Bug #77180 for perl-ldap: invalid SSL_version default in LDAP.pm (fix included)

Sun May 13 10:55:02 2012 Steffen_Ullrich [...] genua.de - Ticket created

Subject:

invalid SSL_version default in LDAP.pm (fix included)

Hi, in LDAP.pm you set a default for SSL_version to 'sslv2/3'. This value is wrong and worked in the past only because it silently fall back to 'SSLv23' for invalid SSL_version values. With newer version the syntax for SSL_version was extended, so that it know looks harder at the value and coraks if it is invalid. Please adjust your default to 'SSLv23' (case insensitive) or better yet leave it undef so that it will use the new default of 'SSLv23:!SSLv2' which disables SSLv2 support. Regards, Steffen

Sun May 13 11:17:43 2012 Steffen_Ullrich [...] genua.de - Correspondence added

Subject:	Re: [rt.cpan.org #77180] AutoReply: invalid SSL_version default in LDAP.pm (fix included)
Date:	Sun, 13 May 2012 17:17:30 +0200
To:	Bugs in perl-ldap via RT <bug-perl-ldap [...] rt.cpan.org>
From:	Steffen Ullrich <Steffen_Ullrich [...] genua.de>

Hi, from looking at the older documentation it seems, that sslv2/3 was a valid value. So 1.74 restores that behavior and handles SSLv2/3 like SSLv23. Nevertheless - it would be better if you don't set a default at all and thus use the default SSLv23:!SSLv2 from IO::Socket::SSL to have SSLv2 disabled for security reasons. Regards, Steffen

Thu May 17 12:24:17 2012 MARSCHAP [...] cpan.org - Correspondence added

Hi,

Thu May 17 12:24:18 2012 The RT System itself - Status changed from 'new' to 'open'

Thu May 17 12:25:33 2012 MARSCHAP [...] cpan.org - Severity Important changed to Wishlist

Thu May 17 12:28:49 2012 MARSCHAP [...] cpan.org - Status changed from 'open' to 'patched'

Wed Sep 05 16:31:24 2012 MARSCHAP [...] cpan.org - Correspondence added

fixed in version 0.45

Wed Sep 05 16:31:26 2012 The RT System itself - Status changed from 'patched' to 'open'

Wed Sep 05 16:31:27 2012 MARSCHAP [...] cpan.org - Status changed from 'open' to 'resolved'