Skip Menu |

This queue is for tickets about the Net-FTPSSL CPAN distribution.

Report information
The Basics
Id: 85420
Status: resolved
Priority: 0/
Queue: Net-FTPSSL
People
Owner: Nobody in particular
Requestors: nsollars [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Unimportant
Broken in: 0.22
Fixed in: 0.23

History Show all quoted text
  Sat May 18 16:11:28 2013 nsollars [...] gmail.com - Ticket created
Subject: Warning SSL_verify mode
Date: Sat, 18 May 2013 16:11:02 -0400
To: bug-Net-FTPSSL [...] rt.cpan.org
From: Nigel Sollars <nsollars [...] gmail.com>
Hi, Ive gotten my script running fine ftps/tls and uploading a test file, The only issue I have is this warning: ******************************************************************* Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER together with SSL_ca_file|SSL_ca_path for verification. If you really don't want to verify the certificate and keep the connection open to Man-In-The-Middle attacks please set SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. ******************************************************************* at ftpsupload.pl line 18. I was wondering if options to set these are going to be available in Net::FTPSSL having the options available in the connection string would be dead handy to suppress this one. If there is a work around that would work also. Regards Nigel Sollars -- “Science is a differential equation. Religion is a boundary condition.” Alan Turing
  Tue May 21 14:33:57 2013 CLEACH [...] cpan.org - Correspondence added
Hi Nigel, This is a known issue that will require you to upgrade IO::Socket::SSL to 1.86 to resolve. There was a bug in the SSL code that mistakenly prints out this message for 4 or 5 releases before it was fixed. The message doesn't apply to how Net::FTPSSL is using it. If you can't upgrade IO::Socket::SSL, there is no work around for the warning. Curtis On Sat May 18 16:11:28 2013, nsollars@gmail.com wrote: Show quoted text
> Hi, > > Ive gotten my script running fine ftps/tls and uploading a test file, The > only issue I have is this warning: > > ******************************************************************* > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client > is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER > together with SSL_ca_file|SSL_ca_path for verification. > If you really don't want to verify the certificate and keep the > connection open to Man-In-The-Middle attacks please set > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. > ******************************************************************* > at ftpsupload.pl line 18. > > I was wondering if options to set these are going to be available in > Net::FTPSSL having the options available in the connection string would be > dead handy to suppress this one. > > If there is a work around that would work also. > > Regards > Nigel Sollars
  Tue May 21 14:33:57 2013 The RT System itself - Status changed from 'new' to 'open'
  Tue May 21 14:37:08 2013 CLEACH [...] cpan.org - Fixed in 0.22 added
  Tue May 21 14:37:08 2013 CLEACH [...] cpan.org - Severity Unimportant added
  Tue May 21 16:52:01 2013 nsollars [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #85420] Warning SSL_verify mode
Date: Tue, 21 May 2013 16:51:46 -0400
To: bug-Net-FTPSSL [...] rt.cpan.org
From: Nigel Sollars <nsollars [...] gmail.com>
Hi, Thanks for the response is this 1.86 ( or later ) as in 1.89 being the latest IO::Socket::SSL, this version is still kicking out the error. This is the same in Active state and Strawberry Perl. Regards On Tue, May 21, 2013 at 2:33 PM, Curtis Leach via RT < bug-Net-FTPSSL@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > Hi Nigel, > > This is a known issue that will require you to upgrade IO::Socket::SSL to > 1.86 to resolve. There was a bug in the SSL code that mistakenly prints > out this message for 4 or 5 releases before it was fixed. The message > doesn't apply to how Net::FTPSSL is using it. > > If you can't upgrade IO::Socket::SSL, there is no work around for the > warning. > > Curtis > > On Sat May 18 16:11:28 2013, nsollars@gmail.com wrote:
> > Hi, > > > > Ive gotten my script running fine ftps/tls and uploading a test file,
> The
