Ramkumar Ramachandra <artagnon@xxxxxxxxx> writes:
> Thomas Rast wrote:
>> When --smtp-encryption=ssl, we use a Net::SMTP::SSL connection,
>> passing its ->new all the options that would otherwise go to
>> Net::SMTP->new (most options) and IO::Socket::SSL->start_SSL (for the
>> SSL options).
>>
>> However, while Net::SMTP::SSL replaces the underlying socket class
>> with an SSL socket, it does nothing to allow passing options to that
>> socket. So the SSL-relevant options are lost.
>
> Both [1/3] and [2/3] look good. However, I'm curious about this one:
> Net::SMTP::SSL inherits from IO::Socket::SSL, where new() is defined.
> In the documentation for IO::Socket::SSL,
>
> $ perldoc IO::Socket::SSL
>
> I can see examples where SSL_verify_mode and SSL_ca_path are passed to
> new(). So, I'm not sure what this patch is about.
Net::SMTP::SSL is merely steals all the code from Net::SMTP into a class
that has IO::Socket::SSL as its first inheritance line.
This works because Net::SMTP (no SSL) inherits from IO::Socket::INET
instead, and uses SUPER:: methods to access the latter's features. So
by effectively replacing IO::Socket::INET with IO::Socket::SSL,
Net::SMTP::SSL can apply all of Net::SMTP's code on an SSL socket.
However!
That SUPER:: access does not pass anything SSLey. In particular,
Net::SMTP::SSL->new (which is just the same as Net::SMTP->new) runs this
to initialize its socket:
$obj = $type->SUPER::new(
PeerAddr => ($host = $h),
PeerPort => $arg{Port} || 'smtp(25)',
LocalAddr => $arg{LocalAddr},
LocalPort => $arg{LocalPort},
Proto => 'tcp',
Timeout => defined $arg{Timeout}
? $arg{Timeout}
: 120
)
Note the conspicuous absence of any kind of SSL arguments, or any kind
of args-I-don't-know-myself passthrough.
If you _do_ specify SSL arguments (i.e. key-value style arguments that
would normally be accepted by IO::Socket::SSL->new) to
Net::SMTP::SSL->new, they will simply be ignored, because of how the
key-value argument passing treats the argument list as a hash.
Does that clarify it?
This is all assuming I got the details vaguely correct, and the source
snippets are from my perl v5.18.1 installed by opensuse 13.1.
It turns out the server I was trying to talk to on Sunday had an expired
certificate, and despite the code from 35035bb, my efforts to set
SSL_VERIFY_NONE were futile. Until I noticed the set_client_defaults()
trick. So I'm pretty convinced the patch does *something* right.
--
Thomas Rast
tr@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html