ldap.rb in socialcast-net-ldap-0.1.8

- old
+ new

@@ -244,11 +244,11 @@
 # operation (typically binding first) and then disconnect from the server.
 # The exception is Net::LDAP#open, which makes a connection to the server
 # and then keeps it open while it executes a user-supplied block.
 # Net::LDAP#open closes the connection on completion of the block.
 class Net::LDAP
-  VERSION = "0.1.7"
+  VERSION = "0.1.8"
 
   class LdapError < StandardError; end
 
   SearchScope_BaseObject = 0
   SearchScope_SingleLevel = 1
@@ -1122,13 +1122,14 @@
     def getbyte
       getc.ord
     end
   end
 
-  def self.wrap_with_ssl(io)
+  def self.wrap_with_ssl(io, options = {})
     raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
     ctx = OpenSSL::SSL::SSLContext.new
+    ctx.ssl_version = options[:ssl_version] if options.has_key?(:ssl_version)
     conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
     conn.connect
     conn.sync_close = true
 
     conn.extend(GetbyteForSSLSocket) unless conn.respond_to?(:getbyte)
@@ -1163,11 +1164,11 @@
   # generously contributing the :start_tls path.
   #++
   def setup_encryption(args)
     case args[:method]
     when :simple_tls
-      @conn = self.class.wrap_with_ssl(@conn)
+      @conn = self.class.wrap_with_ssl(@conn, args)
       # additional branches requiring server validation and peer certs, etc.
       # go here.
     when :start_tls
       msgid = next_msgid.to_ber
       request = [Net::LDAP::StartTlsOid.to_ber].to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)
@@ -1176,11 +1177,11 @@
       be = @conn.read_ber(Net::LDAP::AsnSyntax)
       raise Net::LDAP::LdapError, "no start_tls result" if be.nil?
       pdu = Net::LDAP::PDU.new(be)
       raise Net::LDAP::LdapError, "no start_tls result" if pdu.nil?
       if pdu.result_code.zero?
-        @conn = self.class.wrap_with_ssl(@conn)
+        @conn = self.class.wrap_with_ssl(@conn, args)
       else
         raise Net::LDAP::LdapError, "start_tls failed: #{pdu.result_code}"
       end
     else
       raise Net::LDAP::LdapError, "unsupported encryption method #{args[:method]}"
@@ -1326,11 +1327,11 @@
   # can block forever. That's because we keep reading results until we get a
   # type-5 packet, which might never come. We need to support the time-limit
   # in the protocol.
   #++
   def search(args = {})
-    search_filter = (args && args[:filter]) || 
+    search_filter = (args && args[:filter]) ||
       Net::LDAP::Filter.eq("objectclass", "*")
     search_filter = Net::LDAP::Filter.construct(search_filter) if search_filter.is_a?(String)
     search_base = (args && args[:base]) || "dc=example, dc=com"
     search_attributes = ((args && args[:attributes]) || []).map { |attr| attr.to_s.to_ber}
     return_referrals = args && args[:return_referrals] == true
@@ -1516,10 +1517,10 @@
     delete_attrs = args[:delete_attributes] ? true : false
 		new_superior = args[:new_superior]
 
 		request = [old_dn.to_ber, new_rdn.to_ber, delete_attrs.to_ber]
 		request << new_superior.to_ber unless new_superior == nil
-  	
+
     pkt = [next_msgid.to_ber, request.to_ber_appsequence(12)].to_ber_sequence
     @conn.write pkt
 
     (be = @conn.read_ber(AsnSyntax)) && (pdu = LdapPdu.new( be )) && (pdu.app_tag == 13) or raise LdapError.new( "response missing or invalid" )
     pdu.result_code