Re: [PATCH v2 1/2] send-email: squelch warning from Net::SMTP::SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Jul 06, 2013 at 04:28:00PM +0200, Torsten Bögershausen wrote:
> On 2013-07-05 14.05, Ramkumar Ramachandra wrote:
> > Due to a recent change in the Net::SMTP::SSL module, send-email emits
> > the following ugly warning everytime a email is sent via SSL:
> > 
> > *******************************************************************
> >  Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
> >  is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
> >  together with SSL_ca_file|SSL_ca_path for verification.
> >  If you really don't want to verify the certificate and keep the
> >  connection open to Man-In-The-Middle attacks please set
> >  SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
> > *******************************************************************
> > 
> > Fix this by explicitly specifying SSL_verify_mode => SSL_VERIFY_NONE in
> > Net::SMTP::SSL->start_SSL().
> > 
> > Helped-by: brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx>
> > Signed-off-by: Ramkumar Ramachandra <artagnon@xxxxxxxxx>
> > ---
> >  git-send-email.perl | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/git-send-email.perl b/git-send-email.perl
> > index ecbf56f..758100d 100755
> > --- a/git-send-email.perl
> > +++ b/git-send-email.perl
> > @@ -1193,10 +1193,12 @@ X-Mailer: git-send-email $gitversion
> >  						 Debug => $debug_net_smtp);
> >  			if ($smtp_encryption eq 'tls' && $smtp) {
> >  				require Net::SMTP::SSL;
> > +				use IO::Socket::SSL qw(SSL_VERIFY_NONE);
> >  				$smtp->command('STARTTLS');
> >  				$smtp->response();
> >  				if ($smtp->code == 220) {
> > -					$smtp = Net::SMTP::SSL->start_SSL($smtp)
> > +					$smtp = Net::SMTP::SSL->start_SSL($smtp,
> > +									  SSL_verify_mode => SSL_VERIFY_NONE)
> >  						or die "STARTTLS failed! ".$smtp->message;
> >  					$smtp_encryption = '';
> >  					# Send EHLO again to receive fresh
> > 
> Hm, this doesn't work on my system, and t9001 fails:
> 
> "SSL_VERIFY_PEER" is not exported by the IO::Socket::SSL module
>  "SSL_VERIFY_NONE" is not exported by the IO::Socket::SSL module
> Can't continue after import errors at /Users/tb/projects/git/git.pu/git-send-email line 1090

What version of IO::Socket::SSL do you have, and what source did you get
it from?

perl -MIO::Socket::SSL -e 'print "$IO::Socket::SSL::VERSION\n";'

This should be available in 1.31 or later.  It might end up that we need
to adjust the use/require statement to require 1.31.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]