Skip Menu |
 

This queue is for tickets about the LWP-Protocol-https CPAN distribution.

Report information
The Basics
Id: 61340
Status: resolved
Priority: 0/
Queue: LWP-Protocol-https

People
Owner: Nobody in particular
Requestors: skneizys [...] figsolutions.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Old Bug, Revisited: Peer certificate not verified
Date: Tue, 14 Sep 2010 19:50:24 -0400
To: bug-libwww-perl [...] rt.cpan.org
From: Steven Kneizys <skneizys [...] figsolutions.com>
Download (untitled) / with headers
text/plain 2.2k
I am using LWP with https protocol. The message "Peer certificate not verified" appears for me even with the patch from 2003 below. However, with a little tweak, the intent of the original bug fix can be extended to cover Net::SSLeay ... works for me anyway. With Net::SSLeay configured to do peer verification and a successful verification the message is turned off analogous to Crypt::SSLeay. The original code in LWP/Protocol/https.pm is: if(! eval { $sock->get_peer_verify }) { $res->header("Client-SSL-Warning" => "Peer certificate not verified"); } Revised code: if ((! eval { $sock->get_peer_verify }) && (! eval {Net::SSLeay::get_verify_mode($sock)})) { $res->header("Client-SSL-Warning" => "Peer certificate not verified"); } Original fix: Re: PATCH: Peer certificate not verified for https Crypt::SSLeay Gisle Aas Wed, 15 Oct 2003 03:37:04 -0700 Another year old patch eventually applied. Regards, Gisle Joshua Chamas <[EMAIL PROTECTED]> writes: Show quoted text
> Hey, > > Here is a patch against libwww-perl-5.64 that turns off the > "Client-SSL-Warning" => "Peer certificate not verified" > when Crypt::SSLeay has been configured to do peer certificate > verification. By wrapping the call in an eval {}, this patch > should also be compatible with other SSL implementations that > do not support this sock->get_peer_verify API. > > [EMAIL PROTECTED] libwww-perl-5.64]# diff -u lib/LWP/Protocol/https.pm.old
Show quoted text
> lib/LWP/Protocol/https.pm > --- lib/LWP/Protocol/https.pm.old Fri Nov 16 18:10:28 2001 > +++ lib/LWP/Protocol/https.pm Mon Mar 18 12:38:37 2002 > @@ -34,7 +34,9 @@ > $res->header("Client-SSL-Cert-Subject" => $cert->subject_name); > $res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name); > } > - $res->header("Client-SSL-Warning" => "Peer certificate not
verified"); Show quoted text
> + if(! eval { $sock->get_peer_verify }) { > + $res->header("Client-SSL-Warning" => "Peer certificate not
verified"); Show quoted text
> + } > } > > Thanks, > > Josh
One thing I notices is there is a LWP/Protocol/https10.pm that is also installed on my system and it does not have this conditional in it, but perhaps it should. Thanks, Steve... -- Steve Kneizys Senior Business Process Engineer Ferrilli Information Group Voice: (610) 256-1396 web: http://www.figsolutions.com/ For Emergency Service (888)864-3282
Subject: Re: [rt.cpan.org #61340] Old Bug, Revisited: Peer certificate not verified
Date: Wed, 15 Sep 2010 10:55:33 -0400
To: bug-libwww-perl [...] rt.cpan.org
From: Steven Kneizys <skneizys [...] figsolutions.com>
Download (untitled) / with headers
text/plain 2.8k
I spoke too soon ... turns out my additional code does not work! But the problem does seem to exist, whether I pre-load IO::Socket::SSL (and I verify it is being used), then call IO::Socket::SSL to set the ctx_defaults to verify the peer, LWP::UserAgent ends up giving me the message "Peer certificate not verified" even when it has been. I'll just ignore the warning in my code :-) Thanks, Steve... Original message: Show quoted text
