Bug#748740: Does not work anymore with https servers that use selfsigned certificates

Klaus Ethgen Klaus at Ethgen.de
Tue May 20 12:04:57 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I tracked it down to libio-socket-ssl-perl versions 1.951-1 and above.
And version 1.93-2 gives some errors I never saw before:
   *******************************************************************
    Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
    is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
    together with SSL_ca_file|SSL_ca_path for verification.
    If you really don't want to verify the certificate and keep the
    connection open to Man-In-The-Middle attacks please set
    SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
   *******************************************************************
     at /usr/share/perl5/LWP/Protocol/http.pm line 21.

But that might be a combination between libio-socket-ssl-perl and
libwww-perl.

But this message is somewhat stupid to me. I have always
PERL_LWP_SSL_VERIFY_HOSTNAME set to 0 as I do not trust the big SSL
players and it is just a false security measurement to trust in them. If
I explicitly want to trust a certificate I take them from different
channels and specify them. But even then it does not work with the new
library with pointing PERL_LWP_SSL_CA_FILE to the file with the current
certificate.

Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTe0ToAAoJEKZ8CrGAGfasALkL/jWkIWwwoBUvgWdwg6dIQ2XM
OoZadvyT6SJUXPUJEwXfBMCZUYCAftYvhlA+tQL5WNPX5Mktf9wLrDlNTziFeupQ
WimBspUrc40JK3K9MoJdeHqsI9sUH8P4eyvMt/PvsMez6n3F9LmHNhrjxuUgB3zH
KtNnebcQMS8PWtooDkb0pQA9cn1slT01WxdmgUkAwrevd/uTTy/A53gBDnbXQ4EM
pZyU88KzvGlN6T0sME1eDqJ5ynJON9LoV7PBStch6tUV1gqiyi3nT9mHauZa8UI7
jGD7WXto2tVenPKVfA/dLxMFxuQ2eGsS/EE/IHHypHAAfy/SqYm5jxmo8StXYY3E
/ie63QGQYWXaV5YEkqsQ3+FCOC1u3ec6v/MLCet2dL17P5fpXlEBn9pHTyksaAs5
WdT97FnjcddsVSURcgN2ZjzLD+7Yk1bDwtatg0bsxAOmQleiXoYOVwvFp758FwjQ
0/gKkbnSIjmSnNOEBqfRfxNALePKhCxxBwYaqt+yoA==
=H04c
-----END PGP SIGNATURE-----

More information about the pkg-perl-maintainers mailing list