On Fri, Jul 05, 2013 at 05:35:47PM +0530, Ramkumar Ramachandra wrote:
> @@ -1193,13 +1197,23 @@ X-Mailer: git-send-email $gitversion
>  						 Debug => $debug_net_smtp);
>  			if ($smtp_encryption eq 'tls' && $smtp) {
>  				require Net::SMTP::SSL;
> -				use IO::Socket::SSL qw(SSL_VERIFY_NONE);
> +				use IO::Socket::SSL qw(SSL_VERIFY_PEER SSL_VERIFY_NONE);
>  				$smtp->command('STARTTLS');
>  				$smtp->response();
>  				if ($smtp->code == 220) {
> -					$smtp = Net::SMTP::SSL->start_SSL($smtp,
> -									  SSL_verify_mode => SSL_VERIFY_NONE)
> -						or die "STARTTLS failed! ".$smtp->message;
> +					# Attempt to use a ca-certificate by default
> +					$smtp_ssl_cert_path |= "/etc/ssl/certs";
> +					if (-d $smtp_ssl_cert_path) {
> +						$smtp = Net::SMTP::SSL->start_SSL($smtp,
> +										  SSL_verify_mode => SSL_VERIFY_PEER,
> +										  SSL_ca_path => $smtp_ssl_cert_path)
> +							or die "STARTTLS failed! ".$smtp->message;
> +					} else {
> +						print STDERR "warning: Using SSL_VERIFY_NONE.  See sendemail.smtpsslcertpath.\n";
> +						$smtp = Net::SMTP::SSL->start_SSL($smtp,
> +										  SSL_verify_mode => SSL_VERIFY_NONE)
> +							or die "STARTTLS failed! ".$smtp->message;
> +					}

You've covered the STARTTLS case, but not the SSL one right above it.
Someone using smtps on port 465 will still see the warning.  You can
pass SSL_verify_mode to Net::SMTP::SSL->new just like you pass it to
start_SSL.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187