EN VI

Perl SSL_verify_mode warning?

How to Perl SSL_verify_mode warning

Got some code (simple RESTAPI query) migrated from an old Linux machine to a new Linux machine where Perl modules have been installed in an unknown way.

Using the following modules :

use JSON;
use REST::Client;
use Data::Dumper;
use MIME::Base64;
use LWP::UserAgent;
use Date::Calc qw(:all);
use Getopt::Long;

And having $ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;

Got this warning message when executing the script (but it works) :

*******************************************************************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 possibly with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
  at /usr/share/perl5/LWP/Protocol/http.pm line 31.

Browsing internet leads me to a IO::Socket::SSL module, but it is in the same version than the older Linux (1.94).

LWP::UserAgent version is 6.05

So what would be the best way to avoid this nagging message ?

Solution:

As specified in the documentation for REST::Client, just pass a custom user agent to the constructor, like so:

use LWP::UserAgent;
use REST::Client;

my $ua = LWP::UserAgent->new;

$ua->ssl_opts(
    SSL_verify_mode => SSL_VERIFY_PEER,
    SSL_ca_file     => '/path/to/ca_cert.pem'
);

my $client = REST::Client->new({
    host      => 'https://your.internal.resource',
    useragent => $ua
});

But, as noted in the comments (thanks @Steffen Ullrich). You should really update your LWP::UserAgent, and IO::Socket::SSL dists, then you wouldn't have to do any of this.