[Bug 1094442] perl-libwww-perl: incorrect handling of SSL certificate verification [fedora-all]

bugzilla at redhat.com bugzilla at redhat.com
Mon May 26 10:55:43 UTC 2014


https://bugzilla.redhat.com/show_bug.cgi?id=1094442

Jan Pazdziora <jpazdziora at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |needinfo?(ppisar at redhat.com
                   |                            |)



--- Comment #10 from Jan Pazdziora <jpazdziora at redhat.com> ---
(In reply to Petr Pisar from comment #9)
> Thank you for the report. However there are two mistakes:
> 
> (1) The IO::Socket::SSL::new option is "SSL_verifycn_scheme", not
> "SSL_verifycn_schema". Thus you could not find it in the documentation.

Ahh, sorry about that
.
> (2) The 6.04-3 behavior was flawed. As you can read in the upstream bug
> report, the "SSL_verify_mode" option is about checking hostname. It's not
> intended to control certificate validation. The same applies to
> "PERL_LWP_SSL_VERIFY_HOSTNAME" environment variable. 6.04-4 has restored the
> behavior which presented before 6.04.

So what is the way for making HTTP requests to websites with self-signed
certificates from perl, if the user does not care about the CA chain
validation?

In other way, what is the way for making LWP behave the same way it used to
behave with pre-6 version?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=YQLMEZWrv3&a=cc_unsubscribe



More information about the perl-devel mailing list