Bug#954084: libnanomsg-raw-perl: Please verify server identity via SSL
Felix Lechner
felix.lechner at lease-up.com
Mon Mar 16 15:00:04 GMT 2020
Package: libnanomsg-raw-perl
Severity: important
Dear maintainer,
Your package uses the Perl module HTTP::Tiny to access an insecure URL
(http://cpanidx.org/cpanidx/json/mod/$pkg). Your package could use the
secure version.
Please remember to set HTTP::Tiny's verify_SSL attribute to a true
value. By default, that module does not validate the identity of
server certificates. The documentation states that "Server identity
verification is controversial and potentially tricky..." [1]
Will you please use the secure URL for https://cpanidx.org and turn on
the verify_SSL attribute in HTTP::Tiny?
Kind regards
Felix Lechner
[1] https://metacpan.org/pod/HTTP::Tiny#SSL-SUPPORT
More information about the pkg-perl-maintainers
mailing list