[Date Prev][Date Next] [Chronological] [Thread] [Top]

ITS#1284 (Incoming) - OpenLDAP+TLS not accepting TLS OID from Perl- Ldap

To: openldap-its@OpenLDAP.org
Subject: ITS#1284 (Incoming) - OpenLDAP+TLS not accepting TLS OID from Perl- Ldap
From: jimd@dutton3.it.siu.edu
Date: Mon, 6 Aug 2001 23:00:08 GMT

Perl-Ldap has two modules for SSL-like connections: LDAP and LDAPS.
LDAPS expects an SSL-ready server. LDAP expects a non-SSL ready server.
the "start_tls" method of LDAPS transmits the "TLS OID" across the
previously opened non-SSL-enabled session. The server should then do a
"context switch", performing the TLS handshake, and going into TLS mode
if the handshake is succesful.

An attempt to perform LDAP+start_tls "context switch" with an
SSL-ready/waiting server causes a failure on both sides. The proper
solution to this problem is to use only non-SSL-waiting server
connections when trying to use Perl-Ldap's LPDA+start_tls function (ie.,
default LDAP port instead of (default) SSL port).

Please close out/cancel ITS#1284. Thank you.

Prev by Date: Re: slapd dies on invalid oc modify on Solaris 8 (ITS#1275)
Next by Date: dn.regex expansion in ACL by clause (ITS#1285)
Index(es):
- Chronological
- Thread