Bug#826039: liblwp-protocol-https-perl: Two versions of https.pm (6.06) have different contents and one always checks certificates
Adrian Edwards
ae_mrs at yahoo.co.uk
Fri Jun 3 14:01:54 UTC 2016
Hi
The ENV is the second line in the script and no ssl_opts are set.
I did also try with SSL_verify_mode => 0 and verify_hostname => 0 at one
point, but not sure which module versions were installed or referenced at
the time. But it didn't work at the time, which led me to look into the
modules.
One script, by way of example, that fails is here:
http://blog.slucas.fr/blog/esxi-control
Adding $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} at the top and trying to connect
to something with a self signed cert produces the error.
Hopefully this will give you something to work with to get to the bottom of
the issue.
Many thanks
Adrian
-----Original Message-----
From: Dominique Dumont [mailto:dod at debian.org]
Sent: 03 June 2016 12:31
To: 826039 at bugs.debian.org
Cc: 826039-submitter at bugs.debian.org
Subject: Bug#826039: liblwp-protocol-https-perl: Two versions of https.pm
(6.06) have different contents and one always checks certificates
Hi
Note that:
* LWP::Protocol::https works with LWP::UserAgent
* LWP::Protocol::https on CPAN and on Debian/Jessie have the same version
with some differences to better integrate with Debian (for instance, Debian
certificates are used instead of Mozilla::CA)
* LWP::UserAgent is v 6.02 on Debian/jessie and 6.15 on CPAN
The last point is expected and may explain the different behavior.
Could you check that:
* $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} is set *before* creating LWP::UserAgent
* LWP::UserAgent is created without ssl_opts/verify_hostname parameter
HTH
--
https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
More information about the pkg-perl-maintainers
mailing list