Hi Monks,
Below is Perl code that uses Net::LDAPS for the LDAPS SSL connection which seems to be working for Perl 5.34 version and not with 5.24 and 5.26 Perl versions.
use warnings;
use strict;
use Net::LDAPS;
use IO::Socket::SSL qw(debug3);
use Data::Dumper;
my ($hostname, $port, $localaddr, $clientcert, $clientkey, $verify, $c
+afile);
$hostname = $ARGV[0];
$port = $ARGV[1];
$localaddr = $ARGV[2];
$clientcert = $ARGV[3];
$clientkey = $ARGV[4];
$verify = $ARGV[5],
$cafile = $ARGV[6];
&get_ldaps_connection_object;
##print "\nLDAPS ::: $ldaps\n";
##print Dumper($ldaps);
sub get_ldaps_connection_object
{
my $ldaps = Net::LDAPS->new("$hostname",
port => "636",
timeout => 120,
scheme => 'ldaps',
+
localaddr => '',
clientcert => '',
clientkey => '',
verify => "require",
cafile => "$cafile") or die "$@";
return $ldaps;
}
Below is the output of the above Perl program from Perl version 5.26 (same for 5.24) and 5.34.
## perl ldaps_connection.pl with Perl version 5.26.
DEBUG: .../IO/Socket/SSL.pm:2807: new ctx 60600432
DEBUG: .../IO/Socket/SSL.pm:659: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:661: socket connected
DEBUG: .../IO/Socket/SSL.pm:684: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:717: using SNI with hostname server name
DEBUG: .../IO/Socket/SSL.pm:752: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:773: set socket to non-blocking to enforce
+ timeout=120
DEBUG: .../IO/Socket/SSL.pm:786: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:789: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:799: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:809: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:829: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:786: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2661: ok=0 [0] SERVER NAME
DEBUG: .../IO/Socket/SSL.pm:789: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:792: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:792: local error: SSL connect attempt fail
+ed error:1416F086:SSL routines:tls_process_server_certificate:certifi
+cate verify failed
DEBUG: .../IO/Socket/SSL.pm:795: fatal SSL error: SSL connect attempt
+failed error:1416F086:SSL routines:tls_process_server_certificate:cer
+tificate verify failed
DEBUG: .../lib/IO/Socket.pm:49: ignoring less severe local error 'IO::
+Socket::IP configuration failed', keep 'SSL connect attempt failed er
+ror:1416F086:SSL routines:tls_process_server_certificate:certificate
+verify failed'
DEBUG: .../IO/Socket/SSL.pm:2829: free ctx 60600432 open=60600432
DEBUG: .../IO/Socket/SSL.pm:2833: free ctx 60600432 callback
DEBUG: .../IO/Socket/SSL.pm:2840: OK free ctx 60600432
Bad file descriptor at ldaps_connection.pl line 8, <DATA> line 960.
## Perl ldaps_connection.pl with Perl version 5.34
DEBUG: .../IO/Socket/SSL.pm:763: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:1178: global error: Undefined SSL object
DEBUG: .../IO/Socket/SSL.pm:1178: global error: Undefined SSL object
DEBUG: .../IO/Socket/SSL.pm:765: socket connected
DEBUG: .../IO/Socket/SSL.pm:788: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:830: using SNI with hostname SERVER NAME
DEBUG: .../IO/Socket/SSL.pm:865: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:881: set socket to non-blocking to enforce
+ timeout=120
DEBUG: .../IO/Socket/SSL.pm:895: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:898: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:908: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:918: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:938: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:895: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2866: ok=1 [0] SERVER NAME
DEBUG: .../IO/Socket/SSL.pm:1841: scheme=ldap cert=51849968
DEBUG: .../IO/Socket/SSL.pm:1851: identity=SERVER NAME
DEBUG: .../IO/Socket/SSL.pm:2913: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:898: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:908: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:918: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:938: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:895: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:898: done Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:953: ssl handshake done
LDAP ::: Net::LDAPS=HASH(0x6c4740)
LDAPS ::: Net::LDAPS=HASH(0x34119a8)
DEBUG: .../IO/Socket/SSL.pm:3066: free ctx 45839744 open=45839744
DEBUG: .../IO/Socket/SSL.pm:3070: free ctx 45839744 callback
DEBUG: .../IO/Socket/SSL.pm:3077: OK free ctx 45839744
My question is how to find which modules or what has been changed in Perl version 5.34 works for LDAPS SSL connection.
can I make it work for Perl version 5.24 itself and what needs to be done for the same?
Can help regarding this would be appreciated.
Thank you.