From 1b924708663f457a4f7c25ed35d7dfb3bb5b334d Mon Sep 17 00:00:00 2001
From: Steffen Ullrich <Steffen_Ullrich@genua.de>
Date: Sat, 3 May 2014 23:04:36 +0200
Subject: [PATCH 1/3] Debian #746576 - don't disale verification if only
 hostnames should not be verified

---
 lib/LWP/Protocol/https.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
===================================================================
--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm
+++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
@@ -21,7 +21,11 @@ sub _extra_sock_opts
 	$ssl_opts{SSL_verifycn_scheme} = 'www';
     }
     else {
-	$ssl_opts{SSL_verify_mode} = 0;
+	if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
+	    $ssl_opts{SSL_verifycn_scheme} = '';
+	} else {
+	    $ssl_opts{SSL_verifycn_scheme} = 'none';
+	}
     }
     my $suse_allows_mozilla_ca = 0;
     if ($suse_allows_mozilla_ca && $ssl_opts{SSL_verify_mode}) {
Index: LWP-Protocol-https-6.06/t/https_proxy.t
===================================================================
--- LWP-Protocol-https-6.06.orig/t/https_proxy.t
+++ LWP-Protocol-https-6.06/t/https_proxy.t
@@ -66,7 +66,7 @@ my %ua;
 $ua{noproxy} = LWP::UserAgent->new(
     keep_alive => 10, # size of connection cache
     # server does not know the expected name and returns generic certificate
-    ssl_opts => { verify_hostname => 0 }
+    ssl_opts => { verify_hostname => 0, SSL_ca_file => $cafile, }
 );
 
 $ua{proxy} = LWP::UserAgent->new(