Bug #76310 for IO-Socket-SSL: Docs claim start_SSL calls require the hostname, but actually they don't seem to

RT for rt.cpan.org

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information

The Basics

Id:	76310
Status:	resolved
Priority:	0/
Queue:	IO-Socket-SSL

People

Owner:	Nobody in particular
Requestors:	DOHERTY [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	(no value)
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Wed Apr 04 14:48:32 2012 DOHERTY [...] cpan.org - Ticket created

Perhaps IO::Socket::SSL is smarter than the documentation indicates. In the documentation for start_SSL: "Using PeerHost or PeerAddr works only if you create the connection directly with IO::Socket::SSL->new, if an IO::Socket::INET object is upgraded with start_SSL the name has to be given in SSL_verifycn_name." Well, I don't see that HTTP::Tiny provides SSL_verifycn_name in the start_SSL call that upgrades the IO::Socket::INET object - but I also don't notice any problems because of it.

Wed Apr 04 14:49:22 2012 DOHERTY [...] cpan.org - Subject changed from (no value) to 'Docs claim start_SSL calls require the hostname, but actually they don't seem to'

Fri Apr 06 17:00:32 2012 Steffen_Ullrich [...] genua.de - Correspondence added

Show quoted text

> Well, I don't see that HTTP::Tiny provides SSL_verifycn_name in the > start_SSL call that upgrades the IO::Socket::INET object - but I also > don't notice any problems because of it.

HTTP::Tiny does not use start_SSL to check the certificate, but calls verify_hostname by hand after establishing the connection - and it provides a hostname when calling verify_hostname. I've tried to make this behavior more clear with updated documentation for 1.64

Fri Apr 06 17:00:34 2012 The RT System itself - Status changed from 'new' to 'open'

Fri Apr 06 17:00:34 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'