Package: libwww-perl
Version: 6.06-1
The attached test scripts tries to connect to
https://encrypted.google.com/ twice: once with default options, and once
with such SSL_verifycn_scheme in ssl_opts that disallows wildcards in CN
or subjectAltName.
The connection should fail in the latter case, because
encrypted.google.com have only "*.google.com" in both of these fields
(plus some other stuff in subjectAltName that wouldn't match anyway).
But both connection succeed:
$ perl test.pl
200 OK
200 OK
As a work-around, I can use IO::Socket::SSL::set_args_filter_hack(), but
it really should work out of the box.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libwww-perl depends on:
ii ca-certificates 20140325
ii libencode-locale-perl 1.03-1
ii libfile-listing-perl 6.04-1
ii libhtml-parser-perl 3.71-1+b1
ii libhtml-tagset-perl 3.20-2
ii libhtml-tree-perl 5.03-1
ii libhttp-cookies-perl 6.00-2
ii libhttp-date-perl 6.02-1
ii libhttp-message-perl 6.06-1
ii libhttp-negotiate-perl 6.00-2
ii liblwp-mediatypes-perl 6.02-1
ii liblwp-protocol-https-perl 6.04-2
ii libnet-http-perl 6.06-1
ii liburi-perl 1.60-1
ii libwww-robotrules-perl 6.01-1
ii netbase 5.2
ii perl 5.18.2-3
--
Jakub Wilk
use strict;
use warnings;
use v5.10;
use LWP::UserAgent;
my $ua1 = LWP::UserAgent->new;
my $ua2 = LWP::UserAgent->new;
$ua2->ssl_opts(
SSL_verifycn_scheme => {
check_cn => 'when_only',
wildcards_in_alt => 0,
wildcards_in_cn => 0,
}
);
for my $ua ($ua1, $ua2) {
my $req = HTTP::Request->new(GET => 'https://encrypted.google.com/');
my $res = $ua->request($req);
say $res->status_line;
}
