Bug#735422: LWP::UserAgent: strange behavior of CA cert paths
Vincent Lefevre
vincent at vinc17.net
Wed May 14 07:51:49 UTC 2014
Control: retitle -1 LWP::UserAgent: strange behavior of CA cert paths with liblwp-protocol-https-perl 6.04-2 (CVE-2014-3230)
Control: reassign -1 liblwp-protocol-https-perl
Control: forcemerge 746579 735422
On 2014-05-06 16:17:06 +0200, Vincent Lefevre wrote:
> On 2014-05-06 15:34:11 +0200, Jakub Wilk wrote:
> > If think what you observed here is bug #746579.
>
> Yes, very probably. :(
>
> I suppose that the bugs should be merged.
I confirm that just after upgrading to the fixed
liblwp-protocol-https-perl (6.04-2 -> 6.04-3),
env PERL_LWP_SSL_CA_PATH=/ HTTPS_CA_DIR=/home/vinc17/wd/config/cacert:/etc/ssl/certs twitget
now says:
500 Can't connect to api.twitter.com:443
meaning that the certificate wasn't checked with 6.04-2.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the pkg-perl-maintainers
mailing list