> > only issue I have is this warning: > > > > ******************************************************************* > > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client > > is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER > > together with SSL_ca_file|SSL_ca_path for verification. > > If you really don't want to verify the certificate and keep the > > connection open to Man-In-The-Middle attacks please set > > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. > > ******************************************************************* > > at ftpsupload.pl line 18. > > > > I was wondering if options to set these are going to be available in > > Net::FTPSSL having the options available in the connection string would
> be
> > dead handy to suppress this one. > > > > If there is a work around that would work also. > > > > Regards > > Nigel Sollars
> > > >
-- “Science is a differential equation. Religion is a boundary condition.” Alan Turing
  Tue May 21 18:13:58 2013 CLEACH [...] cpan.org - Correspondence added
Hi Nigel, Then this warning is popping up in a different context than I worked with before. Can you turn on logging & return to me the log files so that I can verify the root cause? Add the following to your call to new(). Debug=>1, DebugLogFile=>"myLog.txt". Have your test script call quit() immediately after the warning is generated. Since the warning will not show up in the log file. This way I can track down the exact code & sequence that is causing the message to pop up. Thanks Curtis On Tue May 21 16:52:01 2013, nsollars@gmail.com wrote: Show quoted text
> Hi, > > Thanks for the response is this 1.86 ( or later ) as in 1.89 being the > latest IO::Socket::SSL, this version is still kicking out the error. > > This is the same in Active state and Strawberry Perl. > > Regards > > > On Tue, May 21, 2013 at 2:33 PM, Curtis Leach via RT < > bug-Net-FTPSSL@rt.cpan.org> wrote: >
> > <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > > > Hi Nigel, > > > > This is a known issue that will require you to upgrade IO::Socket::SSL to > > 1.86 to resolve. There was a bug in the SSL code that mistakenly prints > > out this message for 4 or 5 releases before it was fixed. The message > > doesn't apply to how Net::FTPSSL is using it. > > > > If you can't upgrade IO::Socket::SSL, there is no work around for the > > warning. > > > > Curtis > > > > On Sat May 18 16:11:28 2013, nsollars@gmail.com wrote:
> > > Hi, > > > > > > Ive gotten my script running fine ftps/tls and uploading a test file,
> > The
> > > only issue I have is this warning: > > > > > > ******************************************************************* > > > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client > > > is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER > > > together with SSL_ca_file|SSL_ca_path for verification. > > > If you really don't want to verify the certificate and keep the > > > connection open to Man-In-The-Middle attacks please set > > > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. > > > ******************************************************************* > > > at ftpsupload.pl line 18. > > > > > > I was wondering if options to set these are going to be available in > > > Net::FTPSSL having the options available in the connection string would
> > be
> > > dead handy to suppress this one. > > > > > > If there is a work around that would work also. > > > > > > Regards > > > Nigel Sollars
> > > > > > > >
> >
  Wed May 22 13:02:52 2013 nsollars [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #85420] Warning SSL_verify mode
Date: Wed, 22 May 2013 13:02:31 -0400
To: bug-Net-FTPSSL [...] rt.cpan.org
From: Nigel Sollars <nsollars [...] gmail.com>
HI, Upplied the script and output files, on my Fedora laptop I updated IO::Socket::SSL and Net::SSLeay to the latest versions ( looked at the deps list for FTPSSL ). After the warning it shows: at ftpsupload.pl line 24. Hope this helps. On Tue, May 21, 2013 at 6:13 PM, Curtis Leach via RT < bug-Net-FTPSSL@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > Hi Nigel, > > Then this warning is popping up in a different context than I worked with > before. Can you turn on logging & return to me the log files so that I can > verify the root cause? > > Add the following to your call to new(). Debug=>1, > DebugLogFile=>"myLog.txt". > > Have your test script call quit() immediately after the warning is > generated. Since the warning will not show up in the log file. This way I > can track down the exact code & sequence that is causing the message to pop > up. > > Thanks > > Curtis > > On Tue May 21 16:52:01 2013, nsollars@gmail.com wrote:
> > Hi, > > > > Thanks for the response is this 1.86 ( or later ) as in 1.89 being the > > latest IO::Socket::SSL, this version is still kicking out the error. > > > > This is the same in Active state and Strawberry Perl. > > > > Regards > > > > > > On Tue, May 21, 2013 at 2:33 PM, Curtis Leach via RT < > > bug-Net-FTPSSL@rt.cpan.org> wrote: > >
