Hi, I am writing a soap request and I am using SSL_VERIFY_NONE flag mode because that was the only way that I could actually do the request to the server. I tried the others mode flags (SSL_VERIFY_PEER, SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE) but none of them worked. I got the following error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed I am in development environment using a self signed certificate that I generated. I have lots of questions about it because I am new to the subject but my main concern right now is: since my soap request is working with SSL_VERIFY_NONE and I need to release this funcionality soon, is that risky? Am I doing wrong if I keep the verify mode to "none"? Is there any lack of security? What are the requirements to use the others verify mode flags? Can it be done with a self signed certificate? Thanks, David William
