On Fri, Jul 5, 2013 at 8:05 AM, Ramkumar Ramachandra <artag...@gmail.com> wrote: > Use the ca-certificates in /etc/ssl/certs by default (that's where most > distributions put it). SSL_VERIFY_NONE is now the fallback mode. > > Signed-off-by: Ramkumar Ramachandra <artag...@gmail.com> > --- > diff --git a/git-send-email.perl b/git-send-email.perl > index 758100d..026bcbc 100755 > --- a/git-send-email.perl > +++ b/git-send-email.perl > @@ -1193,13 +1197,23 @@ X-Mailer: git-send-email $gitversion > Debug => $debug_net_smtp); > if ($smtp_encryption eq 'tls' && $smtp) { > require Net::SMTP::SSL; > - use IO::Socket::SSL qw(SSL_VERIFY_NONE); > + use IO::Socket::SSL qw(SSL_VERIFY_PEER > SSL_VERIFY_NONE); > $smtp->command('STARTTLS'); > $smtp->response(); > if ($smtp->code == 220) { > - $smtp = > Net::SMTP::SSL->start_SSL($smtp, > - > SSL_verify_mode => SSL_VERIFY_NONE) > - or die "STARTTLS failed! > ".$smtp->message; > + # Attempt to use a ca-certificate by > default > + $smtp_ssl_cert_path |= > "/etc/ssl/certs";
You're going to want to use logical ||= here. Bitwise |= on a string does not do what you expect[1]: my $s = '/usr/local/etc/ssl/certs'; $s |= '/etc/ssl/certs'; print $s, "\n"; Outputs: /uws/oooowts/ssl/certs [1]: http://perldoc.perl.org/perlop.html#Bitwise-String-Operators > + if (-d $smtp_ssl_cert_path) { > + $smtp = > Net::SMTP::SSL->start_SSL($smtp, > + > SSL_verify_mode => SSL_VERIFY_PEER, > + > SSL_ca_path => $smtp_ssl_cert_path) > + or die "STARTTLS > failed! ".$smtp->message; > + } else { > + print STDERR "warning: Using > SSL_VERIFY_NONE. See sendemail.smtpsslcertpath.\n"; > + $smtp = > Net::SMTP::SSL->start_SSL($smtp, > + > SSL_verify_mode => SSL_VERIFY_NONE) > + or die "STARTTLS > failed! ".$smtp->message; > + } > $smtp_encryption = ''; > # Send EHLO again to receive fresh > # supported commands -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html