Home > Archive > LDAP > June 2007 > IPv6 in trunk working even with SSL [was Re: IPv6]
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IPv6 in trunk working even with SSL [was Re: IPv6]
|
|
| Peter Marschall 2007-05-28, 7:14 pm |
| Hi,
On Tuesday, 22. May 2007 13:42, Graham Barr wrote:
> On May 20, 2007, at 7:46 AM, Peter Marschall wrote:
>
> That is fine for now. IO::Socket::INET6 is suppose to fallback to IPv4
> if it cannot find a v6 address. So in the long term I think we should
> default to using INET6 if the module is available and fallback to ::INET
> But that is only after we are satisfied it works as we expect.
I have played around with my little patch and my environment a bit
and I found the solution to the patch not working with IPv6:
I have secured my machine with Wietse Venema's TCP wrapper.
After adding [::1] to /etc/hosts.allow, connecting to the LDAP
server worked in IPv4 as well as in IPv6. It even worked
with IPv6 and with start_tls() as well as LDAPS (the latter after
a few fixes to the patch)
For the curious: my SW environment is Debian lenny with
Perl 5.8.8, IO::Socket::INET6 2.51 and IO::Socket::SSL 1.02.
With that experience I have committed the updated patch to SVN.
>
> That is encouraging. However, I am not sure I like how IO::Socket::SSL
> switches between v4 and v6. It uses arguments passed to import to change
> @ISA. Which means @ISA can change from INET to INET6 or back at runtime.
I do not like the interface either.
Do you have any idea about changing the interface of IO::Socket::SSL
with regard to inet4/inet6 so that we can contact the maintainer
with something sensible.
BTW. I do not like the inet => 1 option for Net::LDAP->new() very
much. If anybody has an idea of making it better
(e.g. to allow distinction between AF_INET, AF_INET6 and AF_UNSPEC)
Have fun
Peter
--
Peter Marschall
peter@adpm.de
| |
| Graham Barr 2007-05-28, 10:17 pm |
| On May 28, 2007, at 12:33 PM, Peter Marschall wrote:
>
> I do not like the interface either.
> Do you have any idea about changing the interface of IO::Socket::SSL
> with regard to inet4/inet6 so that we can contact the maintainer
> with something sensible.
Well they suffer from the same problem that Net::FTP etc has. That is
that they inherit from the socket.
The best thing would be to have two separate classes. One for ::INET
and one for ::INET6 and have IO::Socket::SSL bless into the correct
one instead of changing what IO::Socket::SSL is. As it is it is
impossible to have 2 connections in the same program where one uses
inet and one uses inet6
I did think about trying to clone things with something like
package Net::LDAP::SSL;
require IO::Socket::SSL;
foreach my $sym (keys %IO::Socket::SSL::) {
if (defined &{"IO::Socket::SSL::$sym"}) {
*{$sym} = \&{"IO::Socket::SSL::$sym"};
}
}
package Net::LDAP::SSL::INET;
@ISA = qw(Net::LDAP::SSL IO::Socket::INET);
package Net::LDAP::SSL::INET6;
@ISA = qw(Net::LDAP::SSL IO::Socket::INET6);
> BTW. I do not like the inet => 1 option for Net::LDAP->new() very
> much. If anybody has an idea of making it better
> (e.g. to allow distinction between AF_INET, AF_INET6 and AF_UNSPEC)
I do not like it either. Using AF_UNSPEC should be safe though. If
this does work I would consider making INET6 and AF_UNSPEC the
default, when INET6 is available. It should still connect to a IPv4
host just fine. But we can have inet4 and inet6 options to force it.
Graham.
| |
|
|
|
|
|