> > > <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > > > > > Hi Nigel, > > > > > > This is a known issue that will require you to upgrade IO::Socket::SSL
> to
> > > 1.86 to resolve. There was a bug in the SSL code that mistakenly
> prints
> > > out this message for 4 or 5 releases before it was fixed. The message > > > doesn't apply to how Net::FTPSSL is using it. > > > > > > If you can't upgrade IO::Socket::SSL, there is no work around for the > > > warning. > > > > > > Curtis > > > > > > On Sat May 18 16:11:28 2013, nsollars@gmail.com wrote:
> > > > Hi, > > > > > > > > Ive gotten my script running fine ftps/tls and uploading a test file,
> > > The
> > > > only issue I have is this warning: > > > > > > > > ******************************************************************* > > > > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client > > > > is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER > > > > together with SSL_ca_file|SSL_ca_path for verification. > > > > If you really don't want to verify the certificate and keep the > > > > connection open to Man-In-The-Middle attacks please set > > > > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. > > > > ******************************************************************* > > > > at ftpsupload.pl line 18. > > > > > > > > I was wondering if options to set these are going to be available in > > > > Net::FTPSSL having the options available in the connection string
> would
> > > be
> > > > dead handy to suppress this one. > > > > > > > > If there is a work around that would work also. > > > > > > > > Regards > > > > Nigel Sollars
> > > > > > > > > > > >
> > > >
> > > >
-- “Science is a differential equation. Religion is a boundary condition.” Alan Turing

Message body is not shown because sender requested not to inline it.

Message body is not shown because sender requested not to inline it.

  Thu May 23 12:16:34 2013 CLEACH [...] cpan.org - Fixed in 0.22 deleted
  Thu May 23 12:16:34 2013 CLEACH [...] cpan.org - Broken in 0.22 added
  Thu May 23 13:09:58 2013 CLEACH [...] cpan.org - Correspondence added
Thank you for the logs. It looks like you are getting the message during the call to Net::FTPSSL->new(), and you are not using certificates. It looks like I'll need to include a small code change to suppress that warning after all. Its going to be a while before I get the next release out due to other features I'm putting in, but the fix will be included then. In the mean time, if you like, you can make one small change to FTPLSSL.pm yourself at the beginning of the "new()" function by adding an "else" clause. Change: if (ref ($arg->{SSL_Client_Certificate}) eq "HASH") { %ssl_args = %{$arg->{SSL_Client_Certificate}} } elsif (ref ($arg->{SSL_Advanced}) eq "HASH") { %ssl_args = %{$arg->{SSL_Advanced}}; # Depreciated in v0.18 print STDERR "SSL_Advanced has been depreciated, use SSL_Client_Certificate instead!\n"; } To: if (ref ($arg->{SSL_Client_Certificate}) eq "HASH") { %ssl_args = %{$arg->{SSL_Client_Certificate}} } elsif (ref ($arg->{SSL_Advanced}) eq "HASH") { %ssl_args = %{$arg->{SSL_Advanced}}; # Depreciated in v0.18 print STDERR "SSL_Advanced has been depreciated, use SSL_Client_Certificate instead!\n"; } else { $ssl_args{SSL_verify_mode} = Net::SSLeay::VERIFY_NONE(); } This patch should stop the warning & make sure you don't run into issues when IO::Socket::SSL converts the warning to a fatal error in a future release. I hope this helps. Curtis On Wed May 22 13:02:52 2013, nsollars@gmail.com wrote: Show quoted text
> HI, > > Upplied the script and output files, on my Fedora laptop I updated > IO::Socket::SSL and Net::SSLeay to the latest versions ( looked at the > deps > list for FTPSSL ). > > After the warning it shows: > at ftpsupload.pl line 24. > > Hope this helps. > > > On Tue, May 21, 2013 at 6:13 PM, Curtis Leach via RT < > bug-Net-FTPSSL@rt.cpan.org> wrote: >
> > <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > > > Hi Nigel, > > > > Then this warning is popping up in a different context than I worked
> with
> > before. Can you turn on logging & return to me the log files so
> that I can
> > verify the root cause? > > > > Add the following to your call to new(). Debug=>1, > > DebugLogFile=>"myLog.txt". > > > > Have your test script call quit() immediately after the warning is > > generated. Since the warning will not show up in the log file.
