Bug #61409 for Finance-Bank-ID-BCA: Finance::Bank::ID::BCA does not verify SSL certificate or certificate CN

RT for rt.cpan.org

This queue is for tickets about the Finance-Bank-ID-BCA CPAN distribution.

Report information

The Basics

Id:	61409
Status:	resolved
Worked:	1 hour (60 min)
Priority:	0/
Queue:	Finance-Bank-ID-BCA

People

Owner:	Nobody in particular
Requestors:	william [...] shallum.net
Cc:
AdminCc:

Bug Information

Severity:	(no value)
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Thu Sep 16 21:44:28 2010 william [...] shallum.net - Ticket created

Subject:	Finance::Bank::ID::BCA does not verify SSL certificate or certificate CN
Date:	Fri, 17 Sep 2010 08:44:12 +0700
To:	bug-Finance-Bank-ID-BCA [...] rt.cpan.org
From:	William Shallum <william [...] shallum.net>

While using the Finance::Bank::ID::BCA module I noticed that it didn't check the SSL certificate. Wouldn't it be nice if there were some instructions in the docs to set HTTPS_CA_DIR / HTTPS_CA_FILE (for peer certificate verification)? It would also be nice to check that the certificate's CN is really ibank.klikbca.com.

Wed Sep 22 22:52:29 2010 sharyanto [...] cpan.org - Correspondence added 60 min

Thank you for the suggestion. I have released 0.10 which has the new verify_https option. When enabled, this will check SSL certificate using Crypt::SSLeay's HTTPS_CA_DIR and also match host using LWP's $req->header ('If-SSL-Cert-Subject'). Please try it out. Regards, Steven

Wed Sep 22 22:52:29 2010 The RT System itself - Status changed from 'new' to 'open'

Wed Sep 22 22:52:30 2010 sharyanto [...] cpan.org - Status changed from 'open' to 'resolved'