From: John Keeping <john@keeping.me.uk>
To: Ramkumar Ramachandra <artagnon@gmail.com>
Cc: Git List <git@vger.kernel.org>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH] send-email: squelch warning from Net::SMTP::SSL
Date: Fri, 5 Jul 2013 11:45:57 +0100 [thread overview]
Message-ID: <20130705104557.GL9161@serenity.lan> (raw)
In-Reply-To: <1373019511-13232-1-git-send-email-artagnon@gmail.com>
On Fri, Jul 05, 2013 at 03:48:31PM +0530, Ramkumar Ramachandra wrote:
> Due to a recent change in the Net::SMTP::SSL module, send-email emits
> the following ugly warning everytime a email is sent via SSL:
>
> *******************************************************************
> Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
> is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
> together with SSL_ca_file|SSL_ca_path for verification.
> If you really don't want to verify the certificate and keep the
> connection open to Man-In-The-Middle attacks please set
> SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
> *******************************************************************
>
> Fix this by explicitly specifying SSL_verify_mode => SSL_VERIFY_NONE in
> Net::SMTP::SSL->start_SSL().
I don't think this is really "fix", it's more plastering over the
problem. As the message from OpenSSL says, specifying this means that
we're explicitly saying that we don't want to check the server
certificate which loses half of the security of SSL.
I'd rather leave this as it is (complete with the big scary error
message) and eventually fix it properly by letting the user specify the
ca_file or ca_path. Perhaps we can even set a sensible default,
although I expect this needs to be platform-specific.
next prev parent reply other threads:[~2013-07-05 10:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-05 10:18 [PATCH] send-email: squelch warning from Net::SMTP::SSL Ramkumar Ramachandra
2013-07-05 10:45 ` John Keeping [this message]
2013-07-05 10:52 ` Ramkumar Ramachandra
2013-07-05 11:31 ` Matthieu Moy
2013-07-26 9:29 ` Colin Guthrie
2013-07-29 16:01 ` Junio C Hamano
2013-07-29 17:12 ` Colin Guthrie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130705104557.GL9161@serenity.lan \
--to=john@keeping.me.uk \
--cc=artagnon@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).