Re: Q: LDAP - perl script using Net::LDAP and start_tls gives an error

To: debian-user@lists.debian.org
Subject: Re: Q: LDAP - perl script using Net::LDAP and start_tls gives an error
From: Atle Solbakken <atle@goliathdns.no>
Date: Sun, 13 Apr 2014 21:43:14 +0200
Message-id: <[🔎] 534AE8D2.1060001@goliathdns.no>
In-reply-to: <[🔎] 534ACD33.7000403@gmail.com>
References: <[🔎] 534ACD33.7000403@gmail.com>

If I made a change in "start_tls" command for option "verify => none"to one of 'optional' or 'required' then I get next error message
root@install:~/prog# ./ldap_sec.pl
SSL connect attempt failed with unknown error error:14090086:SSLroutines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at./ldap_sec.pl line 25, <DATA> line 751.
root@install:~/prog#

It seems to me that the "verify"-option tells Net::LDAP whether itshould verify that the certificate the server you are connecting to isusing has been signed by a known certificate authority (listed in/etc/ssl/certs).

start_tls will fail if the server does not provide any certificate, orif the certificate is not signed by a CA (refhttp://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod ).


Atle.

Reply to:

Follow-Ups:
- Re: Q: LDAP - perl script using Net::LDAP and start_tls gives an error
  - From: Snow Leopard <snow.leopard.deb@gmail.com>

References:
- Q: LDAP - perl script using Net::LDAP and start_tls gives an error
  - From: Snow Leopard <snow.leopard.deb@gmail.com>

Prev by Date: Re: Skype - no microphone input sound...
Next by Date: Q: Squeeze - debmirror 1:2.4.5 / Bug #673444 : not fetch Translation files
Previous by thread: Q: LDAP - perl script using Net::LDAP and start_tls gives an error
Next by thread: Re: Q: LDAP - perl script using Net::LDAP and start_tls gives an error
Index(es):
- Date
- Thread