On Fri, Jul 05, 2013 at 05:35:47PM +0530, Ramkumar Ramachandra wrote: > @@ -1193,13 +1197,23 @@ X-Mailer: git-send-email $gitversion > Debug => $debug_net_smtp); > if ($smtp_encryption eq 'tls' && $smtp) { > require Net::SMTP::SSL; > - use IO::Socket::SSL qw(SSL_VERIFY_NONE); > + use IO::Socket::SSL qw(SSL_VERIFY_PEER SSL_VERIFY_NONE); > $smtp->command('STARTTLS'); > $smtp->response(); > if ($smtp->code == 220) { > - $smtp = Net::SMTP::SSL->start_SSL($smtp, > - SSL_verify_mode => SSL_VERIFY_NONE) > - or die "STARTTLS failed! ".$smtp->message; > + # Attempt to use a ca-certificate by default > + $smtp_ssl_cert_path |= "/etc/ssl/certs"; > + if (-d $smtp_ssl_cert_path) { > + $smtp = Net::SMTP::SSL->start_SSL($smtp, > + SSL_verify_mode => SSL_VERIFY_PEER, > + SSL_ca_path => $smtp_ssl_cert_path) > + or die "STARTTLS failed! ".$smtp->message; > + } else { > + print STDERR "warning: Using SSL_VERIFY_NONE. See sendemail.smtpsslcertpath.\n"; > + $smtp = Net::SMTP::SSL->start_SSL($smtp, > + SSL_verify_mode => SSL_VERIFY_NONE) > + or die "STARTTLS failed! ".$smtp->message; > + } You've covered the STARTTLS case, but not the SSL one right above it. Someone using smtps on port 465 will still see the warning. You can pass SSL_verify_mode to Net::SMTP::SSL->new just like you pass it to start_SSL. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature