mojolicious SSL verify warning

Jonathan Larmour jifl at
Tue Apr 30 10:04:18 PDT 2019


I recently did a somewhat-overdue system update on my CentOS 7 server,
which included an update to perl-Mojolicious.

I now get these annoying warnings:
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 possibly with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
  at /usr/share/perl5/vendor_perl/Mojo/IOLoop/ line 37.

Everything works okay, the warning is just an annoyance, but I wanted rid
of it.

I see from debug output, that verify mode is on, and so MOJO_CA_FILE is
set in get_links_schedule_mojo(). So I've changed it to:

 if ( $verify_mode ) {
   if ( -f $ca_file ) {
      $ENV{MOJO_CA_FILE} = $ca_file;
      IO::Socket::SSL::set_defaults(SSL_verify_mode =>
   } else {
      main::logger "WARNING: LWP CA file not found: $ca_file\n" if
 } else {
   IO::Socket::SSL::set_defaults(SSL_verify_mode =>

(my mailer will probably mess the whitespace here sorry).

I'm not definite the SSL_VERIFY_NONE line is also required since my system
doesn't use that code path, but it seems like a belts-and-braces approach
to set it.

OOI, my IO::Socket::SSL version is derived from 1.94 which is relevant
when you consider: but yes that
is still the latest for CentOS 7.

Hopefully this is correct, but if this could be updated similarly (or
better :-)) in get_iplayer master, then that would be great, thanks.

--["No sense being pessimistic, it wouldn't work anyway"]-- Opinions==mine

More information about the get_iplayer mailing list