Subject: | Net::FTP: `starttls` doesn't pass on the error message of SSL_connect |
Calling the Net::FTP method starttls returns boolean on whether the TLS upgrade succeeded or not. Internally, two actions are performed: AUTH TLS is sent, and the SSL connect is performed.
If the former fails, `$ftp->message` will hold the error string. However, when the TLS upgrade fails during the `connect_SSL` phase, the error of IO::Socket::SSL is *not* passed on to the calling code by setting `message` accordingly.
So if the calling code looks like this:
$ftp->starttls or die $ftp->message;
The "error" message will be "Using authentication type TLS" if the SSL connect failed, e.g. with "SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed".
In my opinion, starttls should either throw (which would break backwards-compatibility), or set $ftp->message to $IO::Socket::SSL::SSL_ERROR if SSL_connect failed...