Ramkumar Ramachandra <artag...@gmail.com> writes:

> Thomas Rast wrote:
>> When --smtp-encryption=ssl, we use a Net::SMTP::SSL connection,
>> passing its ->new all the options that would otherwise go to
>> Net::SMTP->new (most options) and IO::Socket::SSL->start_SSL (for the
>> SSL options).
>> However, while Net::SMTP::SSL replaces the underlying socket class
>> with an SSL socket, it does nothing to allow passing options to that
>> socket.  So the SSL-relevant options are lost.
> Both [1/3] and [2/3] look good. However, I'm curious about this one:
> Net::SMTP::SSL inherits from IO::Socket::SSL, where new() is defined.
> In the documentation for IO::Socket::SSL,
>   $ perldoc IO::Socket::SSL
> I can see examples where SSL_verify_mode and SSL_ca_path are passed to
> new(). So, I'm not sure what this patch is about.

Net::SMTP::SSL is merely steals all the code from Net::SMTP into a class
that has IO::Socket::SSL as its first inheritance line.

This works because Net::SMTP (no SSL) inherits from IO::Socket::INET
instead, and uses SUPER:: methods to access the latter's features.  So
by effectively replacing IO::Socket::INET with IO::Socket::SSL,
Net::SMTP::SSL can apply all of Net::SMTP's code on an SSL socket.


That SUPER:: access does not pass anything SSLey.  In particular,
Net::SMTP::SSL->new (which is just the same as Net::SMTP->new) runs this
to initialize its socket:

    $obj = $type->SUPER::new(
      PeerAddr => ($host = $h),
      PeerPort => $arg{Port} || 'smtp(25)',
      LocalAddr => $arg{LocalAddr},
      LocalPort => $arg{LocalPort},
      Proto     => 'tcp',
      Timeout   => defined $arg{Timeout}
      ? $arg{Timeout}
      : 120

Note the conspicuous absence of any kind of SSL arguments, or any kind
of args-I-don't-know-myself passthrough.

If you _do_ specify SSL arguments (i.e. key-value style arguments that
would normally be accepted by IO::Socket::SSL->new) to
Net::SMTP::SSL->new, they will simply be ignored, because of how the
key-value argument passing treats the argument list as a hash.

Does that clarify it?

This is all assuming I got the details vaguely correct, and the source
snippets are from my perl v5.18.1 installed by opensuse 13.1.

It turns out the server I was trying to talk to on Sunday had an expired
certificate, and despite the code from 35035bb, my efforts to set
SSL_VERIFY_NONE were futile.  Until I noticed the set_client_defaults()
trick.  So I'm pretty convinced the patch does *something* right.

Thomas Rast
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to