On Fri, Jul 05, 2013 at 05:35:47PM +0530, Ramkumar Ramachandra wrote:
> @@ -1193,13 +1197,23 @@ X-Mailer: git-send-email $gitversion
> Debug => $debug_net_smtp);
> if ($smtp_encryption eq 'tls' && $smtp) {
> require Net::SMTP::SSL;
> - use IO::Socket::SSL qw(SSL_VERIFY_NONE);
> + use IO::Socket::SSL qw(SSL_VERIFY_PEER
> SSL_VERIFY_NONE);
> $smtp->command('STARTTLS');
> $smtp->response();
> if ($smtp->code == 220) {
> - $smtp = Net::SMTP::SSL->start_SSL($smtp,
> -
> SSL_verify_mode => SSL_VERIFY_NONE)
> - or die "STARTTLS failed!
> ".$smtp->message;
> + # Attempt to use a ca-certificate by
> default
> + $smtp_ssl_cert_path |= "/etc/ssl/certs";
> + if (-d $smtp_ssl_cert_path) {
> + $smtp =
> Net::SMTP::SSL->start_SSL($smtp,
> +
> SSL_verify_mode => SSL_VERIFY_PEER,
> +
> SSL_ca_path => $smtp_ssl_cert_path)
> + or die "STARTTLS
> failed! ".$smtp->message;
> + } else {
> + print STDERR "warning: Using
> SSL_VERIFY_NONE. See sendemail.smtpsslcertpath.\n";
> + $smtp =
> Net::SMTP::SSL->start_SSL($smtp,
> +
> SSL_verify_mode => SSL_VERIFY_NONE)
> + or die "STARTTLS
> failed! ".$smtp->message;
> + }You've covered the STARTTLS case, but not the SSL one right above it. Someone using smtps on port 465 will still see the warning. You can pass SSL_verify_mode to Net::SMTP::SSL->new just like you pass it to start_SSL. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
