Bug#1061660: liblwp-protocol-https-perl: Fail to verify certificates

[Christian Marillat]

On 29 janv. 2024 20:58, gregor herrmann <gregoa at debian.org> wrote:

> On Mon, 29 Jan 2024 08:53:45 +0100, Christian Marillat wrote:

[...]

>> This diff fix this issue.
>
> Thanks for checking.
> Alright, so we know that 
> 1) something is different between your and my environment, and
> 2) one of the two small changes between 6.11 and 6.12 causes errors
>    for you
>
> Could you try which of the two hunks is the culprit? My very random
> guess is that it's the first one [0]; for some reason my laptop
> prefers IPv4 although I also have IPv6 …

My DMZ doesn't have IPv6.

The second hunk fix this issue for me.

,----
| @@ -96,9 +96,12 @@
|  if ( $Net::HTTPS::SSL_SOCKET_CLASS->can('start_SSL')) {
|      *_upgrade_sock = sub {
|         my ($self,$sock,$url) = @_;
| +    # SNI should be passed there only if it is not an IP address.
| +    # Details: https://github.com/libwww-perl/libwww-perl/issues/449#issuecomment-1896175509
| +       my $host = $url->host_port() =~ m/:|^[\d.]+$/s ? undef : $url->host();
|         $sock = LWP::Protocol::https::Socket->start_SSL( $sock,
|             SSL_verifycn_name => $url->host,
| -           SSL_hostname => $url->host,
| +           SSL_hostname => $host,
|             $self->_extra_sock_opts,
|         );
|         $@ = LWP::Protocol::https::Socket->errstr if ! $sock;
`----

Christian