Hi Daniel See upstreams answer on this.
Bests Salvatore ----- Forwarded message from Steffen Ullrich via RT <[email protected]> ----- From: Steffen Ullrich via RT <[email protected]> Reply-To: [email protected] Date: Wed, 8 Dec 2010 14:38:34 -0500 To: [email protected] Cc: [email protected] Subject: [rt.cpan.org #63741] IO::Socket::SSL fails when verify_callback is supplied without ca_path or ca_file <URL: https://rt.cpan.org/Ticket/Display.html?id=63741 > it's not that simple: - usually SSL_verify_callback is used together with a valid CA file or CA path, because one wants to let openssl pre-check the certificate and only add additional checks (see SSL_set_verify openssl docs), - if SSL_verifycn_scheme is set there will be an implicite SSL_verify_callback which checks the name in the certificate Because the case, that somebody wants to check the certificate completly by itself w/o having openssl check the certificate chain, is IMHO uncommon, I don't change the code for now. I think it is safer than risk to not doing certificate checks. ----- End forwarded message -----
signature.asc
Description: Digital signature
