Skip Menu |

This queue is for tickets about the LWP-Protocol-https CPAN distribution.

Report information
The Basics
Id: 66561
Status: resolved
Priority: 0/
Queue: LWP-Protocol-https
People
Owner: Nobody in particular
Requestors: justincase [...] yopmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Mar 11 22:37:41 2011 justincase [...] yopmail.com - Ticket created
Subject: Crypt::SSLeay should work transparently with Mozilla::CA
Currently a user will get this if they have Crypt::SSLeay installed, but not IO::Socket::SSL: $ perl -MLWP::UserAgent -MMozilla::CA -E 'LWP::UserAgent->new->get("https://encrypted.google.com/")->dump'500 Can't connect to encrypted.google.com:443 (Crypt-SSLeay can't verify hostnames) ... Would it be possible for LWP to set the HTTPS_CA_FILE environment variable for Crypt::SSLeay? Then as long as Mozilla::CA is installed, either SSL backend module would work without the user having to tweak settings. $ perl -MLWP::UserAgent -MMozilla::CA -E '$ENV{HTTPS_CA_FILE}=Mozilla::CA::SSL_ca_file(); LWP::UserAgent->new->get("https://encrypted.google.com/")->dump' HTTP/1.1 200 OK ...
  Sat Mar 12 10:23:18 2011 GAAS [...] cpan.org - Correspondence added
Net::HTTPS will already set up $ENV{HTTPS_CA_FILE} based on Mozilla::CA's file. The issue is that Crypt::SSLeay don't implement what corresponds to the SSL_verifycn_scheme option for IO::Socket::SSL and this option is implied by the 'verify_hostname' option. If you disable 'verify_hostname' and set SSL_verify_mode => 1 then Net::SSL will verify that the certificate is legal, but only by setting various Client-* headers in the response.
  Sat Mar 12 10:23:18 2011 The RT System itself - Status changed from 'new' to 'open'
  Sat Mar 12 13:16:00 2011 justincase [...] yopmail.com - Correspondence added
From: justincase [...] yopmail.com
On Sat Mar 12 10:23:18 2011, GAAS wrote: Show quoted text
> Net::HTTPS will already set up $ENV{HTTPS_CA_FILE} based on > Mozilla::CA's file. The issue is > that Crypt::SSLeay don't implement what corresponds to the > SSL_verifycn_scheme option for > IO::Socket::SSL and this option is implied by the 'verify_hostname' > option. > > If you disable 'verify_hostname' and set SSL_verify_mode => 1 then > Net::SSL will verify that the > certificate is legal, but only by setting various Client-* headers in > the response.
As many, many modules have libwww-perl as a dependency, I was hoping this could be handled at the highest common level, instead of having each dependent module author trying to solve this themselves. Maybe make a note that this is on the todo wishlist, and some japh might submit a patch :) Until that happens, how about adding a method to test if the user needs to disable verify_hostname?
  Wed Jan 25 16:41:23 2017 ether [...] cpan.org - Correspondence added
migrated queues: libwww-perl -> LWP-Protocol-https
  Wed Jan 25 16:41:23 2017 ether [...] cpan.org - Queue changed from libwww-perl to LWP-Protocol-https
  Fri Mar 31 15:31:51 2017 olaf [...] wundersolutions.com - Correspondence added
Ticket migrated to github as https://github.com/libwww-perl/LWP-Protocol-https/issues/42
  Fri Mar 31 15:32:07 2017 olaf [...] wundersolutions.com - Status changed from 'open' to 'resolved'