From dc3de1e137e0c452d6c49d15eafc38693fe8761c Mon Sep 17 00:00:00 2001
From: Sai Ke WANG <swang304@bloomberg.net>
Date: Tue, 8 Jul 2014 14:03:51 -0400
Subject: [PATCH] Fix net-ldap with start-tls.

Something along the line of http://stackoverflow.com/questions/18453894/confused-about-ber-basic-encoding-rules

From the unpatched gem, the following LDAP "extended request"
with (1.3.6.1.4.1.1466.20037 LDAP_START_TLS_OID" is sent:
========
0000   fa 16 3e 91 ff 71 fa 16 3e 43 45 a0 08 00 45 00  ..>..q..>CE...E.
0010   00 53 e8 52 40 00 40 06 94 ab 01 7d 0c 85 ac 11  .S.R@.@....}....
0020   03 94 85 87 01 85 41 b9 73 45 3f 17 c3 ba 80 18  ......A.sE?.....
0030   01 c9 bd ec 00 00 01 01 08 0a 70 dc 9b 15 17 6b  ..........p....k
0040   1a e8 30 1d 02 01 01 77 18 04 16 31 2e 33 2e 36  ..0....w...1.3.6
0050   2e 31 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33  .1.4.1.1466.2003
0060   37                                               7
========
but the server would reset the connection and wireshark indicate the
'04' byte is invalid.

With ApacheDS, the request looks like the following:
========
0000   fa 16 3e 91 ff 71 fa 16 3e 43 45 a0 08 00 45 00  ..>..q..>CE...E.
0010   00 53 60 a8 40 00 40 06 3c bc 01 7d 0c 85 0a 7a  .S`.@.@.<..}...z
0020   84 c5 9d 9f 01 85 ad cb b4 99 bd ae b2 ef 80 18  ................
0030   01 c9 9d 86 00 00 01 01 08 0a 70 dc d4 40 17 6b  ..........p..@.k
0040   64 4c 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36  dL0....w...1.3.6
0050   2e 31 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33  .1.4.1.1466.2003
0060   37                                               7
========

This patch makes the request the same as ApacheDS' and worked fine.
---
 lib/net/ldap.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb
index be21c1ef..76636691 100644
--- a/lib/net/ldap.rb
+++ b/lib/net/ldap.rb
@@ -1206,7 +1206,7 @@ def setup_encryption(args)
       # go here.
     when :start_tls
       msgid = next_msgid.to_ber
-      request = [Net::LDAP::StartTlsOid.to_ber].to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)
+      request = [Net::LDAP::StartTlsOid.to_ber_contextspecific(0)].to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)
       request_pkt = [msgid, request].to_ber_sequence
       @conn.write request_pkt
       be = @conn.read_ber(Net::LDAP::AsnSyntax)