# SSL verify mode



## MNIHKLOM (Dec 25, 2012)

Hi,

I did a few *portupgrade -f*.  And after rebooting the machine, I got some complaining messages about SSL_verify_mode, as shown below, which I do not know about where it come from.

```
Local package initialization: rtc***********************************************
********************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
  at /usr/local/sbin/ddclient line 1860
 xfstt.
Starting background file system checks in 60 seconds.
 
Mon Dec 10 10:51:21 ICT 2012
 
FreeBSD/amd64 (MNIHKLOM.jesgroup.in.th) (ttyv0)
```

My only installed ports that have some `SSL' in them are


```
[MNIHKLOM] ~% pkg_info -Ix SSL
p5-Crypt-SSLeay-0.64 Perl5 interface to allow p5-libwww LWP to make https connec
p5-IO-Socket-SSL-1.80 Perl5 interface to SSL sockets
p5-Net-SSLeay-1.49  Perl5 interface to SSL
```

I have no idea why these ports are installed.
Would anyone please suggest me some hints on recovering this ?

Thanks DutchDaemon for correcting me.


With best regards,
MNIHKLOM


----------



## jrm@ (Dec 25, 2012)

It looks like the errors are coming from /usr/local/sbin/ddclient, which gets installed by dns/ddclient.  Those other ports you listed are dependencies of dns/ddclient and they are a little old.

From my laptop:

```
% pkg info -d ddclient-3.8.1_1 
ddclient-3.8.1_1 depends on:
perl-5.16.2
p5-Net-SSLeay-1.51
p5-IO-Socket-SSL-1.81
```

I searched for words like "deprecated" in /usr/local/sbin/ddclient, but nothing relevant turned up.  This is just a guess, but maybe you have a newer dns/ddclient and it doesn't play nice with those older ports?

This /usr/local/etc/ddclient.conf works for me, but you may be using a different service, so it might not be so helpful.


```
daemon=300				# check every 300 seconds
syslog=yes				# log update msgs to syslog
mail=me@email.com                       # mail all msgs to...
mail-failure=me@email.com		# mail failed update msgs to...
pid=/var/run/ddclient.pid		# record PID in file.
ssl=yes					# use ssl-support.  Works with ssl-library
use=if, if=em0      	                # via interfaces
login=myusername			# default login
password=mypassword	    		# default password
```


----------



## MNIHKLOM (Dec 25, 2012)

jrm said:
			
		

> It looks like the errors are coming from /usr/local/sbin/ddclient, which gets installed by dns/ddclient.  Those other ports you listed are dependencies of dns/ddclient and they are a little old.
> 
> From my laptop:
> 
> ...



Hi,

Thank you very much for your valuable helps and hints.  At first, I check for all p5-* that ddclient depends on and find that p5-IO-Socket-SSL is indeed need to be upgraded.

```
[MNIHKLOM] ~% pkg_version -vsp5-IO
p5-IO-Compress-2.058                =   up-to-date with port
p5-IO-HTML-0.04                     =   up-to-date with port
p5-IO-Multiplex-1.13                =   up-to-date with port
p5-IO-Socket-IP-0.18                =   up-to-date with port
[color="Red"]p5-IO-Socket-SSL-1.80               <   needs updating (port has 1.81)[/color]
p5-IO-String-1.08                   =   up-to-date with port
```

I am updating that one now and restart /usr/local/etc/rc.d/ddclient without any (errors) message like the previous one, and hope that upon the next reboot there will not be any message again.

I thank you very much for your times indeed.

With best regards,
MNIHKLOM


----------



## MNIHKLOM (Dec 25, 2012)

Hi jrm,

That message disappear when rebooting.  I thank you indeed for your helps and hints and for your times.

Please mark this as [solved].

With best regards,
MNIHKLOM


----------



## fonz (Dec 25, 2012)

MNIHKLOM said:
			
		

> Please mark this as [solved].


You have to do that yourself.

Fonz


----------



## wblock@ (Dec 25, 2012)

MNIHKLOM said:
			
		

> Please mark this as [solved].



Edit the first message, go into advanced mode, and there's a dropdown before the title.


----------



## MNIHKLOM (Jan 8, 2013)

Hi,

Unfortunately, the message reappear*s* again.  I do not know how to and where shall I put SSL_ca_path or SSL_ca_file since I do not know all about SSL.

Would any one please give me some more lights of knowledge?

Thank you for any hints and helps.

With best regards,
MNIHKLOM


----------



## jrm@ (Feb 27, 2013)

I'm not sure why, but reinstalling security/p5-IO-Socket-SSL removes the message for me.


----------

