[Bug 1094442] perl-libwww-perl: incorrect handling of SSL certificate verification [fedora-all]
bugzilla at redhat.com
bugzilla at redhat.com
Mon May 26 11:20:51 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1094442
--- Comment #11 from Petr Pisar <ppisar at redhat.com> ---
There is no LWP environment variable or command line option to control that
currently.
It's possible to pass ssl_opts => {SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE} to LWP::UserAgent::new if you write your own
LWP application.
This is also discussed in the upstream report.
The reason why the PERL_LWP_SSL_VERIFY_HOSTNAME seemed to work before is the
IO::Socket::SSL < 1.950 defaulted to SSL_VERIFY_NONE. This has not been true
since Fedora 20. Unfortunately Fedora 20 delivered the flawed
LWP::Protocol::https, so it was not visible.
I agree with you that there should be way how to disable the certificate
validation externally.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=irfxxuxMrI&a=cc_unsubscribe
More information about the perl-devel
mailing list