| Subject: | Error in handing PERL_LWP_SSL_VERIFY_HOSTNAME |
| Date: | Tue, 23 Sep 2014 12:02:38 +0000 |
| To: | "bug-libwww-perl [...] rt.cpan.org" <bug-libwww-perl [...] rt.cpan.org> |
| From: | Piotr Cofta <piotr.cofta [...] origamienergy.com> |
Hello,
Module LWP::UserAgent
Perl version: 5.18.2
Linux Mint 17
I am using this module as a part of VMWare command-line interface. My server has a self-signed certificate and I do not want it to be verified, as the verification fails for the lack of any common root CA. There is a recommendation to set environment variable PERL_LWP_SSL_VERIFY_HOSTNAME to zero to suppress verification, but in my case it was insufficient: I was still receiving errors about SSL3_GET_SERVER_CERFIFICATE.
I looked at the code (open source !) and in UserAgent.pm, line 37 I made a change that seems to remove the problem. I have set SSL_verify_mode to zero if verify_hostname is set to zero. It helped.
if (exists $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}) {
$ssl_opts->{verify_hostname} = $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME};
if($ssl_opts->{verify_hostname}==0) {
$ssl_opts->{SSL_verify_mode} = 0; }
}
Please verify/use/improve.
BR.
Dr Piotr Cofta CISSP FBCS SIEEE
Software Architect
Piotr.Cofta@origamienergy.com<mailto:Piotr.Cofta@origamienergy.com>
www.origamienergy.com<http://www.origamienergy.com/>
origamienergy
shapingenergywithtechnology
Technical Office:
Origami Energy Ltd
F13 Future Business Centre
King's Hedges Road
Cambridge
CB4 2HY
Registered Office:
Origami Energy Ltd
Ashcombe Court
Woolsack Way
Godalming
GU7 1LQ
This email and any attachments transmitted with it are confidential and intended
solely for the individual or entity to whom they are addressed. Please notify the
sender immediately if you are not the intended recipient and then delete
the email from your inbox and do not disclose the contents to another person,
use, copy or store the information in any medium.
Save trees. Print only when necessary.