when I did a:
$result = $ldap->start_tls(%ssl);
if ($result->is_error()){
print $result->error_name().":
".$result->error_desc()."\n".$result->error_text()."\n";
}
(It just said operations error, which was hard to determine the cause).
So it seems that IO::Socket::SSL 1.49 does some extra checking of peers
at IO-Socket-SSL-1.49 IO/Socket/SSL.pm line 284. I think it is expecting
'PeerHost' or 'PeerAddr' to be passed (or scheme to be 'none' or a
coderef), which Net::LDAP isn't doing in _SSL_context_init_args?
Anyway, long story short, by backgrading IO::Socket::SSL to v1.06, the
issue seems to go away, as these sort of checks are not performed at all
in older versions of the module.
Cheers,
-Matt
IMPORTANT: This email remains the property of the Department of Defence
and is subject to the jurisdiction of section 70 of the Crimes Act 1914.
If you have received this email in error, you are requested to contact
the sender and delete the email.
Peter Marschall
Nov 4, 2011, 8:32:09 AM11/4/11
to perl...@perl.org, Hart, Matthew MR 2
Hi Matt,
please have a look at the patches in
* https://github.com/gbarr/perl-ldap/pull/3
* https://github.com/gbarr/perl-ldap/pull/4
on Graham's perl-ldap git repository.
In addition to fixing the issue they should add a few other minor glitches as
well as adding some new Controls.
The former one is already included in the next branch of the perl-ldap repo.
For ther latter I'm still hoping that Graham will do the same, and after that
realease a new version.
It would be cool you reported feedback on the mailing list
Peter
--
Peter Marschall
pe...@adpm.de
please have a look at the patches in
* https://github.com/gbarr/perl-ldap/pull/3
* https://github.com/gbarr/perl-ldap/pull/4
on Graham's perl-ldap git repository.
In addition to fixing the issue they should add a few other minor glitches as
well as adding some new Controls.
The former one is already included in the next branch of the perl-ldap repo.
For ther latter I'm still hoping that Graham will do the same, and after that
realease a new version.
It would be cool you reported feedback on the mailing list
Peter
Peter Marschall
pe...@adpm.de
Hart, Matthew MR 2
Nov 6, 2011, 5:49:47 PM11/6/11
to Peter Marschall, perl...@perl.org
UNCLASSIFIED
Sweet, thanks Peter.
I can't really pull from git at my workplace, so I'll wait for the next
release on CPAN :)
Thanks for all the work guys, it's a great module.
Cheers,
-Matt
Sweet, thanks Peter.
I can't really pull from git at my workplace, so I'll wait for the next
release on CPAN :)
Thanks for all the work guys, it's a great module.
Cheers,
-Matt
Quanah Gibson-Mount
Jan 23, 2012, 6:18:54 PM1/23/12
to perl...@perl.org
--On Monday, November 07, 2011 9:49 AM +1100 "Hart, Matthew MR 2"
<Matthe...@defence.gov.au> wrote:
> UNCLASSIFIED
>
> Sweet, thanks Peter.
>
> I can't really pull from git at my workplace, so I'll wait for the next
> release on CPAN :)
>
> Thanks for all the work guys, it's a great module.
Is this the same as <https://rt.cpan.org/Public/Bug/Display.html?id=70795>?
> UNCLASSIFIED
>
> Sweet, thanks Peter.
>
> I can't really pull from git at my workplace, so I'll wait for the next
> release on CPAN :)
>
> Thanks for all the work guys, it's a great module.
Will there be a new release of perl-ldap soon? It seems the current
release has some major issues when used with other updated modules, and it
is causing a bit of pain.
Thanks,
Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
0 new messages