> This way I
> > can track down the exact code & sequence that is causing the message
> to pop
> > up. > > > > Thanks > > > > Curtis > > > > On Tue May 21 16:52:01 2013, nsollars@gmail.com wrote:
> > > Hi, > > > > > > Thanks for the response is this 1.86 ( or later ) as in 1.89 being
> the
> > > latest IO::Socket::SSL, this version is still kicking out the
> error.
> > > > > > This is the same in Active state and Strawberry Perl. > > > > > > Regards > > > > > > > > > On Tue, May 21, 2013 at 2:33 PM, Curtis Leach via RT < > > > bug-Net-FTPSSL@rt.cpan.org> wrote: > > >
> > > > <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > > > > > > > Hi Nigel, > > > > > > > > This is a known issue that will require you to upgrade
> IO::Socket::SSL
> > to
> > > > 1.86 to resolve. There was a bug in the SSL code that
> mistakenly
> > prints
> > > > out this message for 4 or 5 releases before it was fixed. The
> message
> > > > doesn't apply to how Net::FTPSSL is using it. > > > > > > > > If you can't upgrade IO::Socket::SSL, there is no work around
> for the
> > > > warning. > > > > > > > > Curtis > > > > > > > > On Sat May 18 16:11:28 2013, nsollars@gmail.com wrote:
> > > > > Hi, > > > > > > > > > > Ive gotten my script running fine ftps/tls and uploading a
> test file,
> > > > The
> > > > > only issue I have is this warning: > > > > > > > > > >
> *******************************************************************
> > > > > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for
> client
> > > > > is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER > > > > > together with SSL_ca_file|SSL_ca_path for verification. > > > > > If you really don't want to verify the certificate and keep
> the
> > > > > connection open to Man-In-The-Middle attacks please set > > > > > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your
> application.
> > > > >
> *******************************************************************
> > > > > at ftpsupload.pl line 18. > > > > > > > > > > I was wondering if options to set these are going to be
> available in
> > > > > Net::FTPSSL having the options available in the connection
> string
> > would
> > > > be
> > > > > dead handy to suppress this one. > > > > > > > > > > If there is a work around that would work also. > > > > > > > > > > Regards > > > > > Nigel Sollars
> > > > > > > > > > > > > > > >
> > > > > >
> > > > > > > >
> >
  Mon Aug 05 18:46:05 2013 CLEACH [...] cpan.org - Correspondence added
Hi Nigel, Your fix is now ready in v0.23. Sorry about the delay in getting in uploaded. Curtis On Thu May 23 13:09:58 2013, CLEACH wrote: Show quoted text
> Thank you for the logs. > > It looks like you are getting the message during the call to > Net::FTPSSL->new(), and you are not using certificates. > > It looks like I'll need to include a small code change to suppress > that warning after all. > > Its going to be a while before I get the next release out due to other > features I'm putting in, but the fix will be included then. > > In the mean time, if you like, you can make one small change to > FTPLSSL.pm yourself at the beginning of the "new()" function by adding > an "else" clause. > > Change: > if (ref ($arg->{SSL_Client_Certificate}) eq "HASH") { > %ssl_args = %{$arg->{SSL_Client_Certificate}} > } elsif (ref ($arg->{SSL_Advanced}) eq "HASH") { > %ssl_args = %{$arg->{SSL_Advanced}}; # Depreciated in v0.18 > print STDERR "SSL_Advanced has been depreciated, use > SSL_Client_Certificate instead!\n"; > } > > To: > if (ref ($arg->{SSL_Client_Certificate}) eq "HASH") { > %ssl_args = %{$arg->{SSL_Client_Certificate}} > } elsif (ref ($arg->{SSL_Advanced}) eq "HASH") { > %ssl_args = %{$arg->{SSL_Advanced}}; # Depreciated in v0.18 > print STDERR "SSL_Advanced has been depreciated, use > SSL_Client_Certificate instead!\n"; > } else { > $ssl_args{SSL_verify_mode} = Net::SSLeay::VERIFY_NONE(); > } > > This patch should stop the warning & make sure you don't run into > issues when IO::Socket::SSL converts the warning to a fatal error in a > future release. > > I hope this helps. > > Curtis > > On Wed May 22 13:02:52 2013, nsollars@gmail.com wrote:
