[Catalyst] C:P:A:Store::LDAP start_tls problems

Scott Karns scottkinsf at yahoo.com
Mon Mar 27 06:03:17 CEST 2006 

Has anyone successfully used C:P:A:Store::LDAP with a
cafile, clientcert, and clientkey specified and
running on apache2/mod_perl? I get the following error
when I attempt to authenticate with these ldap tls
options set:

TLS Error: Operations error at
/usr/lib/perl5/vendor_perl/5.8.7/Catalyst/Plugin/Authentication.pm
line 126

Even with the verify option set to none, if these
start_tls_options are specified in the
authentication->ldap section of my config, I get "TLS
Error: Operations error...".

Relevant section of my config.yml:

authentication:
#
# Config for Authentication::Store::LDAP
#
  ldap:
    ldap_server: ldap.myserver.tld
    ldap_server_options:
      timeout:   30
    binddn:      anonymous
    bindpw:      ''
    start_tls:   1
    start_tls_options:
      verify:    none
      cafile:    /etc/ssl/My-cachain.pem
      clientcert: /etc/ssl/ldap/myserver-cert.pem
      clientkey: /etc/ssl/ldap/myserver-key.pem

Ultimately I'm trying to track the source of these
errors:

Deep recursion on subroutine
"IO::Socket::SSL::SSL_HANDLE::FILENO" at
        /usr/lib/perl5/5.8.7/i386-linux/IO/Handle.pm
line 383, <DATA> line 283 (#1)
    (W recursion) This subroutine has called itself
(directly or indirectly)
    100 times more than it has returned.  This
probably indicates an
    infinite recursion, unless you're writing strange
benchmark programs, in
    which case it indicates something else.

Deep recursion on subroutine "IO::Socket::SSL::fileno"
at
       
/usr/lib/perl5/vendor_perl/5.8.7/IO/Socket/SSL.pm line
550, <DATA> line 283 (#1)
Deep recursion on subroutine "IO::Handle::fileno" at
       
/usr/lib/perl5/vendor_perl/5.8.7/IO/Socket/SSL.pm line
334, <DATA> line 283 (#1)

I've isolated occurances of the above errors to having
start_tls set to 1 in config->{authentication}->{ldap}
The error does not occur with every auth attempt, only
occasionally.

With everything else untouched and start_tls set to 0,
I cannot reproduce the deep recursion error.


Thanks in advance for any help or insights you might
provide,
-Scott

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Catalyst mailing list