Stephan Barth
800fff5522
- fix for CVE-2014-3230 (bnc#876862)
* perl-LWP-Protocol-https: Environment variables HTTPS_CA_DIR or
HTTPS_CA_FILE disable hostname verification
* added CVE-2014-3230.patch
OBS-URL: https://build.opensuse.org/request/show/234145
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-LWP-Protocol-https?expand=0&rev=10
28 lines
1.0 KiB
Diff
28 lines
1.0 KiB
Diff
From 1b924708663f457a4f7c25ed35d7dfb3bb5b334d Mon Sep 17 00:00:00 2001
|
|
From: Steffen Ullrich <Steffen_Ullrich@genua.de>
|
|
Date: Sat, 3 May 2014 23:04:36 +0200
|
|
Subject: [PATCH 1/3] Debian #746576 - don't disale verification if only
|
|
hostnames should not be verified
|
|
|
|
---
|
|
lib/LWP/Protocol/https.pm | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm
|
|
===================================================================
|
|
--- LWP-Protocol-https-6.04.orig/lib/LWP/Protocol/https.pm 2014-05-15 11:46:54.319643759 +0200
|
|
+++ LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm 2014-05-15 11:46:55.856660773 +0200
|
|
@@ -20,7 +20,11 @@ sub _extra_sock_opts
|
|
$ssl_opts{SSL_verifycn_scheme} = 'www';
|
|
}
|
|
else {
|
|
- $ssl_opts{SSL_verify_mode} = 0;
|
|
+ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
|
|
+ $ssl_opts{SSL_verifycn_scheme} = '';
|
|
+ } else {
|
|
+ $ssl_opts{SSL_verifycn_scheme} = 'none';
|
|
+ }
|
|
}
|
|
$self->{ssl_opts} = \%ssl_opts;
|
|
return (%ssl_opts, $self->SUPER::_extra_sock_opts);
|