Bug#776230: libwww-perl: false positive(?) "Client-SSL-Warning: Peer certificate not verified" with keep-alive
Jakub Wilk
jwilk at debian.org
Sun Jan 25 18:53:24 UTC 2015
Package: libwww-perl
Version: 6.08-1
When keep-alive is enabled then second (and subsequent) requests to the
same HTTPS host causes "Client-SSL-Warning: Peer certificate not
verified" headers in the response headers. Hopefully this is false
positive: since the requests reused the existing connection, there was
nothing to check.
To reproduce, run the attached test script:
$ perl test_keepalive_https.pl
Client-SSL-Warning: (none)
Client-SSL-Warning: Peer certificate not verified
Client-SSL-Warning: Peer certificate not verified
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libwww-perl depends on:
ii ca-certificates 20141019
ii libencode-locale-perl 1.03-1
ii libfile-listing-perl 6.04-1
ii libhtml-parser-perl 3.71-1+b3
ii libhtml-tagset-perl 3.20-2
ii libhtml-tree-perl 5.03-1
ii libhttp-cookies-perl 6.01-1
ii libhttp-date-perl 6.02-1
ii libhttp-message-perl 6.06-1
ii libhttp-negotiate-perl 6.00-2
ii liblwp-mediatypes-perl 6.02-1
ii liblwp-protocol-https-perl 6.06-2
ii libnet-http-perl 6.07-1
ii liburi-perl 1.64-1
ii libwww-robotrules-perl 6.01-1
ii netbase 5.3
ii perl 5.20.1-4
--
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_keepalive_https.pl
Type: text/x-perl
Size: 288 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20150125/5077d045/attachment.pl>
More information about the pkg-perl-maintainers
mailing list