Hi Adam
On Tue, Sep 06, 2011 at 09:56:44PM +0100, Adam D. Barratt wrote:
> Apologies for the delay in getting back to you on this.
dito.
> On Wed, 2011-08-17 at 16:46 +0200, Salvatore Bonaccorso wrote:
> > In the case one would like to use shelldap with --tls and
> > libio-socket-ssl-perl is not installed, shelldap will fail. With
> > upstream there was a fix, to make the error message a bit clearer.
>
> ++ eval 'use IO::Socket::SSL';
> ++ die qq{IO::Socket::SSL not installed, but is required for SSL or TLS connections.
> ++You may try connecting insecurely, or install the module and try again.\n} if $@;
>
> fwiw, I'd have s/use/require/ in the eval; well, actually, I'd have made
> it "eval { use IO::Socket::SSL; };".
>
> (Dropping it down to require avoids a secondary "BEGIN failed" error,
> and using the eval block makes the exception message reference "foo.pl
> line X", rather than "(eval 1) line Y".)
I agree, changing it to
eval { require IO::Socket::SSL; };
die qq{...} if $@;
is probably more clean. I can change this in the proposed debdiff and
also suggest it to upstream. Using
eval { require IO::Socket::SSL'; };
is probably more efficent as
eval 'use IO::Socket::SSL';
(see perldoc -f eval).
> > Is it possible that I can upload an updated package with 1) upstreams
> > fix on the error message, and 2) furthermore add of Recommends on
> > libio-socket-ssl-perl?
>
> Hmmm. We generally don't change dependencies in stable updates; I'm
> debating the extent to which recommends should be treated in the same
> way. I have to admit I'm also not entirely convinced about adding
> dependencies to work around (perceived or otherwise) issues in other
> parts of the chain, which appears to be the case here somewhat (as the
> TLS support is actually required by Net::LDAP, which itself doesn't
> check for the module's presence).
Net::LDAP has a suggests only to libio-socket-ssl-perl, to have the
ldaps feature activated. You are right here too, the checking in
principle should happen in Net::LDAP itself.
I would like to have it more easely for users of shelldap, and I had
already two bugreports about it. So if at least if the error message
could be clearer it would be an improvement.
Adam, would it be better to apply only the patch to get a better error
message, and not adding the Recommends to it?
> One important question is whether the use of TLS in conjunction with
> shelldap occurs in "all but unusual installations".
I personally mostly use shelldap to search within an ldap wich does
not require tls connection. But ldap server requiring a secure
connections in usual installations.
Regards
Salvatore
Attachment:
signature.asc
Description: Digital signature