[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Q: LDAP - perl script using Net::LDAP and start_tls gives an error

If I made a change in "start_tls" command for option "verify => none" to one of 'optional' or 'required' then I get next error message

root@install:~/prog# ./ldap_sec.pl
SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at ./ldap_sec.pl line 25, <DATA> line 751.

It seems to me that the "verify"-option tells Net::LDAP whether it should verify that the certificate the server you are connecting to is using has been signed by a known certificate authority (listed in /etc/ssl/certs).

start_tls will fail if the server does not provide any certificate, or if the certificate is not signed by a CA (ref http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod ).


Reply to: