Bug#748740: Does not work anymore with https servers that use selfsigned certificates
Klaus Ethgen
Klaus at Ethgen.de
Tue May 20 10:40:19 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: libwww-perl
Version: 6.06-1
Severity: important
The newest version of libwww-perl does not connect to https servers with
selfsigned certificates anymore; even not with environment
PERL_LWP_SSL_VERIFY_HOSTNAME set to 0.
This is a major issue in the library as several third party modules
(like Zabbix::API) also doesn't work with encrypted connections anymore.
And it is even worse with debian trowed out the only trustable
certificate of cacert several weeks ago.
I have no exact version when this change was done but it looking at the
changelog I think it was introduced by 6.05 or 6.06 as it worked
recently.
- -- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (800, 'unstable'), (600, 'oldstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13.10 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash
Versions of packages libwww-perl depends on:
pn ca-certificates <none>
ii libencode-locale-perl 1.03-1
ii libfile-listing-perl 6.04-1
ii libhtml-parser-perl 3.71-1+b1
ii libhtml-tagset-perl 3.20-2
ii libhtml-tree-perl 5.03-1
ii libhttp-cookies-perl 6.00-2
ii libhttp-date-perl 6.02-1
ii libhttp-message-perl 6.06-1
ii libhttp-negotiate-perl 6.00-2
ii liblwp-mediatypes-perl 6.02-1
ii liblwp-protocol-https-perl 6.04-3
ii libnet-http-perl 6.06-1
ii liburi-perl 1.60-1
ii libwww-robotrules-perl 6.01-1
ii netbase 5.2
ii perl 5.18.2-4
Versions of packages libwww-perl recommends:
ii libhtml-form-perl 6.03-1
ii libhtml-format-perl 2.11-1
ii libhttp-daemon-perl 6.01-1
ii libmailtools-perl 2.12-1
Versions of packages libwww-perl suggests:
pn libauthen-ntlm-perl <none>
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTezEOAAoJEKZ8CrGAGfasTEcMAK8CLTle5hQDe6W9Y2ojSGaS
45kMh/r3SdSIK0QzzJCsDnm2GMh/J6a+lvDiH3oZghTlXKGDNk5rk93VIIg3YG6+
wt8S4zCIDdr6yeVZDk7mlgntDcYOekZ16T230oFcOr7Rc0xal3KsNWDgMFe/RlIb
BatnhOyhPyVHteQMvSad9LPY+NuhGLGDtRK/y1I4XZRhQAXA3FWmgFkl86UEslfB
iiO1q/+ETtJ0PQKC0NOs019i0zg5UeoTH8GAr0oOzKnrRNlfaqcJEzwCVy1r1nDp
5VSlJYGNRRzPxIVasnPzGnC3Qxn9Usjz3nbNW8lV5P3JTU9cX7uHmGCEZ15xdorD
/k4s3hTiW5Zl6AMFl4TZqmdrcE+9K5OCGMMfaZS00pTSQwpCeWHF43rVU+J/dMUE
K7mwH3fuqg6qE3dECtbkzsHf/USURU2ZJGO5+4mc3dSgDYH8Psw7M2xXptS6Fzxy
TFRz6hngwZR5wYCYutraE34REhDJQ7IlnDNG2q7oYA==
=QJYZ
-----END PGP SIGNATURE-----
More information about the pkg-perl-maintainers
mailing list