Bug#1061660: liblwp-protocol-https-perl: Fail to verify certificates
Christian Marillat
marillat at debian.org
Tue Jan 30 07:13:56 GMT 2024
On 29 janv. 2024 20:58, gregor herrmann <gregoa at debian.org> wrote:
> On Mon, 29 Jan 2024 08:53:45 +0100, Christian Marillat wrote:
[...]
>> This diff fix this issue.
>
> Thanks for checking.
> Alright, so we know that
> 1) something is different between your and my environment, and
> 2) one of the two small changes between 6.11 and 6.12 causes errors
> for you
>
> Could you try which of the two hunks is the culprit? My very random
> guess is that it's the first one [0]; for some reason my laptop
> prefers IPv4 although I also have IPv6 …
My DMZ doesn't have IPv6.
The second hunk fix this issue for me.
,----
| @@ -96,9 +96,12 @@
| if ( $Net::HTTPS::SSL_SOCKET_CLASS->can('start_SSL')) {
| *_upgrade_sock = sub {
| my ($self,$sock,$url) = @_;
| + # SNI should be passed there only if it is not an IP address.
| + # Details: https://github.com/libwww-perl/libwww-perl/issues/449#issuecomment-1896175509
| + my $host = $url->host_port() =~ m/:|^[\d.]+$/s ? undef : $url->host();
| $sock = LWP::Protocol::https::Socket->start_SSL( $sock,
| SSL_verifycn_name => $url->host,
| - SSL_hostname => $url->host,
| + SSL_hostname => $host,
| $self->_extra_sock_opts,
| );
| $@ = LWP::Protocol::https::Socket->errstr if ! $sock;
`----
Christian
More information about the pkg-perl-maintainers
mailing list