On Fri, Jul 5, 2013 at 8:05 AM, Ramkumar Ramachandra <artagnon@xxxxxxxxx> wrote:
> Use the ca-certificates in /etc/ssl/certs by default (that's where most
> distributions put it). SSL_VERIFY_NONE is now the fallback mode.
>
> Signed-off-by: Ramkumar Ramachandra <artagnon@xxxxxxxxx>
> ---
> diff --git a/git-send-email.perl b/git-send-email.perl
> index 758100d..026bcbc 100755
> --- a/git-send-email.perl
> +++ b/git-send-email.perl
> @@ -1193,13 +1197,23 @@ X-Mailer: git-send-email $gitversion
> Debug => $debug_net_smtp);
> if ($smtp_encryption eq 'tls' && $smtp) {
> require Net::SMTP::SSL;
> - use IO::Socket::SSL qw(SSL_VERIFY_NONE);
> + use IO::Socket::SSL qw(SSL_VERIFY_PEER SSL_VERIFY_NONE);
> $smtp->command('STARTTLS');
> $smtp->response();
> if ($smtp->code == 220) {
> - $smtp = Net::SMTP::SSL->start_SSL($smtp,
> - SSL_verify_mode => SSL_VERIFY_NONE)
> - or die "STARTTLS failed! ".$smtp->message;
> + # Attempt to use a ca-certificate by default
> + $smtp_ssl_cert_path |= "/etc/ssl/certs";
You're going to want to use logical ||= here. Bitwise |= on a string
does not do what you expect[1]:
my $s = '/usr/local/etc/ssl/certs';
$s |= '/etc/ssl/certs';
print $s, "\n";
Outputs: /uws/oooowts/ssl/certs
[1]: http://perldoc.perl.org/perlop.html#Bitwise-String-Operators
> + if (-d $smtp_ssl_cert_path) {
> + $smtp = Net::SMTP::SSL->start_SSL($smtp,
> + SSL_verify_mode => SSL_VERIFY_PEER,
> + SSL_ca_path => $smtp_ssl_cert_path)
> + or die "STARTTLS failed! ".$smtp->message;
> + } else {
> + print STDERR "warning: Using SSL_VERIFY_NONE. See sendemail.smtpsslcertpath.\n";
> + $smtp = Net::SMTP::SSL->start_SSL($smtp,
> + SSL_verify_mode => SSL_VERIFY_NONE)
> + or die "STARTTLS failed! ".$smtp->message;
> + }
> $smtp_encryption = '';
> # Send EHLO again to receive fresh
> # supported commands
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html