Home > Archive > LDAP > January 2006 > Net::LDAPS & CRL's
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Net::LDAPS & CRL's
|
|
| Eric Nichols 2006-01-09, 11:48 pm |
| I think I am taking LDAPS where no one has gone before. I need to perform CRL
(Certificate Revocation List) tests on a Net::LDAPS connection.
I found the necessary option in IO::Socket:SSL: SSL_check_crl
However Net::LDAPS does not seem to support it. I poked around Net::LDAP.pm
and found a place to put it so it will pass on the value to IO::Socket::SSL.
At line 201 I added:
SSL_check_crl=$arg->{'checkcrl'} ? 1 : 0,
So I followed the docs in Net::SSLeay on where to place the CRL so the test
environment looks good. So when I run it, perl crashes. When the checkcrl
option is turned off no problems... CA testing works etc.
Can anyone offer any insight or a place to start looking?
My Envoronment:
Windows XP
Net::LDAP 0.32
Convert::ASN1 0.18
IO::Socket::SSL 1.26
openssl 0.98a
Net::SSLeay 1.26
Perl v5.8.6 (Active State build 811)
Thanks
Eric
| |
| Peter Marschall 2006-01-09, 11:48 pm |
| Hi Eric,
On Tuesday, 20. December 2005 14:40, Eric Nichols wrote:
> I think I am taking LDAPS where no one has gone before. I need to perform
> CRL (Certificate Revocation List) tests on a Net::LDAPS connection.
>
> I found the necessary option in IO::Socket:SSL: SSL_check_crl
>
> However Net::LDAPS does not seem to support it. I poked around
> Net::LDAP.pm and found a place to put it so it will pass on the value to
> IO::Socket::SSL.
>
> At line 201 I added:
> SSL_check_crl=$arg->{'checkcrl'} ? 1 : 0,
>
> So I followed the docs in Net::SSLeay on where to place the CRL so the test
> environment looks good. So when I run it, perl crashes. When the checkcrl
> option is turned off no problems... CA testing works etc.
>
> Can anyone offer any insight or a place to start looking?
I am just guessing (I dunno whether this works or not ;-):
Did you set capath ?
Acording to the man page it is necessary.
What were your options to the constructor of Net::LDAP ?
What does the directory pointed to by capath look like ?
> My Envoronment:
> openssl 0.98a
version 0.98 is modern enough (says man page)
CU
Peter
--
Peter Marschall
eMail: peter@adpm.de
|
|
|
|
|