> Marcus Carey wrote:
>
> Can someone explain the following warning?
>
> Client-SSL-Warning: Peer certificate not verified
>
> ActivePerl 623
> Windows IIS 5.0
> Windows 2000 Server
> Crypt-SSLeay from Activestate repository
>
Sorry for not getting back sooner, but its been a hard
week. I'm the maintainer of Crypt::SSLeay, and I don't have
a good answer for you. Its my guess that if
SSL_get_verify_result()
where called at some point, that cert verfication would be
established, and this warning would go away. By not doing
so, I guess, you don't really know that you are talking
to the true owner of that SSL domain, even though a
secure connection has been established.
This seems to be an important feature, and if desired,
I could probably get this set up as a config option
for Crypt::SSLeay's Net::SSL, and make sure it seems
to do the right thing when operating under perl's LWP.
--Josh
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
