Skip Menu |

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 83254
Status: resolved
Priority: 0/
Queue: libwww-perl
People
Owner: Nobody in particular
Requestors: blue [...] thisisnotmyrealemail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sun Feb 10 17:34:53 2013 blue [...] thisisnotmyrealemail.com - Ticket created
Subject: IO::Socket::SSL now issues warning when used with LWP's verify_hostname=>0
When setting ssl_opts => { verify_hostname => 0 }, IO::Socket::SSL issues the following warning: ******************************************************************* Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER together with SSL_ca_file|SSL_ca_path for verification. If you really don't want to verify the certificate and keep the connection open to Man-In-The-Middle attacks please set SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. ******************************************************************* at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/IO/Socket/SSL.pm line 309. IO::Socket::SSL::configure_SSL('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/IO/Socket/SSL.pm line 264 IO::Socket::SSL::configure('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/Net/HTTPS.pm line 68 Net::HTTPS::http_connect('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/Net/HTTP/Methods.pm line 76 Net::HTTP::Methods::http_configure('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/Net/HTTPS.pm line 49 Net::HTTPS::configure('LWP::Protocol::https::Socket=GLOB(0x7fcf53047400)', 'HASH(0x7fcf524e0fd8)') called at /home/perlbrew/perls/perl-5.16.2/lib/5.16.2/darwin-2level/IO/Socket.pm line 49 IO::Socket::new('LWP::Protocol::https::Socket', 'PeerAddr', 'www.apple.com', 'PeerPort', 443, 'LocalAddr', undef, 'Proto', 'tcp', ...) called at /home/perlbrew/perls/perl-5.16.2/lib/5.16.2/darwin-2level/IO/Socket/INET.pm line 37 IO::Socket::INET::new('LWP::Protocol::https::Socket', 'PeerAddr', 'www.apple.com', 'PeerPort', 443, 'LocalAddr', undef, 'Proto', 'tcp', ...) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/Protocol/http.pm line 31 LWP::Protocol::http::_new_socket('LWP::Protocol::https=HASH(0x7fcf53047178)', 'www.apple.com', 443, 30) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/Protocol/http.pm line 162 LWP::Protocol::http::request('LWP::Protocol::https=HASH(0x7fcf53047178)', 'HTTP::Request=HASH(0x7fcf530b30d0)', undef, undef, undef, 30) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/UserAgent.pm line 192 eval {...} called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/UserAgent.pm line 191 LWP::UserAgent::send_request('Bot=HASH(0x7fcf523e26a8)', 'HTTP::Request=HASH(0x7fcf530b30d0)', undef, undef) called at /home/perlbrew/perls/perl-5.16.2/lib/site_perl/5.16.2/LWP/UserAgent.pm line 274
  Tue Feb 19 15:38:33 2013 ether [...] cpan.org - Correspondence added
On Sun Feb 10 14:34:53 2013, blue wrote: Show quoted text
> When setting ssl_opts => { verify_hostname => 0 }, IO::Socket::SSL > issues the following warning: > > ******************************************************************* > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client > is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER > together with SSL_ca_file|SSL_ca_path for verification. > If you really don't want to verify the certificate and keep the > connection open to Man-In-The-Middle attacks please set > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. > *******************************************************************
The solution is to heed the warning you get, and pass through more options, e.g. ssl_opts => { verify_hostname => 0, SSL_verify_mode => SSL_VERIFY_NONE }. Only the caller can be sure whether PEER or NONE is the right choice.
  Tue Feb 19 15:38:34 2013 The RT System itself - Status changed from 'new' to 'open'
  Fri Mar 31 15:05:21 2017 olaf [...] wundersolutions.com - Correspondence added
Ticket migrated to github as https://github.com/libwww-perl/libwww-perl/issues/232
  Fri Mar 31 15:05:27 2017 olaf [...] wundersolutions.com - Status changed from 'open' to 'resolved'