Bug#735422: LWP::UserAgent: strange behavior of CA cert paths

Vincent Lefevre vincent at vinc17.net
Wed May 14 07:51:49 UTC 2014


Control: retitle -1 LWP::UserAgent: strange behavior of CA cert paths with liblwp-protocol-https-perl 6.04-2 (CVE-2014-3230)
Control: reassign -1 liblwp-protocol-https-perl
Control: forcemerge 746579 735422

On 2014-05-06 16:17:06 +0200, Vincent Lefevre wrote:
> On 2014-05-06 15:34:11 +0200, Jakub Wilk wrote:
> > If think what you observed here is bug #746579.
> 
> Yes, very probably. :(
> 
> I suppose that the bugs should be merged.

I confirm that just after upgrading to the fixed
liblwp-protocol-https-perl (6.04-2 -> 6.04-3),

  env PERL_LWP_SSL_CA_PATH=/ HTTPS_CA_DIR=/home/vinc17/wd/config/cacert:/etc/ssl/certs twitget

now says:

  500 Can't connect to api.twitter.com:443

meaning that the certificate wasn't checked with 6.04-2.

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



More information about the pkg-perl-maintainers mailing list