If Crypt::SSLeay is installed, and LWP uses it, one can set
$ENV{HTTP_CA_DIR} = 1;
and verify the server. (Setting it to a true seems to enable
verification and still use the compiled in certificate paths.)
So, for my self-signed certificate:
$ HTTPS_CA_DIR=1 HEAD https://hank.org/
500 SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed
Content-Type: text/plain
Client-Date: Fri, 23 Jan 2009 01:32:43 GMT
Client-Warning: Internal response
But, what if IO::Socket::SSL is used (which I assume is used if
Crypt::SSLeay isn't installed and IO::Socket::SSL is). How to I force
verification? I see there's a SSL_verify_mode option for
IO::Socket::SSL, but I don't see how to enable it.
What I'm after, of course, is to make sure when I connect to an SSL
site that the certificate is validated.
--
Bill Moseley
mose...@hank.org
Sent from my iMutt
