[Bug 1094442] perl-libwww-perl: incorrect handling of SSL certificate verification [fedora-all]
bugzilla at redhat.com
bugzilla at redhat.com
Fri May 23 09:39:38 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1094442
--- Comment #6 from Jan Pazdziora <jpazdziora at redhat.com> ---
The patch used between -3 and -4 is
- $ssl_opts{SSL_verify_mode} = 0;
+ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
+ $ssl_opts{SSL_verifycn_scheme} = '';
+ } else {
+ $ssl_opts{SSL_verifycn_scheme} = 'none';
+ }
Not sure what the intention was but with the 6.04-4 and website with
self-signed certificate like,
PERL_LWP_SSL_VERIFY_HOSTNAME=0 HEAD -Se https://www.pcwebshop.co.uk/ ; echo $?
is now broken:
HEAD https://www.pcwebshop.co.uk/
500 Can't connect to www.pcwebshop.co.uk:443
Content-Type: text/plain
Client-Date: Fri, 23 May 2014 09:36:01 GMT
Client-Warning: Internal response
1
This used to work with 6.04-3:
# PERL_LWP_SSL_VERIFY_HOSTNAME=0 HEAD -Se https://www.pcwebshop.co.uk/ ; echo
$?
HEAD https://www.pcwebshop.co.uk/
200 OK
Connection: close
Date: Fri, 23 May 2014 09:36:12 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Client-Date: Fri, 23 May 2014 09:36:12 GMT
Client-Peer: 217.160.239.225:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels
Panel/CN=Parallels Panel/emailAddress=info at parallels.com
Client-SSL-Cert-Subject: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels
Panel/CN=Parallels Panel/emailAddress=info at parallels.com
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Socket-Class: IO::Socket::SSL
Client-SSL-Warning: Peer certificate not verified
Set-Cookie: wptouch-pro-cache-state=desktop; expires=Fri, 23-May-2014 10:36:12
GMT; path=/
X-Pingback: https://www.pcwebshop.co.uk/xmlrpc.php
X-Powered-By: PleskLin
0
It's because it gets translated to call
# perl -le 'use LWP::Protocol::https; my $sock =
LWP::Protocol::https::Socket->new(Timeout => 180, PeerAddr =>
"www.pcwebshop.co.uk", SSL_verify_mode => 0, PeerPort => "443"); print $sock;
print $IO::Socket::SSL::SSL_ERROR;'
LWP::Protocol::https::Socket=GLOB(0x10b1a98)
SSL wants a read first
#
in 6.04-3 (note the SSL_verify_mode => 0) but to
# perl -le 'use LWP::Protocol::https; my $sock =
LWP::Protocol::https::Socket->new(Timeout => 180, PeerAddr =>
"www.pcwebshop.co.uk", SSL_verifycn_schema => "none", PeerPort => "443"); print
$sock; print $IO::Socket::SSL::SSL_ERROR;'
IO::Socket::IP configuration failed SSL connect attempt failed with unknown
error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
in 6.04-4 -- note there is no SSL_verify_mode => 0 there in the parameters,
just SSL_verifycn_schema => "none".
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dboXiUt0fO&a=cc_unsubscribe
More information about the perl-devel
mailing list