48 lines
1.6 KiB
Diff
48 lines
1.6 KiB
Diff
From 9baa19987f93284be254415d15db56c599e52e1e Mon Sep 17 00:00:00 2001
|
|
From: Kent Fredric <kentnl@gentoo.org>
|
|
Date: Tue, 21 Mar 2017 10:07:35 +1300
|
|
Subject: Ensure using System Certificates instead of Mozilla-CA
|
|
|
|
Bug: https://bugs.gentoo.org/358081
|
|
---
|
|
lib/LWP/Protocol/https.pm | 24 +++---------------------
|
|
1 file changed, 3 insertions(+), 21 deletions(-)
|
|
|
|
diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
|
|
index ed4d832..f8ab398 100644
|
|
--- a/lib/LWP/Protocol/https.pm
|
|
+++ b/lib/LWP/Protocol/https.pm
|
|
@@ -24,27 +24,9 @@ sub _extra_sock_opts
|
|
$ssl_opts{SSL_verify_mode} = 0;
|
|
}
|
|
if ($ssl_opts{SSL_verify_mode}) {
|
|
- unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
|
|
- eval {
|
|
- require Mozilla::CA;
|
|
- };
|
|
- if ($@) {
|
|
- if ($@ =~ /^Can't locate Mozilla\/CA\.pm/) {
|
|
- $@ = <<'EOT';
|
|
-Can't verify SSL peers without knowing which Certificate Authorities to trust
|
|
-
|
|
-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
|
|
-environment variable or by installing the Mozilla::CA module.
|
|
-
|
|
-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
|
|
-environment variable to 0. If you do this you can't be sure that you
|
|
-communicate with the expected peer.
|
|
-EOT
|
|
- }
|
|
- die $@;
|
|
- }
|
|
- $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
|
|
- }
|
|
+ unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
|
|
+ $ssl_opts{SSL_ca_path} = '/etc/ssl/certs';
|
|
+ }
|
|
}
|
|
$self->{ssl_opts} = \%ssl_opts;
|
|
return (%ssl_opts, $self->SUPER::_extra_sock_opts);
|
|
--
|
|
2.12.0
|
|
|