Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Selecting SSL_VERIFY_NONE for SSL_verify_mode

I am trying to create a client connection to an internal ssl site that does not have a certificate and needs to bypass the proxy.

I am able to bypass the proxy, and I am able to connect to the site and create a client connection, however, i am getting this ugly warning:

*******************************************************************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER 
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************

at C:/strawberry/perl/site/lib/LWP/Protocol/http.pm line 31

My Code:

use    RPC::XML::Client;
use    XML::Simple;
use LWP::Protocol::https;

$ENV{NO_PROXY} = '10.*';

$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;

my $server = RPC::XML::Client->new("$vneUrl/api/index.ice",
                                 ssl_opts =>    { SSL_verify_mode   => 'SSL_VERIFY_NONE',
                                                 verify_hostname    => 0,   
                                                 SSL_use_cert => 0x00
                                               },
                                   );
like image 353
Rod Baldwin Avatar asked Apr 08 '13 16:04

Rod Baldwin


2 Answers

That message is from IO::Socket::SSL, and it refers to the constant SSL_VERIFY_NONE it exports rather than the string 'SSL_VERIFY_NONE'.

Secondly, ssl_opts is an argument of LWP::UserAgent's constructor, not RPC::XML::Client's.

Try:

use IO::Socket::SSL qw( SSL_VERIFY_NONE );

RPC::XML::Client->new($uri,
   useragent => [
      ssl_opts => {
         verify_hostname => 0,
         SSL_verify_mode => SSL_VERIFY_NONE,
      },
   ],
);
like image 195
ikegami Avatar answered Nov 01 '22 06:11

ikegami


New version I believe you should set to 0 or 1. I think this was a bug:

500 SSL_verify_mode must be a number and not a string

From:

$useragent->ssl_opts(SSL_verify_mode=>'SSL_VERIFY_NONE');

To:

$useragent->ssl_opts(SSL_verify_mode=>'0');
like image 24
Felipe Ferreira Avatar answered Nov 01 '22 06:11

Felipe Ferreira