Bug#747225: libwww-perl: ignores SSL_verifycn_scheme in ssl_opts
Jakub Wilk
jwilk at debian.org
Tue May 6 13:44:46 UTC 2014
Package: libwww-perl
Version: 6.06-1
The attached test scripts tries to connect to
https://encrypted.google.com/ twice: once with default options, and once
with such SSL_verifycn_scheme in ssl_opts that disallows wildcards in CN
or subjectAltName.
The connection should fail in the latter case, because
encrypted.google.com have only "*.google.com" in both of these fields
(plus some other stuff in subjectAltName that wouldn't match anyway).
But both connection succeed:
$ perl test.pl
200 OK
200 OK
As a work-around, I can use IO::Socket::SSL::set_args_filter_hack(), but
it really should work out of the box.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libwww-perl depends on:
ii ca-certificates 20140325
ii libencode-locale-perl 1.03-1
ii libfile-listing-perl 6.04-1
ii libhtml-parser-perl 3.71-1+b1
ii libhtml-tagset-perl 3.20-2
ii libhtml-tree-perl 5.03-1
ii libhttp-cookies-perl 6.00-2
ii libhttp-date-perl 6.02-1
ii libhttp-message-perl 6.06-1
ii libhttp-negotiate-perl 6.00-2
ii liblwp-mediatypes-perl 6.02-1
ii liblwp-protocol-https-perl 6.04-2
ii libnet-http-perl 6.06-1
ii liburi-perl 1.60-1
ii libwww-robotrules-perl 6.01-1
ii netbase 5.2
ii perl 5.18.2-3
--
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.pl
Type: text/x-perl
Size: 431 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20140506/c3018bad/attachment.pl>
More information about the pkg-perl-maintainers
mailing list