"Bitte Entschuldigung" for my inability to speak German; What you see is a warning, not an error. This means that you can ignore it and the system still works. Currently if you would retrieve emails via IMAPS the certificate on the server is not checked; this means the traffic is encrypted but it could be that someone would trick you into authenticating to a fake server which would possibly expose your IMAP password and data. This is the 'Man in the Middle-attack' which is stated in the message. With the new IO::Socket::SSL version it now is also possible to force the check of the CA of the certificate; this is nice because can prevent these attack types; however it would mean that everyone with an internal mail server with a self-signed certificate would have a problem fetching mail. Of course we could create a GUI to manage the keyring or store certificate exceptions, but this would be lots of work. So I think, for now, we should turn off the warning by default, or maybe make it configurable. The authors of the IO::Socket::SSL module will switch the default in the near future to always verify, so if you would update the module and you happen to have a self-signed cert your OTRS will break if we do not make a change! https://www.metacpan.org/source/SULLR/IO-Socket-SSL-1.81/Changes Kindest regards from Hessen, Michiel Beijen OTRS Group If anyone else would have g On Thu, Dec 6, 2012 at 9:25 AM, Stefan Sabolowitsch < Stefan.Sabolowitsch@felten-group.com> wrote:
Hallo noch mal, hat da jemand eine Idee ? Ich sehe das bei allen Distributionen (*nix) es dieses Upgrade gab und einige andere Applikation die IO-Socket-SSL nutzen ebenfalls diese Meldung bringen.
Habe hier OTRS 3.1.7 + ITSM
Danke und Gruß Stefan Sabolowitsch
#-#-#-#-#-#-#-#- Hallo zusammen, nach dem Upgrade von p5-IO-Socket-SSL-1.77 wird zyklisch beim E-Mails abholen dieser Hinweis generiert.
******************************************************************* Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER together with SSL_ca_file|SSL_ca_path for verification. If you really don't want to verify the certificate and keep the connection open to Man-In-The-Middle attacks please set SSL_verify_mode explicitly to SSL_VERIFY_NONE i your application. ******************************************************************* at /usr/local/otrs/Kernel/cpan-lib/Net/IMAP/Simple.pm line 152
Irgend eine Idee.
Danke und Gruß Stefan Sabolowitsch --------------------------------------------------------------------- OTRS mailing list: otrs-de - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs-de To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de