Package: liblwpx-paranoidagent-perl
Version: 1.10-1
Severity: important
So this package's whole purpose is to verify X509 certificates.
Right now, it totally fails at doing that:
$ perl -e 'use LWPx::ParanoidAgent;
print $LWPx::ParanoidAgent::VERSION, " $] \n";
print LWPx::ParanoidAgent->new->get
("https://google.com/";)
->decoded_content, "\n";'
1.10 5.018002
500 Can't verify SSL peers without knowing which Certificate Authorities to
trust
This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
envirionment variable or by installing the Mozilla::CA module.
To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
envirionment variable to 0. If you do this you can't be sure that you
communicate with the expected peer.
It would be great if we could just magically install (and this package
could depend on) the libmozilla-ca-perl package, unfortunately it's
not in Debian because it overlaps with the ca-certificates package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702124
I guess a workaround may be to install the package through CPAN...?
I have tried to use PERL_LWP_SSL_CA_PATH=/etc/ssl/certs, but then I
stumbled upon #738493.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages liblwpx-paranoidagent-perl depends on:
ii libcrypt-ssleay-perl 0.58-1+b1
ii libnet-dns-perl 0.68-1.2
ii libwww-perl 6.05-2
ii perl 5.18.2-2+b1
liblwpx-paranoidagent-perl recommends no packages.
liblwpx-paranoidagent-perl suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
