Permalink
Browse files

Revert "Verify hostnames in TLS connections"

This reverts commit 4dc845e.
  • Loading branch information...
gbarr committed Sep 23, 2011
1 parent 4dc845e commit 00cd57b884091a31f21b65acb69f2d963bfa3f0f
Showing with 3 additions and 23 deletions.
  1. +2 −14 lib/Net/LDAP.pm
  2. +1 −7 lib/Net/LDAP.pod
  3. +0 −2 lib/Net/LDAPS.pm
View
@@ -184,11 +184,6 @@ sub connect_ldaps {
_SSL_context_init_args($arg)
) or return undef;
- if ($arg->{'check'} &&
- $ldap->{'net_ldap_socket'}->verify_hostname( $host, 'ldap' )) {
- $ldap->disconnect();
- return undef;
- }
$ldap->{net_ldap_host} = $host;
$ldap->{net_ldap_port} = $port;
}
@@ -1039,15 +1034,8 @@ sub start_tls {
IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } );
my $sock_class = ref($sock);
- if (IO::Socket::SSL->start_SSL($sock, {_SSL_context_init_args($arg)})) {
- my $host = $ldap->{'net_ldap_host'};
- if ($arg->{'check'} &&
- $sock->{'net_ldap_socket'}->verify_hostname( $host, 'ldap' )) {
- $ldap->disconnect();
- return undef;
- }
- return $mesg;
- }
+ return $mesg
+ if IO::Socket::SSL->start_SSL($sock, {_SSL_context_init_args($arg)});
my $err = $@ || $IO::Socket::SSL::SSL_ERROR || $IO::Socket::SSL::SSL_ERROR || ''; # avoid use on once warning
View
@@ -169,7 +169,7 @@ If it resolves to an IPv4 address, the connection is tried using IPv4,
the same way as if this option was not given.
Please note that IPv6 support is considered experimental in
-IO::Socket::SSL, which is used for SSL/TLS support, and there are a few
+IO::Socket::SSL, which is used of SSL/TLS support, and there are a few
issues to take care of. See L<IO::Socket::SSL/IPv6> for details.
=back
@@ -755,12 +755,6 @@ The server must provide a certificate, and it must be valid.
If you set verify to optional or require, you must also set either
cafile or capath. The most secure option is B<require>.
-=item check =E<gt> 1 | 0
-
-This controls whether the name in the server's certificate is checked
-against the hostname you tried to connect to. The default is to not
-check. The most secure option is B<1>.
-
=item sslversion =E<gt> 'sslv2' | 'sslv3' | 'sslv2/3' | 'tlsv1'
This defines the version of the SSL/TLS protocol to use. Defaults to
View
@@ -29,15 +29,13 @@ Net::LDAPS - use LDAP over an SSL connection
$ldaps = Net::LDAPS->new('myhost.example.com',
port => '10000',
verify => 'require',
- check => 1,
capath => '/usr/local/cacerts/');
# alternate way
use Net::LDAP;
$ldaps = Net::LDAP->new('ldaps://myhost.example.com:10000',
verify => 'require',
- check => 1,
capath => '/usr/local/cacerts/');
=head1 DESCRIPTION

0 comments on commit 00cd57b

Please sign in to comment.