Hi
all.
I've been making out fairly well with my usage of LWP
and IO::Socket::SSL, to the point where I'm trying to include a list of trusted
peer server and CA certs to trust.
The only problem is I can't seem to force OpenSSL to
drop all non-trusted/verified SSL connections. If I try connecting to a site
that I don't current have a trusted root for, the connection handshake is
established and all I have to show for it is the response header
client-ssl-warning' => 'Peer certificate not verified'.
This of course isn't desirable. I need to force a
connection break during the hand shaking, not after the connection is
established.
Is there an OpenSSL environment variable I can set to
require SSL cert verification?
Thanks!
- Chris
