From 35035bbf074d1a4c59cd5f99282c12197105da08 Mon Sep 17 00:00:00 2001 From: Ramkumar Ramachandra Date: Thu, 18 Jul 2013 09:53:11 -0700 Subject: send-email: be explicit with SSL certificate verification When initiating an SSL connection without explicitly specifying the SSL certificate verification mode, Net::SMTP::SSL defaults to no verification, but recent versions of the module gives a warning against this use of the default. Enable certificate verification by default, using /etc/ssl/certs as the default path for certificates of certificate authorities. This path can be overriden by the --smtp-ssl-cert-path command line option and the sendemail.smtpSSLCertPath configuration variable. Passing an empty string as the path for CA certificates path disables the SSL certificate verification explicitly, which does not trigger the warning from recent versions of Net::SMTP::SSL. Signed-off-by: Ramkumar Ramachandra Helped-by: Brian M. Carlson Signed-off-by: Junio C Hamano --- Documentation/config.txt | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Documentation/config.txt') diff --git a/Documentation/config.txt b/Documentation/config.txt index 6e53fc5074..4de154ca67 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -2022,6 +2022,10 @@ sendemail.smtpencryption:: sendemail.smtpssl:: Deprecated alias for 'sendemail.smtpencryption = ssl'. +sendemail.smtpsslcertpath:: + Path to ca-certificates (either a directory or a single file). + Set it to an empty string to disable certificate verification. + sendemail..*:: Identity-specific versions of the 'sendemail.*' parameters found below, taking precedence over those when the this -- cgit v1.2.1