VMware {code} Community

SSL_verify_mode of SSL_VERIFY_NONE for client is depreciated!

Hi All I having trouble using the below command: using VMware-vSphere-Perl-SDK-5.1.0-780721.x86_64
VI_SERVER= VI_CREDSTORE=/etc/vicredentials.xml /usr/lib/vmware-vcli/apps/vm/vmcontrol.pl --operation reset --vmname testhost.test.local

Which gives me this :
Server version unavailable at '' at /usr/share/perl5/VMware/VICommon.pm line 545.

So I run this which fixes the above error which leads me to the next: : export PERL_LWP_SSL_VERIFY_HOSTNAME=0

Run this command again:

VI_SERVER= VI_CREDSTORE=/etc/vicredentials.xml /usr/lib/vmware-vcli/apps/vm/vmcontrol.pl --operation reset --vmname testhost.test.local
And now get this error:
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don't want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
   at /usr/local/share/perl5/LWP/Protocol/http.pm line 31
   vim +31 /usr/local/share/perl5/LWP/Protocol/http.pm
       my $sock = $self->socket_class->new(PeerAddr => $host,
                                        PeerPort => $port,
                                        LocalAddr => $self->{ua}{local_address},
                                        Proto    => 'tcp',
                                        Timeout  => $timeout,
                                        KeepAlive => !!$conn_cache,
                                        SendTE    => 1,
                                        $self->_extra_sock_opts($host, $port),
Now the next part I am confused on:...
These links below might provide the answer as I am a newbie to all the Perl fun...
Anyone know?
15 Replies

I have been experiencing the same exact issue as well.  Hoping somebody can provide some input.

0 Kudos

The maintainers of IO::Socket::SSL added the additional check in a recent version (1.79 maybe?).

The problem I believe is that the LWP::UserAgent doesn't even expose the configuraiton options for environment variables.  To make it more complicated, the VMware VICommon.pm has two seperate locations where UserAgent is created (Vim::query_server_version & SoapClient::new).  Both would have to be changed to effectively fix the issue.

Just out of curiousity, what version of IO::Socket::SSL are you using?  Run the following to print out the version number.

perl -M'IO::Socket::SSL' -e 'print "$IO::Socket::SSL::VERSION\n"'

I haven't been able to try this since none of my environments are using one of the newest IO::Socket::SSL versions, but maybe try switching to Net::SSL as a work around?  Alternatively, perhaps drop down to an older version of IO::Socket::SSL.

Try adding this to the end of your script, let me know if it works.  This _should_ switch to Net::SSL.  You may have to install Net::SSL. 





Reuben Stump | http://www.virtuin.com | @ReubenStump
0 Kudos

I could only get that warning string if I explicity imported IO::Socket::SSL in my script.  If I imported Net::SSL just after, it worked.

If the BEGIN { } block doesn't fix it as specified above, try import Net::SSL right after VMware::VIRuntime. 

use VMware::VIRuntime;
use Net::SSL;

There's may be some preference (intended or not) for Net::SSL, or some other change in how LWP determine what SSL socket class to use.

Let me know if either option works.  You may also need to install Net::SSL.

Reuben Stump | http://www.virtuin.com | @ReubenStump

Hi stumpr,
Thanks for your reply:
I have downgraded to: I just downgraded to IO::Socket::SSL 1.77 as mentioned here: http://communities.vmware.com/thread/428081?tstart=0

Through this in the shell: export PERL_LWP_SSL_VERIFY_HOSTNAME=0

Tried the command again: VI_SERVER= VI_CREDSTORE=/etc/vicredentials.xml /usr/lib/vmware-vcli/apps/vm/vmcontrol.pl --operation reset --vmname testhost.test.local
It now lags for a while, then I get this awesome error Smiley Happy

SOAP request error - possibly a protocol issue:
Then it spits a tonne of XML on the server details etc...

Did a : cpan > install Net::SSL : found out it was already installed an I am using Net::SSL (2.85).

Added this to: 
vim /usr/share/perl5/VMware/VICommon.pm
No difference am I altering the right file, sorry MASSIVE perl newbie so I am going to need step by step instructions....


0 Kudos

Ok so then I searched these forums some more and found an answer to the LAG SOAP error and used someones solution to  this:

Start cpan shell: perl -MCPAN -e shell
In the shell, type: install GAAS/Net-HTTP-6.03.tar.gz

VI_SERVER= VI_CREDSTORE=/etc/vicredentials.xml /usr/lib/vmware-vcli/apps/vm/vmcontrol.pl --operation reset --vmname testhost.test.local

virtual machine 'testhost.test.local' under host  reset successfully

It then worked Smiley Happy

Seriouslly a freaken pain:

* Downgrade to IO-Socket-SSL from 1.77

* Use these instructions next:

Start cpan shell: perl -MCPAN -e shell
In the shell, type: install GAAS/Net-HTTP-6.03.tar.gz
Let me know how you guys go I have a dream of having a Linux / Pacemaker cluster one day and need this for "Fencing"...

