Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES.

author Guilhem Moulin <guilhem@fripost.org>

Wed, 16 Sep 2015 14:49:00 +0000 (16:49 +0200)

committer Guilhem Moulin <guilhem@fripost.org>

Wed, 16 Sep 2015 14:50:31 +0000 (16:50 +0200)
author Guilhem Moulin <guilhem@fripost.org>
Wed, 16 Sep 2015 14:49:00 +0000 (16:49 +0200)
committer Guilhem Moulin <guilhem@fripost.org>
Wed, 16 Sep 2015 14:50:31 +0000 (16:50 +0200)
diff --git a/Changelog b/Changelog

index cf11878a1f2f8454db2c35feaa037e9629ceed14..820ee6ff3fda6e111b488d49f5a86c1099d1a940 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -25,6 +25,7 @@ interimap (0.2) upstream;
    * Don't set SO_KEEPALIVE on the socket.  This is most likely useless
      in our case since the TCP keepalive time is usually much higher than
      the IMAP timeout.
+  * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES.
  
   -- Guilhem Moulin <guilhem@guilhem.org>  Wed, 09 Sep 2015 00:44:35 +0200
  
diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm

index a0be91efa6485d7d67f09a9bebab4cb6a12443a5..53fddecd0bbd8ac9678cf7787136f09f36611dde 100644 (file)
--- a/lib/Net/IMAP/InterIMAP.pm
+++ b/lib/Net/IMAP/InterIMAP.pm
@@ -1398,6 +1398,8 @@ sub _start_ssl($$) {
                  or $self->_ssl_error("Can't load verify locations");
          }
          Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_PEER());
+        Net::SSLeay::CTX_set_purpose($ctx, Net::SSLeay::X509_PURPOSE_SSL_SERVER())
+                or $self->_ssl_error("Can't set purpose");
      }
      else {
          Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_NONE());
author	Guilhem Moulin <guilhem@fripost.org>
	Wed, 16 Sep 2015 14:49:00 +0000 (16:49 +0200)
committer	Guilhem Moulin <guilhem@fripost.org>
	Wed, 16 Sep 2015 14:50:31 +0000 (16:50 +0200)
Changelog		patch \| blob \| history
lib/Net/IMAP/InterIMAP.pm		patch \| blob \| history