pkg-perl-maintainers team mailing list archive

Thread
Date

[Bug 1408331] Re: libwww perl in ubuntu always enforces HTTPS server certificate

To: pkg-perl-maintainers@xxxxxxxxxxxxxxxxxxx
From: janl <janl@xxxxxxxxxxxxx>
Date: Thu, 08 Jan 2015 10:57:12 -0000
Reply-to: Bug 1408331 <1408331@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

So I changed LWP::Porotocol::https back and changed my program thus:

#    $ua->ssl_opts( verify_hostname => 0 );
    $ua->ssl_opts( SSL_verify_mode => 0 );

This causes the same error:

Error getting PE routers via REST to blc.serv.as2116.net: 500 Can't
connect to blc.serv.as2116.net:443 (certificate verify failed)(Can't
connect to blc.serv.as2116.net:443 (certificate verify failed)

So it's still not possible to disable the certificate check.  Not to
mention that the documentation in the package hasn't been updated to
reflect this.

#    $ua->ssl_opts( verify_hostname => 0 );
    $ua->ssl_opts( SSL_verify_mode => 0 );
    $ua->ssl_opts( SSL_verifycn_scheme => 'none' );

Additionally it seems to break the principle of least surprise, if
someone has working code tested with CPAN LWP and then tries to run it
on Ubuntu it will fail without explanation (or any documentation).

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libwww-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1408331

Title:
  libwww perl in ubuntu always enforces HTTPS server certificate

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libwww-perl/+bug/1408331/+subscriptions

References

[Bug 1408331] [NEW] libwww perl in ubuntu always enforces HTTPS server certificate
From: janl, 2015-01-07