From 0ac7381257514c92aca293f59f9ec37ca99001bb Mon Sep 17 00:00:00 2001
From: SaschaJohn <Tika1@gmx.de>
Date: Wed, 23 Jul 2014 08:18:02 +0200
Subject: [PATCH] Add CAStore for selfsigned certificates, force version to
 SSLv3

Redmine fails connecting to ldaps:// with our certain ldap server:
SSL3_GET_RECORD:decryption failed or bad record mac

CAStore and SSLv3 have to be setup for connection.
Verified by
openssl s_client -connect ldapserver.example.com:636 -CAfile /etc/openldap/certs/ca.cer -no_tls1_1
these commandline option were added to ldap.rb
---
 lib/net/ldap.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb
index be21c1ef..34c67ea1 100644
--- a/lib/net/ldap.rb
+++ b/lib/net/ldap.rb
@@ -1162,7 +1162,11 @@ def getbyte
 
   def self.wrap_with_ssl(io)
     raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
+    store = OpenSSL::X509::Store.new
+    store.add_file('/etc/openldap/certs/tkca.cer')
     ctx = OpenSSL::SSL::SSLContext.new
+    ctx.cert_store = store
+    ctx.ssl_version = :SSLv3
     conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
     conn.connect
     conn.sync_close = true