2

When trying to connect to a test SSL SOAP server with an invalid certificate, Perl is printing out this massive chunk of text:

*******************************************************************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************

It turns out that this is coming from IO::Socket::SSL (which would be a nice detail to include in the warning text, donchathink?), but I'm never referencing IO::Socket::SSL directly; it's only a dependency of SOAP::Lite somewhere down the chain. It seems like I should be able to pass options to it somehow, but none of the things I've tried seem to work.

Notably, setting IO::Socket::SSL's defaults using its set_defaults method doesn't resolve the warning.

How can I pass SSL options to IO::Socket::SSL when it's being used from SOAP::Lite?

wfaulk
  • 1,765
  • 1
  • 17
  • 24

1 Answers1

4

First, setting IO::Socket::SSL's defaults doesn't get rid of the warning because the logic it uses to see if the warning needs to be printed out has to do with whether or not it's using its defaults.

I finally found, after a lot of time in the Perl debugger, that this invocation would work:

$soap = SOAP::Lite->proxy("https://example.com:443/soapuri", ssl_opts => [ SSL_verify_mode => 0 ] );

This ultimately tells it to call the ssl_opts method in LWP::UserAgent with the provided array (NOT hash) reference. (BTW, 0 is equivalent to IO::Socket::SSL::SSL_VERIFY_NONE.) Despite the way I've written it, note that the arguments to proxy are string-scalar, string-scalar, and array-ref to string-scalar and number-scalar.

Using the arguments to proxy may be the only way to pass this data on, despite other documentation.

wfaulk
  • 1,765
  • 1
  • 17
  • 24
  • It is odd that SOAP::Lite requires an array-reference for ssl_opts (and the option isn't documented), but that the underlying LWP::UserAgent requires a hash-reference for ssl_opts (which is documented). (That's what tripped me up until I read this answer.) – kjpires Apr 08 '22 at 14:41