Menu
▾
▴
Re: start_tls
|
From: Chris R. <chr...@me...> - 2001-07-06 12:36:04
|
Graham Barr <gb...@po...> wrote: > On Fri, Jul 06, 2001 at 01:03:16PM +0100, Chris Ridd wrote: >> The setting of capth/cafile to '' instead of undef is required by 0.78. >> Hm, we could make our code check the IO::Socket::SSL version and set the >> defaults appropriately... > > Hm, I have o.78 here and it works fine with undef or '' > > Graham. You have to actually try verifying a server's cert using capath to see this problem. With verify => require, capath => "/tmp/certs" and cafile defaulting to undef the socket creation fails silently (new returns undef and there's nothing in $@), and strace reveals something attempting to open "certs/my-ca.pem", which is one of IO::Socket::SSL.pm's defaults. With cafile defaulting to '' and everything else the same, the socket gets created OK. (I had my CA cert in /tmp/certs of course.) So I'm fairly sure that undef does not work in 0.78. Cheers, Chris |
