| Subject: | IO::Socket::SSL requires parameters to be functional |
IO-Socket-SSL-1.79 in this commit:
https://github.com/noxxi/p5-io-socket-ssl/commit/e3888257eda1ad9ba69a2334c2a415576876c6b8
now requires that the SSL_verify_mode is explicitly set to
SSL_VERIFY_NONE, rather than default to that value.
Net::SMTP has a hard-coded list of permitted options, and the SSL_*
options are not included.
By hacking Net::SMTP to pass SSL_verify_mode => 0 as one of the
parameters, this can be made to work again, but there appears to be no
path for end users to make this operational. Withtout this parameter,
Net::SMTP::SSL->new( ... fails with the following error:
*******************************************************************
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don't want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
A change in IO::Socket::SSL has broken Net::SMTP::SSL but I believe the
fix is needed in Net::SMTP. I have no idea where this really needs to
be reported. The Foswiki project has started to get reports from users
about inoperational email after updating CPAN modules.
To recreate, install Net::SMTP::SSL and (current) IO::Socket::SSL 1.80.
Attempt a SSL email connection.