Bug#748740: Does not work anymore with https servers that use selfsigned certificates
Klaus Ethgen
Klaus at Ethgen.de
Tue May 20 12:04:57 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I tracked it down to libio-socket-ssl-perl versions 1.951-1 and above.
And version 1.93-2 gives some errors I never saw before:
*******************************************************************
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don't want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
at /usr/share/perl5/LWP/Protocol/http.pm line 21.
But that might be a combination between libio-socket-ssl-perl and
libwww-perl.
But this message is somewhat stupid to me. I have always
PERL_LWP_SSL_VERIFY_HOSTNAME set to 0 as I do not trust the big SSL
players and it is just a false security measurement to trust in them. If
I explicitly want to trust a certificate I take them from different
channels and specify them. But even then it does not work with the new
library with pointing PERL_LWP_SSL_CA_FILE to the file with the current
certificate.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTe0ToAAoJEKZ8CrGAGfasALkL/jWkIWwwoBUvgWdwg6dIQ2XM
OoZadvyT6SJUXPUJEwXfBMCZUYCAftYvhlA+tQL5WNPX5Mktf9wLrDlNTziFeupQ
WimBspUrc40JK3K9MoJdeHqsI9sUH8P4eyvMt/PvsMez6n3F9LmHNhrjxuUgB3zH
KtNnebcQMS8PWtooDkb0pQA9cn1slT01WxdmgUkAwrevd/uTTy/A53gBDnbXQ4EM
pZyU88KzvGlN6T0sME1eDqJ5ynJON9LoV7PBStch6tUV1gqiyi3nT9mHauZa8UI7
jGD7WXto2tVenPKVfA/dLxMFxuQ2eGsS/EE/IHHypHAAfy/SqYm5jxmo8StXYY3E
/ie63QGQYWXaV5YEkqsQ3+FCOC1u3ec6v/MLCet2dL17P5fpXlEBn9pHTyksaAs5
WdT97FnjcddsVSURcgN2ZjzLD+7Yk1bDwtatg0bsxAOmQleiXoYOVwvFp758FwjQ
0/gKkbnSIjmSnNOEBqfRfxNALePKhCxxBwYaqt+yoA==
=H04c
-----END PGP SIGNATURE-----
More information about the pkg-perl-maintainers
mailing list