So, what does the new version need?
Searching the Changes file for "certificate" might turn up something helpful.
For example, I see that there are two "MAJOR BEHAVIOR CHANGE" announcements (for 1.950) in relation to certs.
Cheers,
Rob | [reply] |
The documentation for IO::Socket::SSl says the default of SSL_VERIFY_NONE for option SSL_verify_mode is going to change. Well apparently that change occurred. And it seems I should be setting this option explicitly, or better yet, supply a certificate and path to be verified. However, I am not using IO::Socket::SSL directly, but it is embedded in Net::SMTP::SSL.
I see a bug 81594 was opened last November on Net::SMTP::SSL identifying the need to pass through options to IO::Socket::SSL.
It appears to me, all the solutions to sending e-mail via SSL pass through Net::SMTP::SSL affecting GoDaddy, Gmail, etc. It appears a few people are hacking either module to set the option, or like myself, I simply reloaded the 1.76 version of IO::Socket::SSL.
| [reply] |
With 1.950 IO::Socket::SSL switched the default from "no certificate verification" to "require verification", after 3 years of complaining (since 1.79) if you used the insecure default of no verification. It also uses the default location for the certificates provided by the openssl installation.
On windows there are probably no certificates installed in a form usable by openssl, so you have to do it by your own. You might use Mozilla::CA and then set the SSL_ca_file like documented there. | [reply] |