Ubuntu
libwww-perl package

  1. Bug #1408331
  2. Comment #6

Comment 6 for bug 1408331

Revision history for this message
Erik Squires (erik-squires) wrote :

The problem is fixed by LWP::Protocol::https version 6.06. You can either get it from there, or at least patch the bad method. To make it easier, here is the fix, below. The issue seems to be the first else:

sub _extra_sock_opts
{
    my $self = shift;
    my %ssl_opts = %{$self->{ua}{ssl_opts} || {}};
    if (delete $ssl_opts{verify_hostname}) {
 $ssl_opts{SSL_verify_mode} ||= 1;
 $ssl_opts{SSL_verifycn_scheme} = 'www';
    }
    else {
 $ssl_opts{SSL_verify_mode} = 0;
    }
    if ($ssl_opts{SSL_verify_mode}) {
 unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
     eval {
  require Mozilla::CA;
     };
     if ($@) {
  if ($@ =! /^Can't locate Mozilla\/CA\.pm/) {
      $@ = <<'EOT';
Can't verify SSL peers without knowing which Certificate Authorities to trust

This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
environment variable or by installing the Mozilla::CA module.

To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
environment variable to 0. If you do this you can't be sure that you
communicate with the expected peer.
EOT
  }
  die $@;
     }
     $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
 }
    }
    $self->{ssl_opts} = \%ssl_opts;
    return (%ssl_opts, $self->SUPER::_extra_sock_opts);
}