Skip Menu |
 

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 83254
Status: resolved
Priority: 0/
Queue: libwww-perl

People
Owner: Nobody in particular
Requestors: blue [...] thisisnotmyrealemail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: IO::Socket::SSL now issues warning when used with LWP's verify_hostname=>0
Download (untitled) / with headers
text/plain 2.8k
When setting ssl_opts => { verify_hostname => 0 }, IO::Socket::SSL issues the following warning: ******************************************************************* Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER together with SSL_ca_file|SSL_ca_path for verification. If you really don't want to verify the certificate and keep the connection open to Man-In-The-Middle attacks please set SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. ******************************************************************* at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/IO/Socket/SSL.pm line 309. IO::Socket::SSL::configure_SSL('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/IO/Socket/SSL.pm line 264 IO::Socket::SSL::configure('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/Net/HTTPS.pm line 68 Net::HTTPS::http_connect('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/Net/HTTP/Methods.pm line 76 Net::HTTP::Methods::http_configure('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/Net/HTTPS.pm line 49 Net::HTTPS::configure('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/5.16.2/darwin-2level/IO/Socket.pm line 49 IO::Socket::new('LWP::Protocol::https::Socket', 'PeerAddr', 'www.apple.com', 'PeerPort', 443, 'LocalAddr', undef, 'Proto', 'tcp', ...) called at /home/perlbrew/perls/perl-5.16.2/lib/5.16.2/darwin-2level/IO/Socket/INET.pm line 37 IO::Socket::INET::new('LWP::Protocol::https::Socket', 'PeerAddr', 'www.apple.com', 'PeerPort', 443, 'LocalAddr', undef, 'Proto', 'tcp', ...) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/Protocol/http.pm line 31 LWP::Protocol::http::_new_socket('LWP::Protocol::https=HASH(0x7fcf53047178)', 'www.apple.com', 443, 30) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/Protocol/http.pm line 162 LWP::Protocol::http::request('LWP::Protocol::https=HASH(0x7fcf53047178)', 'HTTP::Request=HASH(0x7fcf530b30d0)', undef, undef, undef, 30) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/UserAgent.pm line 192 eval {...} called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/UserAgent.pm line 191 LWP::UserAgent::send_request('Bot=HASH(0x7fcf523e26a8)', 'HTTP::Request=HASH(0x7fcf530b30d0)', undef, undef) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/UserAgent.pm line 274
Download (untitled) / with headers
text/plain 900b
On Sun Feb 10 14:34:53 2013, blue wrote: Show quoted text
> When setting ssl_opts => { verify_hostname => 0 }, IO::Socket::SSL > issues the following warning: > > ******************************************************************* > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client > is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER > together with SSL_ca_file|SSL_ca_path for verification. > If you really don't want to verify the certificate and keep the > connection open to Man-In-The-Middle attacks please set > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. > *******************************************************************
The solution is to heed the warning you get, and pass through more options, e.g. ssl_opts => { verify_hostname => 0, SSL_verify_mode => SSL_VERIFY_NONE }. Only the caller can be sure whether PEER or NONE is the right choice.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.