0 Kudos

The IO::Socket::SSL update really shook things up and the modules that depend on it don't have the fall through options to modify the underlying ssl_opts built in.  It's a bit of a mess 😕

To be fair, it's not really a VMware SDK issue, but I do think some enhancements could be added to support it better.  It's a legitimate concern to stress the issue of blindly trusting certificates. 

I suppose the proper solution would be to write a utility script to accept and build a certificate store that can be access with the CA ENV options that IO::Socket::SSL wants instead of SSL_verify_none.

Reuben Stump | http://www.virtuin.com | @ReubenStump

I have gotten the same problem and now, I found out the cause for my environment.

1. https_proxy

My environment is befind a proxy, and "export https_proxy=..." seemed to be evil for vCLI.

If you are using proxy, try "unset https_proxy".

2. Perl_module version

As mentioned in http://search.cpan.org/~gaas/libwww-perl-6.04/lib/LWP/UserAgent.pm,

LWP will for secure protocol schemes ensure it connects to servers that have a valid certificate matching the expected hostname.

in newer version than libwww-perl-5.837. libwww-perl-5.837 and earlier releases have no problem.

So what I did is,

remove ~/.cpan files and reinstall libwww-perl for my env.

cpan> i /libwww-perl/


Distribution    GAAS/libwww-perl-5.837.tar.gz
Distribution    GAAS/libwww-perl-6.01.tar.gz
Distribution    GAAS/libwww-perl-6.04.tar.gz
Author          LWWWP ("The libwww-perl mailing list" <libwww@perl.org>)
4 items found
cpan> install GAAS/libwww-perl-5.837.tar.gz
and now, my vCLI is working well.

Hope this help you.



It seems it was deprecated when LWP changed from 5.8x to 6.0. The culprit is LWP::UserAgent.

You can bypass the issue by downloading the SSL certificate from the vCenter and setting HTTPS_CA_FILE=MyCertFile.

Since there is -for now, I hope- what to disable the check enforcement on the LWP module, would it be possible to add the cert file as one of the standard parameters on the Perl SDK?



0 Kudos


It's works.

0 Kudos


Thank you SO mych, degdoo, your post sorted me after many hours of trawling through the Net!

I run Open SuSE 11.4 as a standalone server, trying to connect to my ESXi 5.0 server , and had endless trouble trying to run any vSphere SDK for Perl script ( like the connect.pl )

I installed vSphere SDK for Perl on a standalone server, with the aim to run the HealthCheck script on it.

I got these errors:

Server version unavailable at 'https://X.X.X.X:443/sdk/vimService.wsdl' at /usr/lib/perl5/5.12.3/VMware/VICommon.pm line 545, <STDIN> line 2.

I also set the environment variable:


This resulted in the following error, plus a very long wait, and finally, another error:


Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don't want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
  at /usr/lib/perl5/site_perl/5.12.3/LWP/Protocol/http.pm line 31
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don't want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
  at /usr/lib/perl5/site_perl/5.12.3/LWP/Protocol/http.pm line 31
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don't want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
  at /usr/lib/perl5/site_perl/5.12.3/LWP/Protocol/http.pm line 31
Connection Successful
SOAP request error - possibly a protocol issue: <?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
<RetrievePropertiesResponse xmlns="urn:vim25"><returnval><obj type="ServiceInstance">ServiceInstance</obj><propSet><name>capability</name><val xsi:type="Capability"><provisioningSupported>false</provisioningSupported><multiHostSupported>false</multiHostSupported><userShellAccessSupported>true</userShellAccessSupported></val></propSet><propSet><name>content</name><val xsi:type="ServiceContent"><rootFolder type="Folder">ha-folder-root</rootFolder><propertyCollector type="PropertyCollector">ha-property-collector</propertyCollector><viewManager type="ViewManager">V


I followed the instructions posted by "degdoo", installing "libwww-perl" as instructed.

This works 100% now, and I don't even have to set the environment variable as listed above!

Thanks again, this was very useful, and saved me a lot of time.

0 Kudos

install GAAS/libwww-perl-5.837.tar.gz

Also, worked for me - Thanks


0 Kudos
VMware Employee
VMware Employee

works for me!

0 Kudos

Hey! I also have the same problem, but unfortunately degdoo advise didn't help....

Does anyone knows how to solve this issue?


0 Kudos

Thanks a lot degdoo.

I was having the same problem and your solution resolved the problem for me.

0 Kudos

Thanks, your info made my day end with a smile!

0 Kudos