On 18.11.2011 22:21, Stefan Fritsch wrote:
> in case any of you also have lots of test failures with libwww-perl 6.0.3,
> setting these env vars fixes most of them for me:
>
> PERL_NET_HTTPS_SSL_SOCKET_CLASS=Net::SSL
> PERL_LWP_SSL_VERIFY_HOSTNAME=0
>
> No idea why Net::SSL works but IO::Socket::SSL doesn't.
The SSL test failures are a combination of two changes in LWP 6:
1) verify_hostname has been changed to default to on
2) by default, IO::Socket:SSL is used (instead of Net:SSL from
Crypt::SSLeay), and IO::Socket:SSL doesn't honor the
HTTPS_CERT_FILE and HTTPS_CERT_KEY environment variables
when it comes to specifying a client cert
There are two approaches to fix 1): a) turn off verify_hostname
where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
right now) or b) specify the CA cert (generated in t/conf/ca/...)
to make verification work/succeed.
For 2), set_client_cert in TestRequest.pm needs to be enhanced,
e.g. like so:
Index: lib/Apache/TestRequest.pm
===================================================================
--- lib/Apache/TestRequest.pm (revision 1205312)
+++ lib/Apache/TestRequest.pm (working copy)
@@ -620,6 +620,9 @@ sub set_client_cert {
if ($name) {
$ENV{HTTPS_CERT_FILE} = "$dir/certs/$name.crt";
$ENV{HTTPS_KEY_FILE} = "$dir/keys/$name.pem";
+ user_agent(reset => 1,
+ ssl_opts => { SSL_cert_file => "$dir/certs/$name.crt",
+ SSL_key_file => "$dir/keys/$name.pem" });
}
else {
for (qw(CERT KEY)) {
Depending on how 1) is going to be addressed, set_client_cert also
needs to turn off verify_hostname at the same time, or it can
supply an SSL_ca_file as an additional ssl_opts argument.
What fix should be chosen for 1), a) or b)?
Kaspar