> > HI, > > > > Upplied the script and output files, on my Fedora laptop I updated > > IO::Socket::SSL and Net::SSLeay to the latest versions ( looked at > > the > > deps > > list for FTPSSL ). > > > > After the warning it shows: > > at ftpsupload.pl line 24. > > > > Hope this helps. > > > > > > On Tue, May 21, 2013 at 6:13 PM, Curtis Leach via RT < > > bug-Net-FTPSSL@rt.cpan.org> wrote: > >
> > > <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > > > > > Hi Nigel, > > > > > > Then this warning is popping up in a different context than I > > > worked
> > with
> > > before. Can you turn on logging & return to me the log files so
> > that I can
> > > verify the root cause? > > > > > > Add the following to your call to new(). Debug=>1, > > > DebugLogFile=>"myLog.txt". > > > > > > Have your test script call quit() immediately after the warning is > > > generated. Since the warning will not show up in the log file.
> > This way I
> > > can track down the exact code & sequence that is causing the > > > message
> > to pop
> > > up. > > > > > > Thanks > > > > > > Curtis > > > > > > On Tue May 21 16:52:01 2013, nsollars@gmail.com wrote:
> > > > Hi, > > > > > > > > Thanks for the response is this 1.86 ( or later ) as in 1.89 > > > > being
> > the
> > > > latest IO::Socket::SSL, this version is still kicking out the
> > error.
> > > > > > > > This is the same in Active state and Strawberry Perl. > > > > > > > > Regards > > > > > > > > > > > > On Tue, May 21, 2013 at 2:33 PM, Curtis Leach via RT < > > > > bug-Net-FTPSSL@rt.cpan.org> wrote: > > > >
> > > > > <URL: https://rt.cpan.org/Ticket/Display.html?id=85420 > > > > > > > > > > > Hi Nigel, > > > > > > > > > > This is a known issue that will require you to upgrade
> > IO::Socket::SSL
> > > to
> > > > > 1.86 to resolve. There was a bug in the SSL code that
> > mistakenly
> > > prints
> > > > > out this message for 4 or 5 releases before it was fixed. The
> > message
> > > > > doesn't apply to how Net::FTPSSL is using it. > > > > > > > > > > If you can't upgrade IO::Socket::SSL, there is no work around
> > for the
> > > > > warning. > > > > > > > > > > Curtis > > > > > > > > > > On Sat May 18 16:11:28 2013, nsollars@gmail.com wrote:
> > > > > > Hi, > > > > > > > > > > > > Ive gotten my script running fine ftps/tls and uploading a
> > test file,
> > > > > The
> > > > > > only issue I have is this warning: > > > > > > > > > > > >
> > *******************************************************************
> > > > > > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for
> > client
> > > > > > is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER > > > > > > together with SSL_ca_file|SSL_ca_path for verification. > > > > > > If you really don't want to verify the certificate and keep
> > the
> > > > > > connection open to Man-In-The-Middle attacks please set > > > > > > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your
> > application.
> > > > > >
> > *******************************************************************
> > > > > > at ftpsupload.pl line 18. > > > > > > > > > > > > I was wondering if options to set these are going to be
> > available in
> > > > > > Net::FTPSSL having the options available in the connection
> > string
> > > would
> > > > > be
> > > > > > dead handy to suppress this one. > > > > > > > > > > > > If there is a work around that would work also. > > > > > > > > > > > > Regards > > > > > > Nigel Sollars
> > > > > > > > > > > > > > > > > > > >
> > > > > > > >
> > > > > > > > > > > >
> > > >
  Tue Aug 06 12:40:01 2013 CLEACH [...] cpan.org - Fixed in 0.23 added
  Tue Aug 06 12:41:13 2013 CLEACH [...] cpan.org - Status changed from 'open' to 'resolved'