Bug#908027: XML::Stream defaults to verifying certificates but fails to provide a working default ssl_ca_path
gregor herrmann
gregoa at debian.org
Wed Sep 5 15:38:19 BST 2018
On Wed, 05 Sep 2018 11:28:29 +0200, Florian Schlichting wrote:
> * Chris Hofstaedtler <zeha at debian.org> writes:
> > OTOH, XML::Stream then defaults to verifying certificates, if TLS is
> > on, but does not provide a default where to find any certificates.
>
> IMHO this is broken by default, and we should provide a default path
> to commonly accepted certificates in Debian, i.e. /etc/ssl/certs (or
> switch the default for ssl_verify to skip verification, but I think
> that's not the Right Thing To Do.)
[..]
> gregoa, would you agree that this is indeed something that should be
> fixed in XML::Stream? You were handling the original bug against
> libnet-xmpp-perl / sendxmpp and sounded rather cautious to fix this in
> the library layers...
First of all, sorry for not replying to Chris' mail (was on my TODO
list and somehow slipped out of view in my debian-perl mail folder).
To your question: I don't remember the details, just that I got a
headache when vading through the different codebases :) It may well
be that my assessment back then was sub-optimal, and if both Chris
and you think that it makes more sense to fix this in XML::Stream,
please, by all means, go ahead!
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Bettina Wegner: napoleon und lysistra
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20180905/2d435f48/attachment.sig>
More information about the pkg-perl-maintainers
mailing list