Skip Menu |
 

This queue is for tickets about the LWP-Protocol-https CPAN distribution.

Report information
The Basics
Id: 66561
Status: resolved
Priority: 0/
Queue: LWP-Protocol-https

People
Owner: Nobody in particular
Requestors: justincase [...] yopmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Crypt::SSLeay should work transparently with Mozilla::CA
Download (untitled) / with headers
text/plain 681b
Currently a user will get this if they have Crypt::SSLeay installed, but not IO::Socket::SSL: $ perl -MLWP::UserAgent -MMozilla::CA -E 'LWP::UserAgent->new->get("https://encrypted.google.com/")->dump'500 Can't connect to encrypted.google.com:443 (Crypt-SSLeay can't verify hostnames) ... Would it be possible for LWP to set the HTTPS_CA_FILE environment variable for Crypt::SSLeay? Then as long as Mozilla::CA is installed, either SSL backend module would work without the user having to tweak settings. $ perl -MLWP::UserAgent -MMozilla::CA -E '$ENV{HTTPS_CA_FILE}=Mozilla::CA::SSL_ca_file(); LWP::UserAgent->new->get("https://encrypted.google.com/")->dump' HTTP/1.1 200 OK ...
Download (untitled) / with headers
text/plain 445b
Net::HTTPS will already set up $ENV{HTTPS_CA_FILE} based on Mozilla::CA's file. The issue is that Crypt::SSLeay don't implement what corresponds to the SSL_verifycn_scheme option for IO::Socket::SSL and this option is implied by the 'verify_hostname' option. If you disable 'verify_hostname' and set SSL_verify_mode => 1 then Net::SSL will verify that the certificate is legal, but only by setting various Client-* headers in the response.
From: justincase [...] yopmail.com
Download (untitled) / with headers
text/plain 896b
On Sat Mar 12 10:23:18 2011, GAAS wrote: Show quoted text
> Net::HTTPS will already set up $ENV{HTTPS_CA_FILE} based on > Mozilla::CA's file. The issue is > that Crypt::SSLeay don't implement what corresponds to the > SSL_verifycn_scheme option for > IO::Socket::SSL and this option is implied by the 'verify_hostname' > option. > > If you disable 'verify_hostname' and set SSL_verify_mode => 1 then > Net::SSL will verify that the > certificate is legal, but only by setting various Client-* headers in > the response.
As many, many modules have libwww-perl as a dependency, I was hoping this could be handled at the highest common level, instead of having each dependent module author trying to solve this themselves. Maybe make a note that this is on the todo wishlist, and some japh might submit a patch :) Until that happens, how about adding a method to test if the user needs to disable verify_hostname?
migrated queues: libwww-perl -> LWP-Protocol-https


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.