diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-09-16 16:49:00 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-09-16 16:50:31 +0200 |
| commit | 0e1e8e06debc4d7b00670eaa981ca5b382d90591 (patch) | |
| tree | 66fe976371bdec5a014e14ab954a44fe20256cab | |
| parent | 40864537f86e31e037a1232f015a06e9d73bf1e6 (diff) | |
Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES.
| -rw-r--r-- | Changelog | 1 | ||||
| -rw-r--r-- | lib/Net/IMAP/InterIMAP.pm | 2 |
2 files changed, 3 insertions, 0 deletions
@@ -25,6 +25,7 @@ interimap (0.2) upstream; * Don't set SO_KEEPALIVE on the socket. This is most likely useless in our case since the TCP keepalive time is usually much higher than the IMAP timeout. + * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. -- Guilhem Moulin <guilhem@guilhem.org> Wed, 09 Sep 2015 00:44:35 +0200 diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm index a0be91e..53fddec 100644 --- a/lib/Net/IMAP/InterIMAP.pm +++ b/lib/Net/IMAP/InterIMAP.pm @@ -1398,6 +1398,8 @@ sub _start_ssl($$) { or $self->_ssl_error("Can't load verify locations"); } Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_PEER()); + Net::SSLeay::CTX_set_purpose($ctx, Net::SSLeay::X509_PURPOSE_SSL_SERVER()) + or $self->_ssl_error("Can't set purpose"); } else { Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_NONE()); |