blob: 781d72ee03e9155dff85fedec985b452cc7ab5ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From 67de137e737e4fa92d0cb746bdc8474d7bb5e000 Mon Sep 17 00:00:00 2001
From: Kent Fredric <kentnl@gentoo.org>
Date: Tue, 21 Mar 2017 10:11:32 +1300
Subject: Use SSL_verifycn_scheme instead of disabling SSL_verify_mode
Re: CVE-2014-3230
Redhat Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1094440
Combines: https://bugzilla.redhat.com/attachment.cgi?id=894747
https://bugzilla.redhat.com/attachment.cgi?id=894748
---
lib/LWP/Protocol/https.pm | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
index f8ab398..ba69966 100644
--- a/lib/LWP/Protocol/https.pm
+++ b/lib/LWP/Protocol/https.pm
@@ -21,7 +21,12 @@ sub _extra_sock_opts
$ssl_opts{SSL_verifycn_scheme} = 'www';
}
else {
- $ssl_opts{SSL_verify_mode} = 0;
+ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
+ $ssl_opts{SSL_verifycn_scheme} = '';
+ }
+ else {
+ $ssl_opts{SSL_verifycn_scheme} = 'none';
+ }
}
if ($ssl_opts{SSL_verify_mode}) {
unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
--
2.12.0
|
