Subject: | Net::LDAPS does not verify peer certificate by default |
This simple ldaps client does not verify server certificate:
#!/usr/bin/perl
use Net::LDAPS;
my $conn = Net::LDAPS->new('localhost',
version => 3,
port => 2000,
raw => qr/^$/
) || die "$@\n";
$conn->disconnect();
I can see Net::LDAP does document a default value of the "verify" option. It seems to be 0 (none). Would it be possible to change the default to 3 (required) and document it? I believe it is a nowadays assumed behavior that TLS-secured clinets verify peer's certificate by default.