> > I am using LWP with https protocol. The message "Peer certificate not > verified" appears for me even with the patch from 2003 below. However, > with > a little tweak, the intent of the original bug fix can be extended to cover > Net::SSLeay ... works for me anyway. With Net::SSLeay configured to do > peer > verification and a successful verification the message is turned off > analogous to Crypt::SSLeay. > > The original code in LWP/Protocol/https.pm is: > if(! eval { $sock->get_peer_verify }) { > $res->header("Client-SSL-Warning" => "Peer certificate not verified"); > } > Revised code: > if ((! eval { $sock->get_peer_verify }) && (! eval > {Net::SSLeay::get_verify_mode($sock)})) { > $res->header("Client-SSL-Warning" => "Peer certificate not verified"); > } > > Original fix: > Re: PATCH: Peer certificate not verified for https Crypt::SSLeay > Gisle Aas > Wed, 15 Oct 2003 03:37:04 -0700 > > Another year old patch eventually applied. > Regards, > Gisle > > Joshua Chamas <[EMAIL PROTECTED]> writes:
> > Hey, > > > > Here is a patch against libwww-perl-5.64 that turns off the > > "Client-SSL-Warning" => "Peer certificate not verified" > > when Crypt::SSLeay has been configured to do peer certificate > > verification. By wrapping the call in an eval {}, this patch > > should also be compatible with other SSL implementations that > > do not support this sock->get_peer_verify API. > > > > [EMAIL PROTECTED] libwww-perl-5.64]# diff -u
> lib/LWP/Protocol/https.pm.old >
> > lib/LWP/Protocol/https.pm > > --- lib/LWP/Protocol/https.pm.old Fri Nov 16 18:10:28 2001 > > +++ lib/LWP/Protocol/https.pm Mon Mar 18 12:38:37 2002 > > @@ -34,7 +34,9 @@ > > $res->header("Client-SSL-Cert-Subject" => $cert->subject_name); > > $res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name); > > } > > - $res->header("Client-SSL-Warning" => "Peer certificate not
> verified");
> > + if(! eval { $sock->get_peer_verify }) { > > + $res->header("Client-SSL-Warning" => "Peer certificate not
> verified");
> > + } > > } > > > > Thanks, > > > > Josh
> > One thing I notices is there is a LWP/Protocol/https10.pm that is also > installed on my system and it does not have this conditional in it, but > perhaps it should. > > Thanks, > > Steve... > > -- > Steve Kneizys > Senior Business Process Engineer > Ferrilli Information Group > Voice: (610) 256-1396 > web: http://www.figsolutions.com/ > > For Emergency Service (888)864-3282 > >
RT-Send-CC: brian [...] microcomaustralia.com.au
This Debian bug report seems relevant. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503440
Subject: [rt.cpan.org #61340] debian #503440 is not the same as rt.cpan.org #61340
Date: Mon, 20 Dec 2010 15:39:35 -0500
To: 503440 [...] bugs.debian.org, 503440-submitter [...] bugs.debian.org, bug-libwww-perl [...] rt.cpan.org
From: Daniel Kahn Gillmor <dkg [...] fifthhorseman.net>
Download (untitled) / with headers
text/plain 520b
http://bugs.debian.org/503440 is marked as forwarded upstream to https://rt.cpan.org/Public/Bug/Display.html?id=61340 But i don't think these are the same issue at all. the CPAN bug has nothing to do with using a proxy. the debian bug is about LWP failing to make proper use of the HTTP proxy, as noted here: http://www.annocpan.org/~GAAS/libwww-perl-5.834/lib/LWP/UserAgent.pm#note_751 I think the appropriate CPAN bug to reference is actually: https://rt.cpan.org/Public/Bug/Display.html?id=1894 --dkg
Download signature.asc
application/pgp-signature 900b

Message body not shown because it is not plain text.

migrated queues: libwww-perl -> LWP-Protocol-https


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.