SSL verify mode

MNIHKLOM

MNIHKLOM

Hi,

I did a few portupgrade -f. And after rebooting the machine, I got some complaining messages about SSL_verify_mode, as shown below, which I do not know about where it come from.
Code: 
Local package initialization: rtc***********************************************
********************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
  at /usr/local/sbin/ddclient line 1860
 xfstt.
Starting background file system checks in 60 seconds.
 
Mon Dec 10 10:51:21 ICT 2012
 
FreeBSD/amd64 (MNIHKLOM.jesgroup.in.th) (ttyv0)

My only installed ports that have some `SSL' in them are

Code: 
[MNIHKLOM] ~% pkg_info -Ix SSL
p5-Crypt-SSLeay-0.64 Perl5 interface to allow p5-libwww LWP to make https connec
p5-IO-Socket-SSL-1.80 Perl5 interface to SSL sockets
p5-Net-SSLeay-1.49  Perl5 interface to SSL

I have no idea why these ports are installed.
Would anyone please suggest me some hints on recovering this ?

Thanks DutchDaemon for correcting me.


With best regards,
MNIHKLOM
 
It looks like the errors are coming from /usr/local/sbin/ddclient, which gets installed by dns/ddclient. Those other ports you listed are dependencies of dns/ddclient and they are a little old.

From my laptop:
Code: 
% pkg info -d ddclient-3.8.1_1 
ddclient-3.8.1_1 depends on:
perl-5.16.2
p5-Net-SSLeay-1.51
p5-IO-Socket-SSL-1.81

I searched for words like "deprecated" in /usr/local/sbin/ddclient, but nothing relevant turned up. This is just a guess, but maybe you have a newer dns/ddclient and it doesn't play nice with those older ports?

This /usr/local/etc/ddclient.conf works for me, but you may be using a different service, so it might not be so helpful.

Code: 
daemon=300				# check every 300 seconds
syslog=yes				# log update msgs to syslog
mail=me@email.com                       # mail all msgs to...
mail-failure=me@email.com		# mail failed update msgs to...
pid=/var/run/ddclient.pid		# record PID in file.
ssl=yes					# use ssl-support.  Works with ssl-library
use=if, if=em0      	                # via interfaces
login=myusername			# default login
password=mypassword	    		# default password
 
jrm said:
It looks like the errors are coming from /usr/local/sbin/ddclient, which gets installed by dns/ddclient. Those other ports you listed are dependencies of dns/ddclient and they are a little old.

From my laptop:
Code: 
% pkg info -d ddclient-3.8.1_1 
ddclient-3.8.1_1 depends on:
perl-5.16.2
p5-Net-SSLeay-1.51
p5-IO-Socket-SSL-1.81

I searched for words like "deprecated" in /usr/local/sbin/ddclient, but nothing relevant turned up. This is just a guess, but maybe you have a newer dns/ddclient and it doesn't play nice with those older ports?

This /usr/local/etc/ddclient.conf works for me, but you may be using a different service, so it might not be so helpful.

Code: 
daemon=300				# check every 300 seconds
syslog=yes				# log update msgs to syslog
mail=me@email.com                       # mail all msgs to...
mail-failure=me@email.com		# mail failed update msgs to...
pid=/var/run/ddclient.pid		# record PID in file.
ssl=yes					# use ssl-support.  Works with ssl-library
use=if, if=em0      	                # via interfaces
login=myusername			# default login
password=mypassword	    		# default password
Click to expand...

Hi,

Thank you very much for your valuable helps and hints. At first, I check for all p5-* that ddclient depends on and find that p5-IO-Socket-SSL is indeed need to be upgraded.
Code: 
[MNIHKLOM] ~% pkg_version -vsp5-IO
p5-IO-Compress-2.058                =   up-to-date with port
p5-IO-HTML-0.04                     =   up-to-date with port
p5-IO-Multiplex-1.13                =   up-to-date with port
p5-IO-Socket-IP-0.18                =   up-to-date with port
[color="Red"]p5-IO-Socket-SSL-1.80               <   needs updating (port has 1.81)[/color]
p5-IO-String-1.08                   =   up-to-date with port

I am updating that one now and restart /usr/local/etc/rc.d/ddclient without any (errors) message like the previous one, and hope that upon the next reboot there will not be any message again.

I thank you very much for your times indeed.

With best regards,
MNIHKLOM
 
Hi jrm,

That message disappear when rebooting. I thank you indeed for your helps and hints and for your times.

Please mark this as [solved].

With best regards,
MNIHKLOM
 
Hi,

Unfortunately, the message reappears again. I do not know how to and where shall I put SSL_ca_path or SSL_ca_file since I do not know all about SSL.

Would any one please give me some more lights of knowledge?

Thank you for any hints and helps.

With best regards,
MNIHKLOM
 
You must log in or register to reply here.
Back
Top