Package: liblwpx-paranoidagent-perl Version: 1.10-1 Severity: important So this package's whole purpose is to verify X509 certificates.
Right now, it totally fails at doing that: $ perl -e 'use LWPx::ParanoidAgent; print $LWPx::ParanoidAgent::VERSION, " $] \n"; print LWPx::ParanoidAgent->new->get ("https://google.com/") ->decoded_content, "\n";' 1.10 5.018002 500 Can't verify SSL peers without knowing which Certificate Authorities to trust This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE envirionment variable or by installing the Mozilla::CA module. To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME envirionment variable to 0. If you do this you can't be sure that you communicate with the expected peer. It would be great if we could just magically install (and this package could depend on) the libmozilla-ca-perl package, unfortunately it's not in Debian because it overlaps with the ca-certificates package: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702124 I guess a workaround may be to install the package through CPAN...? I have tried to use PERL_LWP_SSL_CA_PATH=/etc/ssl/certs, but then I stumbled upon #738493. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages liblwpx-paranoidagent-perl depends on: ii libcrypt-ssleay-perl 0.58-1+b1 ii libnet-dns-perl 0.68-1.2 ii libwww-perl 6.05-2 ii perl 5.18.2-2+b1 liblwpx-paranoidagent-perl recommends no packages. liblwpx-paranoidagent-perl suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org