Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 895124 Details for
Bug 1094440
CVE-2014-3230 perl-libwww-perl: incorrect handling of SSL certificate verification
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Part3 for 6.04 to restore behavior in F19
LWP-Protocol-https-6.04-Disable-certificate-verification-in-IO-Socket-SSL-on.patch (text/plain), 1.72 KB, created by
Petr Pisar
on 2014-05-13 12:50:05 UTC
(
hide
)
Description:
Part3 for 6.04 to restore behavior in F19
Filename:
MIME Type:
Creator:
Petr Pisar
Created:
2014-05-13 12:50:05 UTC
Size:
1.72 KB
patch
obsolete
>From 416909268c7b9e6553160a840655f3be25a8fb7f Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> >Date: Tue, 13 May 2014 13:59:12 +0200 >Subject: [PATCH] Disable certificate verification in IO::Socket::SSL only if > verify_hostname==0 and CA certificate is not defined by environment >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >IO::Socket::SSL before 1.950 defaulted to disabled certificate >verification and warned about that loudly. > >LWP::Protocol::https 6.04 test suite expects no warnings by testing >LWP::UserAgent->new(ssl_opts=>{verify_hostname=>0})->get(q{https://localhost/}). >Therefore 6.04 set SSL_verify_mode explictly to 0 (SSL_VERIFY_NONE). > >This broke certificate validation when HTTPS_CA_FILE environment >variable was set. > >This patch sets SSL_verify_mode to 0 (SSL_VERIFY_NONE) only if >verify_hostname was explicitly set to 0 and HTTPS_CA_FILE was not set. >This allows to respect HTTPS_CA_FILE as well as implicit and explicit >verify_hostname==1 and explicit SSL_verify_mode. > >This patch could set SSL_verify_mode to 1 (SSL_VERIFY_PEER), but that would >break pre-1.950 IO::Socket::SSL behavior defaulting to no peer >certificate verification. > >Signed-off-by: Petr PÃsaÅ <ppisar@redhat.com> >--- > lib/LWP/Protocol/https.pm | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm >index 73020dc..7c45fd2 100644 >--- a/lib/LWP/Protocol/https.pm >+++ b/lib/LWP/Protocol/https.pm >@@ -24,6 +24,7 @@ sub _extra_sock_opts > $ssl_opts{SSL_verifycn_scheme} = ''; > } else { > $ssl_opts{SSL_verifycn_scheme} = 'none'; >+ $ssl_opts{SSL_verify_mode} ||= 0; > } > } > if ($ssl_opts{SSL_verify_mode}) { >-- >1.9.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=895124">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1094440
:
893659
|
893881
|
894671
|
894672
|
894747
|
894748
| 895124