@@ -1,4 +1,10 @@
 
+v1.35 2010.12.06
+- if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be
+  verified as valid it will no longer fall back to VERIFY_NONE but throw
+  an error. Thanks to Salvatore Bonaccorso and Daniel Kahn Gillmor for
+  pointing out the problem, see also 
+  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058
 v1.34 2010.11.01
 - schema http for certificate verification changed to 
   wildcards_in_cn=1, because according to rfc2818 this is valid and

@@ -1,6 +1,6 @@
 --- #YAML:1.0
 name:               IO-Socket-SSL
-version:            1.34
+version:            1.35
 abstract:           Nearly transparent SSL encapsulation for IO::Socket::INET.
 author:
     - Steffen Ullrich & Peter Behroozi & Marko Asplund
@@ -17,7 +17,7 @@ no_index:
     directory:
         - t
         - inc
-generated_by:       ExtUtils::MakeMaker version 6.54
+generated_by:       ExtUtils::MakeMaker version 6.55_02
 meta-spec:
     url:      http://module-build.sourceforge.net/META-spec-v1.4.html
     version:  1.4

@@ -78,7 +78,7 @@ BEGIN {
 	}) {
 		@ISA = qw(IO::Socket::INET);
 	}
-	$VERSION = '1.34';
+	$VERSION = '1.35';
 	$GLOBAL_CONTEXT_ARGS = {};
 
 	#Make $DEBUG another name for $Net::SSLeay::trace
@@ -1366,12 +1366,7 @@ sub new {
 	if ( $verify_mode != Net::SSLeay::VERIFY_NONE() and
 		! Net::SSLeay::CTX_load_verify_locations(
 			$ctx, $arg_hash->{SSL_ca_file} || '',$arg_hash->{SSL_ca_path} || '') ) {
-		if ( ! $arg_hash->{SSL_ca_file} && ! $arg_hash->{SSL_ca_path} ) {
-			carp("No certificate verification because neither SSL_ca_file nor SSL_ca_path known");
-			$verify_mode = Net::SSLeay::VERIFY_NONE();
-		} else {
-			return IO::Socket::SSL->error("Invalid certificate authority locations");
-		}
+		return IO::Socket::SSL->error("Invalid certificate authority locations");
 	}
 
 	if ($arg_hash->{'SSL_check_crl'}) {