RE: Quick question about 'client-ssl-warning' => 'Peer certificate not verified'
Have you tried setting the verify mode? It's
ignored by default.
From man IO::Socket::SSL:
This option sets the verification mode for the peer
The default (0x00) does no authentication. You may combine
(verify peer), 0x02 (fail verification if no peer
exists; ignored for clients), and 0x04 (verify client once)
change the default.
[mailto:[hidden email]] On Behalf Of Chris
Mckenzie Sent: Tuesday, 07 June, 2005 11:13 AM To:
'[hidden email]' Subject: Quick question about
'client-ssl-warning' => 'Peer certificate not verified'
I've been making out fairly well with my usage of LWP
and IO::Socket::SSL, to the point where I'm trying to include a list of trusted
peer server and CA certs to trust.
The only problem is I can't seem to force OpenSSL to
drop all non-trusted/verified SSL connections. If I try connecting to a site
that I don't current have a trusted root for, the connection handshake is
established and all I have to show for it is the response header
client-ssl-warning' => 'Peer certificate not verified'.
This of course isn't desirable. I need to force a
connection break during the hand shaking, not after the connection is
Is there an OpenSSL environment variable I can set to
require SSL cert verification?