[Date Prev][Date Next]
ITS#1284 (Incoming) - OpenLDAP+TLS not accepting TLS OID from Perl- Ldap
Perl-Ldap has two modules for SSL-like connections: LDAP and LDAPS.
LDAPS expects an SSL-ready server. LDAP expects a non-SSL ready server.
the "start_tls" method of LDAPS transmits the "TLS OID" across the
previously opened non-SSL-enabled session. The server should then do a
"context switch", performing the TLS handshake, and going into TLS mode
if the handshake is succesful.
An attempt to perform LDAP+start_tls "context switch" with an
SSL-ready/waiting server causes a failure on both sides. The proper
solution to this problem is to use only non-SSL-waiting server
connections when trying to use Perl-Ldap's LPDA+start_tls function (ie.,
default LDAP port instead of (default) SSL port).
Please close out/cancel ITS#1284. Thank you.