ruby-net-ldap
ruby-net-ldap copied to clipboard
Add support to use SNI
Related to https://github.com/ruby-ldap/ruby-net-ldap/issues/405
I'm thinking if it's better to have an option to use SNI or just always enable it?
The default openssl
binary uses SNI by default.
@HarlemSquirrel sorry for the direct ping, but can you share your insights regarding this? This patched work for my test, but I'm not sure if it's a good idea to just force the use of SNI for every TLS connection.
Thank you for opening this issue and pull request!
This seems reasonable to me but we need to test with a few different LDAP servers and I don't have access to any that aren't public now. I was able to successfully connect to this public LDAP server:
ldap = Net::LDAP.new host: 'directory.cornell.edu', port: 636, encryption: :simple_tls, auth: { method: :anonymous }
entry = ldap.search_root_dse
entry.namingcontexts.last
# => "o=cornell university,c=us"
Looks like we also need some test updates.
I'll fix the broken tests first.
The failing test should be fixed now. I also tested with db.debian.org:636
.
From some of my readings, SNI is an optional TLS extension, so it should be safe to be enabled by default.
Although we might still want to test it to other LDAP server with TLS.
@HarlemSquirrel based on my tests, I think this should be safe to merge. I didn't encountered any issues with OpenLDAP and Windows LDAP.
Thank you!