blob: e31e5da1c473ce3188712ad00e99d2cdf1eaae38 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
$NetBSD: patch-lib_LWP_Protocol_https.pm,v 1.1 2014/05/15 10:17:38 wiz Exp $
Fix for CVE-2014-3230 from
https://github.com/libwww-perl/lwp-protocol-https/pull/14
--- lib/LWP/Protocol/https.pm.orig 2014-04-18 16:33:26.000000000 +0000
+++ lib/LWP/Protocol/https.pm
@@ -21,7 +21,11 @@ sub _extra_sock_opts
$ssl_opts{SSL_verifycn_scheme} = 'www';
}
else {
- $ssl_opts{SSL_verify_mode} = 0;
+ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
+ $ssl_opts{SSL_verifycn_scheme} = '';
+ } else {
+ $ssl_opts{SSL_verifycn_scheme} = 'none';
+ }
}
if ($ssl_opts{SSL_verify_mode}) {
unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
|
