Bug#748740: Does not work anymore with https servers that use selfsigned certificates

Klaus Ethgen Klaus at Ethgen.de
Tue May 20 10:40:19 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package: libwww-perl
Version: 6.06-1
Severity: important

The newest version of libwww-perl does not connect to https servers with
selfsigned certificates anymore; even not with environment
PERL_LWP_SSL_VERIFY_HOSTNAME set to 0.

This is a major issue in the library as several third party modules
(like Zabbix::API) also doesn't work with encrypted connections anymore.

And it is even worse with debian trowed out the only trustable
certificate of cacert several weeks ago.

I have no exact version when this change was done but it looking at the
changelog I think it was introduced by 6.05 or 6.06 as it worked
recently.

- -- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (600, 'oldstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13.10 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash

Versions of packages libwww-perl depends on:
pn  ca-certificates             <none>
ii  libencode-locale-perl       1.03-1
ii  libfile-listing-perl        6.04-1
ii  libhtml-parser-perl         3.71-1+b1
ii  libhtml-tagset-perl         3.20-2
ii  libhtml-tree-perl           5.03-1
ii  libhttp-cookies-perl        6.00-2
ii  libhttp-date-perl           6.02-1
ii  libhttp-message-perl        6.06-1
ii  libhttp-negotiate-perl      6.00-2
ii  liblwp-mediatypes-perl      6.02-1
ii  liblwp-protocol-https-perl  6.04-3
ii  libnet-http-perl            6.06-1
ii  liburi-perl                 1.60-1
ii  libwww-robotrules-perl      6.01-1
ii  netbase                     5.2
ii  perl                        5.18.2-4

Versions of packages libwww-perl recommends:
ii  libhtml-form-perl    6.03-1
ii  libhtml-format-perl  2.11-1
ii  libhttp-daemon-perl  6.01-1
ii  libmailtools-perl    2.12-1

Versions of packages libwww-perl suggests:
pn  libauthen-ntlm-perl  <none>

- -- no debconf information

- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTezEOAAoJEKZ8CrGAGfasTEcMAK8CLTle5hQDe6W9Y2ojSGaS
45kMh/r3SdSIK0QzzJCsDnm2GMh/J6a+lvDiH3oZghTlXKGDNk5rk93VIIg3YG6+
wt8S4zCIDdr6yeVZDk7mlgntDcYOekZ16T230oFcOr7Rc0xal3KsNWDgMFe/RlIb
BatnhOyhPyVHteQMvSad9LPY+NuhGLGDtRK/y1I4XZRhQAXA3FWmgFkl86UEslfB
iiO1q/+ETtJ0PQKC0NOs019i0zg5UeoTH8GAr0oOzKnrRNlfaqcJEzwCVy1r1nDp
5VSlJYGNRRzPxIVasnPzGnC3Qxn9Usjz3nbNW8lV5P3JTU9cX7uHmGCEZ15xdorD
/k4s3hTiW5Zl6AMFl4TZqmdrcE+9K5OCGMMfaZS00pTSQwpCeWHF43rVU+J/dMUE
K7mwH3fuqg6qE3dECtbkzsHf/USURU2ZJGO5+4mc3dSgDYH8Psw7M2xXptS6Fzxy
TFRz6hngwZR5wYCYutraE34REhDJQ7IlnDNG2q7oYA==
=QJYZ
-----END PGP SIGNATURE-----

More information about the pkg-perl-maintainers mailing list