11

I am trying to create a client connection to an internal ssl site that does not have a certificate and needs to bypass the proxy.

I am able to bypass the proxy, and I am able to connect to the site and create a client connection, however, i am getting this ugly warning:

*******************************************************************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER 
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************

at C:/strawberry/perl/site/lib/LWP/Protocol/http.pm line 31

My Code:

use    RPC::XML::Client;
use    XML::Simple;
use LWP::Protocol::https;

$ENV{NO_PROXY} = '10.*';

$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;

my $server = RPC::XML::Client->new("$vneUrl/api/index.ice",
                                 ssl_opts =>    { SSL_verify_mode   => 'SSL_VERIFY_NONE',
                                                 verify_hostname    => 0,   
                                                 SSL_use_cert => 0x00
                                               },
                                   );
ikegami
  • 367,544
  • 15
  • 269
  • 518
Rod Baldwin
  • 111
  • 1
  • 1
  • 3
  • Is there something in that warning that you do not understand? – TLP Apr 08 '13 at 17:00
  • It's not clear what the title of your post has to do with the rest of your question. Perhaps you could explain what you think the connection is? – mob Apr 08 '13 at 17:38

2 Answers2

20

That message is from IO::Socket::SSL, and it refers to the constant SSL_VERIFY_NONE it exports rather than the string 'SSL_VERIFY_NONE'.

Secondly, ssl_opts is an argument of LWP::UserAgent's constructor, not RPC::XML::Client's.

Try:

use IO::Socket::SSL qw( SSL_VERIFY_NONE );

RPC::XML::Client->new($uri,
   useragent => [
      ssl_opts => {
         verify_hostname => 0,
         SSL_verify_mode => SSL_VERIFY_NONE,
      },
   ],
);
ikegami
  • 367,544
  • 15
  • 269
  • 518
  • Thanks, that did eliminate the warning when creating the Client connection., – Rod Baldwin Apr 08 '13 at 19:09
  • Now that i have the $client created, i need to pass requests. such as [ my $session = $client->simple_request('login', 1, 0,$username, $password); ] I'm once again getting the error for this statement. How would i go about passing the ssl_opts to each subsequent request? – Rod Baldwin Apr 08 '13 at 19:15
  • hum, it uses the UserAgent object created in the constructor and to which those flags were passed as one would expect. Not sure where that message is coming from – ikegami Apr 08 '13 at 19:46
  • 1
    Is there similar solution for [Net::SMTP::SSL](http://stackoverflow.com/questions/18899327/how-to-set-ssl-certificate-for-gmail-smtp)? – mpapec Sep 20 '13 at 06:56
  • 4
    @mpapec - I know this is an old comment, but I have had similar difficulty with Net::SMTP::SSL. The best solution I've found has been to use IO::Socket::SSL::set_defaults, whose settings will then be implicitly used by further Net::SMTP::SSL instances. – jwd Dec 07 '13 at 22:52
  • instead of using Net::SMTP::SSL or Net::SMTP::TLS I would suggest to use Net::SSLGlue::SMTP which combines the functionality of both modules by monkey patching Net::SMTP and has proper SSL support, e.g. secure defaults – Steffen Ullrich Jan 10 '14 at 21:00
3

New version I believe you should set to 0 or 1. I think this was a bug:

500 SSL_verify_mode must be a number and not a string

From:

$useragent->ssl_opts(SSL_verify_mode=>'SSL_VERIFY_NONE');

To:

$useragent->ssl_opts(SSL_verify_mode=>'0');
tripleee
  • 175,061
  • 34
  • 275
  • 318
Felipe Ferreira
  • 99
  • 1
  • 3