Andrew's git / gitweb.git / diff
?
Merge branch 'rk/send-email-ssl-cert'
authorJunio C Hamano <gitster@pobox.com>
Mon, 27 Jan 2014 18:44:34 +0000 (10:44 -0800)
committerJunio C Hamano <gitster@pobox.com>
Mon, 27 Jan 2014 18:44:34 +0000 (10:44 -0800)
The "if /etc/ssl/certs/ directory exists, explicitly telling the
library to use it as SSL_ca_path" blind-defaulting in "git
send-email" broke platforms where /etc/ssl/certs/ directory exists,
but it cannot used as SSL_ca_path (e.g. Fedora rawhide). Fix it by
not specifying any SSL_ca_path/SSL_ca_file but still asking for peer
verification in such a case.

* rk/send-email-ssl-cert:
send-email: /etc/ssl/certs/ directory may not be usable as ca_path

1  2 
git-send-email.perl patch | diff1 | diff2 | blob | history
diff --combined git-send-email.perl
index 2016d9c6198957943a8bd2510e217fe72412062a,689944f71bf911a25c7d480a3a2869dde4ace7af..fdb0029b597898559376b1b28d692450794251f3
--- 1/git-send-email.perl
--- 2/git-send-email.perl
+++ b/git-send-email.perl
@@@ -291,7 -291,7 +291,7 @@@ my $rc = GetOptions("h" => \$help
                    "smtp-pass:s" => \$smtp_authpass,
                    "smtp-ssl" => sub { $smtp_encryption = 'ssl' },
                    "smtp-encryption=s" => \$smtp_encryption,
 -                  "smtp-ssl-cert-path" => \$smtp_ssl_cert_path,
 +                  "smtp-ssl-cert-path=s" => \$smtp_ssl_cert_path,
                    "smtp-debug:i" => \$debug_net_smtp,
                    "smtp-domain:s" => \$smtp_domain,
                    "identity=s" => \$identity,
@@@ -1095,7 -1095,8 +1095,8 @@@ sub ssl_verify_params 
        }
  
        if (!defined $smtp_ssl_cert_path) {
-               $smtp_ssl_cert_path = "/etc/ssl/certs";
+               # use the OpenSSL defaults
+               return (SSL_verify_mode => SSL_VERIFY_PEER());
        }
  
        if ($smtp_ssl_cert_path eq "") {
@@@ -1214,14 -1215,10 +1215,14 @@@ X-Mailer: git-send-email $gitversio
                        $smtp_server_port ||= 465; # ssmtp
                        require Net::SMTP::SSL;
                        $smtp_domain ||= maildomain();
 +                      require IO::Socket::SSL;
 +                      # Net::SMTP::SSL->new() does not forward any SSL options
 +                      IO::Socket::SSL::set_client_defaults(
 +                              ssl_verify_params());
                        $smtp ||= Net::SMTP::SSL->new($smtp_server,
                                                      Hello => $smtp_domain,
                                                      Port => $smtp_server_port,
 -                                                    ssl_verify_params());
 +                                                    Debug => $debug_net_smtp);
                }
                else {
                        require Net::SMTP;