From 0e1e8e06debc4d7b00670eaa981ca5b382d90591 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 16 Sep 2015 16:49:00 +0200 Subject: Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. --- Changelog | 1 + lib/Net/IMAP/InterIMAP.pm | 2 ++ 2 files changed, 3 insertions(+) diff --git a/Changelog b/Changelog index cf11878..820ee6f 100644 --- a/Changelog +++ b/Changelog @@ -25,6 +25,7 @@ interimap (0.2) upstream; * Don't set SO_KEEPALIVE on the socket. This is most likely useless in our case since the TCP keepalive time is usually much higher than the IMAP timeout. + * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. -- Guilhem Moulin Wed, 09 Sep 2015 00:44:35 +0200 diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm index a0be91e..53fddec 100644 --- a/lib/Net/IMAP/InterIMAP.pm +++ b/lib/Net/IMAP/InterIMAP.pm @@ -1398,6 +1398,8 @@ sub _start_ssl($$) { or $self->_ssl_error("Can't load verify locations"); } Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_PEER()); + Net::SSLeay::CTX_set_purpose($ctx, Net::SSLeay::X509_PURPOSE_SSL_SERVER()) + or $self->_ssl_error("Can't set purpose"); } else { Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_NONE()); -- cgit v1.2.3