Fix net-ldap with start-tls.

onceking · onceking · commit dc3de1e137e0 · 2014-07-08T18:27:58.000-04:00
Something along the line of http://stackoverflow.com/questions/18453894/confused-about-ber-basic-encoding-rules From the unpatched gem, the following LDAP "extended request" with (1.3.6.1.4.1.1466.20037 LDAP_START_TLS_OID" is sent: ======== 0000 fa 16 3e 91 ff 71 fa 16 3e 43 45 a0 08 00 45 00 ..>..q..>CE...E. 0010 00 53 e8 52 40 00 40 06 94 ab 01 7d 0c 85 ac 11 .S.R@.@....}.... 0020 03 94 85 87 01 85 41 b9 73 45 3f 17 c3 ba 80 18 ......A.sE?..... 0030 01 c9 bd ec 00 00 01 01 08 0a 70 dc 9b 15 17 6b ..........p....k 0040 1a e8 30 1d 02 01 01 77 18 04 16 31 2e 33 2e 36 ..0....w...1.3.6 0050 2e 31 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 .1.4.1.1466.2003 0060 37 7 ======== but the server would reset the connection and wireshark indicate the '04' byte is invalid. With ApacheDS, the request looks like the following: ======== 0000 fa 16 3e 91 ff 71 fa 16 3e 43 45 a0 08 00 45 00 ..>..q..>CE...E. 0010 00 53 60 a8 40 00 40 06 3c bc 01 7d 0c 85 0a 7a .S`.@.@.<..}...z 0020 84 c5 9d 9f 01 85 ad cb b4 99 bd ae b2 ef 80 18 ................ 0030 01 c9 9d 86 00 00 01 01 08 0a 70 dc d4 40 17 6b ..........p..@.k 0040 64 4c 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 dL0....w...1.3.6 0050 2e 31 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 .1.4.1.1466.2003 0060 37 7 ======== This patch makes the request the same as ApacheDS' and worked fine.
diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb
@@ -1206,7 +1206,7 @@ def setup_encryption(args)
       # go here.
     when :start_tls
       msgid = next_msgid.to_ber
-      request = [Net::LDAP::StartTlsOid.to_ber].to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)
+      request = [Net::LDAP::StartTlsOid.to_ber_contextspecific(0)].to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)
       request_pkt = [msgid, request].to_ber_sequence
       @conn.write request_pkt
       be = @conn.read_ber(Net::LDAP::AsnSyntax)
