SSL: Allow disabling peer verification.

diff --git a/lib/Net/IMAP/Sync.pm b/lib/Net/IMAP/Sync.pm
index 61930e7347c7acc12be0156b9c50b659a3f3ce3e..2c2a4348028a783a234e55d03e939bb947b50556 100644 (file)
--- a/lib/Net/IMAP/Sync.pm
+++ b/lib/Net/IMAP/Sync.pm
@@ -50,6 +50,7 @@ my %OPTIONS = (
     SSL_ca_path => qr/\A(\P{Control}+)\z/,
     SSL_cipher_list => qr/\A(\P{Control}+)\z/,
     SSL_fingerprint => qr/\A([A-Za-z0-9]+\$\p{AHex}+)\z/,
+    SSL_verify_peer => qr/\A(TRUE|FALSE)\z/i,
 );
 
 
@@ -245,9 +246,12 @@ sub new($%) {
             $socket = IO::Socket::INET->new(%args) or $self->fail("Cannot bind: $@");
         }
         else {
+            require 'IO/Socket/SSL.pm';
+            if (defined (my $vrfy = delete $self->{SSL_verify_peer})) {
+                $args{SSL_verify_mode} = 0 if uc $vrfy eq 'FALSE';
+            }
             my $fpr = delete $self->{SSL_fingerprint};
             $args{$_} = $self->{$_} foreach grep /^SSL_/, keys %$self;
-            require 'IO/Socket/SSL.pm';
             $socket = IO::Socket::SSL->new(%args)
                 or $self->fail("Failed connect or SSL handshake: $!\n$IO::Socket::SSL::SSL_ERROR");
 
@@ -309,8 +313,12 @@ sub new($%) {
             require 'IO/Socket/SSL.pm';
             $self->_send('STARTTLS');
 
+            my %sslargs;
+            if (defined (my $vrfy = delete $self->{SSL_verify_peer})) {
+                $sslargs{SSL_verify_mode} = 0 if uc $vrfy eq 'FALSE';
+            }
             my $fpr = delete $self->{SSL_fingerprint};
-            my %sslargs = %$self{ grep /^SSL_/, keys %$self };
+            $sslargs{$_} = $self->{$_} foreach grep /^SSL_/, keys %$self;
             IO::Socket::SSL->start_SSL($self->{STDIN}, %sslargs)
                 or $self->fail("Failed SSL handshake: $!\n$IO::Socket::SSL::SSL_ERROR");