|
From: William M. <wf...@ho...> - 2013-06-03 15:57:40
|
> On 06/03/13 17:02, Lars Noodén wrote: > > On 6/3/13 5:49 PM, William Makowski wrote: > >> I reported this back in February on the mailing list and opened a > >> ticket, https://sourceforge.net/apps/trac/ddclient/ticket/76. There > >> is also a temporary patch that I suggested until a more permanent > >> solution can be completed. > >> > >> Bill > > > > Thanks. That's the same version I have, but the patch looks like it > > turns off verification. If so, that might not be a good long term > > solution. Should there be some certificates from the dynammic services > > checked instead? > > > > Regards, > > /Lars > > > > That's why I didn't applied the patch. Maybe we could add some kind of > an unsafe option to make it usable. > Ideally it would be nice if ddclient allowed us to set SSL_verify_mode to SSL_VERIFY_PEER together with a SSL_ca_file|SSL_ca_path for verification. Currently from what I understand ddclient defaults to using SSL_VERIFY_NONE because that is how the perl module IO::Socket::SSL works. The message is coming out because the module developers plan on forcing users to explicitly set a SSL_verify_mode. Once that happens ddclient probably won't work. My patch is temporary. It explicitly sets the verify mode to SSL_VERIFY_NONE and should keep ddclient working once the perl module is changed. Long term though I think this setting should become a configuration option and allow the user to set SSL_VERIFY to PEER or NONE. NONE, however, does lead to a less secure state. > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite > It's a free troubleshooting tool designed for production > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap2 > _______________________________________________ > Ddclient-support mailing list > Ddc...@li... > https://lists.sourceforge.net/lists/listinfo/ddclient-support |
