Please sign in to comment.
un-break certificate verification
Commit 041d540 "Specify that we want to use the 'ldap' scheme to verify certificates" unconditionally set IO:Socket::SSL's SSL_verify_cn_scheme 'ldap'. In principle this is a good thing: it allows to verify whether the name of the host we connect to matches the host name in the certificate presented. But doing it unconditionally led to some trouble: * it broke $ldap->start_tls() completely. see SSL_verifycn_name in IO::Socket::SSL(3) for why * in the case of sslverify = 'none' it created a warning on every connect. This commit fixes both issues.
- Loading branch information...