Skip Menu |
 

This queue is for tickets about the POE-Component-IRC CPAN distribution.

Report information
The Basics
Id: 71876
Status: new
Priority: 0/
Queue: POE-Component-IRC

People
Owner: Nobody in particular
Requestors: kuriguri [...] ymail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: SSL certificate verification
Date: Sun, 23 Oct 2011 15:40:06 -0700 (PDT)
To: "bug-POE-Component-IRC [...] rt.cpan.org" <bug-POE-Component-IRC [...] rt.cpan.org>
From: John Johnsey <kuriguri [...] ymail.com>
Download (untitled) / with headers
text/plain 1.3k
While POE::Component::IRC supports SSL connections with UseSSL, no certificate verification is done which renders this option useless. I haven't figured out how to achieve this using POE::Component::SSLify yet since the documentation could be clearer. My last approach was to add something similar to this to _sockup: if ($self->{verifyssl}) {     my $ctx = SSLify_ContextCreate(undef, undef, undef, Net::SSLeay::OP_ALL());     if (!Net::SSLeay::CTX_load_verify_locations($ctx, $self->{cafile}, $self->{capath})) {         warn "Couldn't use an SSL socket: Net::SSLeay::CTX_load_verify_locations failed\n";         $self->{usessl} = 0;     } else {         $socket = Client_SSLify($socket, undef, undef, $ctx);     } } else {     $socket = Client_SSLify($socket); } however it does not work as intended, i.e. the connection is established even with cafile and capath being empty. I'm no OpenSSL expert, so it's very likely that I am missing something obvious. Unfortunately I don't have the time to dig deeper right now and the lines above, which are by the way based on IO::Socket::SSL, took me on a long journey through POE::Component::SSLify and Net::SSLeay. So maybe someone with more OpenSSL can take a look at this and make POE::Component::IRC more secure. All tests done with perl 5.12.4, POE::Component::IRC 6.74 and POE::Component::SSLify 1.008. - JJ


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.