Skip Menu |

This queue is for tickets about the Mail-IMAPClient CPAN distribution.

Report information
The Basics
Id: 119172
Status: rejected
Priority: 0/
Queue: Mail-IMAPClient
People
Owner: PLOBBES [...] cpan.org
Requestors: brian [...] interlinx.bc.ca
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
signature.asc

History Show all quoted text
  Wed Dec 07 15:14:11 2016 brian [...] interlinx.bc.ca - Ticket created
Subject: Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is deprecated
Date: Wed, 07 Dec 2016 15:13:55 -0500
To: bug-Mail-IMAPClient [...] rt.cpan.org
From: "Brian J. Murrell" <brian [...] interlinx.bc.ca>
I am getting the following warning: *******************************************************************  Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client  is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER  together with SSL_ca_file|SSL_ca_path for verification.  If you really don't want to verify the certificate and keep the  connection open to Man-In-The-Middle attacks please set  SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. *******************************************************************   at /usr/share/perl5/vendor_perl/Mail/IMAPClient.pm line 454. with Mail::IMAPClieint 3.37. I'm creating my connection to the IMAP server with: my $imap = Mail::IMAPClient->new( User => $opt{username}, Password => $opt{password}, Port => "143", Peek => "1", Debug => $debug > 1, Uid => '0', Clear => '5', SSL_verify_mode => 1, ) || die ("Could not connect to server: $! $?\n"); $imap->Server($opt{imapserver}); $imap->connect(Starttls => 1) or die "connect failed: $@\n"; I suppose I need to set a flag to indicate that I want to verify the certificate of the server. But I would think that in this day and age, that verifying should be the default and one should have to set a flag to disable verification. Or maybe I am completely misunderstanding something. b.
Download signature.asc
application/pgp-signature 473b

Message body not shown because it is not plain text.

  Wed Dec 07 16:06:54 2016 PLOBBES [...] cpan.org - Correspondence added
[closing as invalid, but I'm sure the pod/docs could be better in this area...] The issue here is with the default behavior of the underlying module IO::Socket::SSL and perhaps the use of some illegal/unknown args/parameters to Mail::IMAPClient::new(). Supported arguments... http://search.cpan.org/dist/Mail-IMAPClient/lib/Mail/IMAPClient.pod#Parameters http://search.cpan.org/dist/Mail-IMAPClient/lib/Mail/IMAPClient.pod#Starttls "The arguments used in the call to start_SSL can be controlled by setting the Mail::IMAPClient "Starttls" attribute to an ARRAY reference containing the desired arguments." To pass arguments to IO::Socket::SSL you can use an array reference as a value for either the 'Ssl' or 'Starttls' parameters. The valid arguments can be found in the appropriate docs: http://search.cpan.org/dist/IO-Socket-SSL/lib/IO/Socket/SSL.pod I'd recommend just using something like this (untested): use strict; use warnings; use Mail::IMAPClient; use IO::Socket::SSL; ... my $imap = Mail::IMAPClient->new( User => $opt{username}, Password => $opt{password}, Server => $opt{imapserver}, Debug => $debug || 0, Starttls => [ "SSL_verify_mode" => SSL_VERIFY_PEER ], ) or die ("connect failed: $@\n");
  Wed Dec 07 16:06:55 2016 The RT System itself - Status changed from 'new' to 'open'
  Wed Dec 07 16:06:55 2016 PLOBBES [...] cpan.org - Status changed from 'open' to 'rejected'
  Wed Dec 07 16:06:55 2016 PLOBBES [...] cpan.org - Taken