Bug #57367 for Net-SSLGlue: Requested doc addition

RT for rt.cpan.org

This queue is for tickets about the Net-SSLGlue CPAN distribution.

Report information

The Basics

Id:	57367
Status:	resolved
Priority:	0/
Queue:	Net-SSLGlue

People

Owner:	Nobody in particular
Requestors:	PMOONEY [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	(no value)
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Tue May 11 05:12:42 2010 PMOONEY [...] cpan.org - Ticket created

Subject:

Requested doc addition

In my usage the certificate had a CN of *.givex.com, so the host dev-gapi.givex.com matched. However it was not an exact match so I had to use this config: local $Net::SSLGlue::LWP::SSLopts{SSL_ca_file} = '/path/to/file'; $Net::SSLGlue::LWP::SSLopts{SSL_verifycn_scheme} = { wildcards_in_cn => 'anywhere', check_cn => 'when_only' } That way the certificate was validated correctly. With out this I could not connect and it took me a while to figure out what was wrong.

Tue May 11 14:50:31 2010 Steffen_Ullrich [...] genua.de - Correspondence added

The documentation says explicitly, that the SSL_verfify_scheme 'https' is used which is the right choice for https connection. According to RFC 2818 this scheme does not allow wildcards in CN, only in subjectAltNames. Nevertheless I've added an example to the documentation in 0.2_1 which shows how to override the scheme, not without pointing out that overriding should only be necessary for certificates which are used against the specification in the RFC.

Tue May 11 14:50:33 2010 The RT System itself - Status changed from 'new' to 'open'

Tue May 11 14:50:33 2010 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'