Not sure how many others are using xCAT or have run into this issue, but when I upgraded our test VCL system from 2.2.1 to 2.3.1, I started getting the following message when running any xCAT command:
******************************************************************* Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER together with SSL_ca_file|SSL_ca_path for verification. If you really don't want to verify the certificate and keep the connection open to Man-In-The-Middle attacks please set SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. ******************************************************************* at /opt/xcat/lib/perl/xCAT/Client.pm line 138 The command actually runs anyway and succeeds, but this warning output is interpreted by vcld as a failure, and so the VCL operation fails. I tracked down the source of the problem to the perl module /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm, which gets updated when the install_perl_libs.pl script is run as part of the VCL 2.3.1 upgrade. This upgraded the SSL.pm module from version 1.01 to 1.81. This change apparently necessitates putting some code in the xCAT Client.pm module to set the values that the warning message is talking about. A quick fix was copy the 1.01 version back by doing: 'cp /usr/lib/perl5/vendor_perl/5.8.8/IO/Socket/SSL.pm /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm'. This made the warning message go away, and from additional testing I've done, I haven't found any ill effects from doing this. Everything seems to work as it should. This is on RHEL 5.8 with xCAT 2.6.10. I haven't looked into whether updates to xCAT address this or not. Mike Waldron Systems Specialist ITS - Research Computing Center University of North Carolina at Chapel Hill
