Bug#744404: marked as done (LWPx::ParanoidAgent fails complaining about Mozilla::CA, which is not in Debian)

Debian Bug Tracking System Tue, 09 Sep 2014 02:22:27 -0700

Your message dated Tue, 09 Sep 2014 09:21:09 +0000
with message-id <[email protected]>
and subject line Bug#744404: fixed in liblwpx-paranoidagent-perl 1.10-4
has caused the Debian Bug report #744404,
regarding LWPx::ParanoidAgent fails complaining about Mozilla::CA, which is not 
in Debian
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
744404: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744404
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: liblwpx-paranoidagent-perl
Version: 1.10-1
Severity: important

So this package's whole purpose is to verify X509 certificates.

Right now, it totally fails at doing that:

$ perl -e 'use LWPx::ParanoidAgent;
  print $LWPx::ParanoidAgent::VERSION, " $] \n";
  print LWPx::ParanoidAgent->new->get
      ("https://google.com/";)
      ->decoded_content, "\n";'
1.10 5.018002
500 Can't verify SSL peers without knowing which Certificate Authorities to 
trust

This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
envirionment variable or by installing the Mozilla::CA module.

To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
envirionment variable to 0.  If you do this you can't be sure that you
communicate with the expected peer.

It would be great if we could just magically install (and this package
could depend on) the libmozilla-ca-perl package, unfortunately it's
not in Debian because it overlaps with the ca-certificates package:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702124

I guess a workaround may be to install the package through CPAN...?

I have tried to use PERL_LWP_SSL_CA_PATH=/etc/ssl/certs, but then I
stumbled upon #738493.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages liblwpx-paranoidagent-perl depends on:
ii  libcrypt-ssleay-perl  0.58-1+b1
ii  libnet-dns-perl       0.68-1.2
ii  libwww-perl           6.05-2
ii  perl                  5.18.2-2+b1

liblwpx-paranoidagent-perl recommends no packages.

liblwpx-paranoidagent-perl suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: liblwpx-paranoidagent-perl
Source-Version: 1.10-4

We believe that the bug you reported is fixed in the latest version of
liblwpx-paranoidagent-perl, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilko Bengen <[email protected]> (supplier of updated 
liblwpx-paranoidagent-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 09 Sep 2014 09:33:58 +0200
Source: liblwpx-paranoidagent-perl
Binary: liblwpx-paranoidagent-perl
Architecture: source all
Version: 1.10-4
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen <[email protected]>
Changed-By: Hilko Bengen <[email protected]>
Description:
 liblwpx-paranoidagent-perl - a "paranoid" subclass of LWP::UserAgent
Closes: 744404
Changes:
 liblwpx-paranoidagent-perl (1.10-4) unstable; urgency=medium
 .
   * Switched debian/watch to metacpan
   * Use Debian's ca-certificates package instead of relying on Mozilla::CA
     (Closes: #744404)
Checksums-Sha1:
 df052b5db1e8e010766d05aaaa8191d8671bf8af 1267 
liblwpx-paranoidagent-perl_1.10-4.dsc
 cb988540c34ed5ca8a1b6ed3c917b0f3415a9ecf 3332 
liblwpx-paranoidagent-perl_1.10-4.debian.tar.xz
 e09283c30a4efb7e99851c3c59792a581513d5a9 18200 
liblwpx-paranoidagent-perl_1.10-4_all.deb
Checksums-Sha256:
 1c5991aafca997ea851d526c560713aa03afe2a42a0554c3cf9813aeebc8b669 1267 
liblwpx-paranoidagent-perl_1.10-4.dsc
 a0a1cf2f7f74d25ceb7a17be6b33b404644526f098967fc695f196b29588ceb7 3332 
liblwpx-paranoidagent-perl_1.10-4.debian.tar.xz
 c019091349404f224e2c9b364546309759422a99ef977e4013d39cd52449186d 18200 
liblwpx-paranoidagent-perl_1.10-4_all.deb
Files:
 339f6886c5c2e94cc85fc9d0c7368c7d 18200 perl optional 
liblwpx-paranoidagent-perl_1.10-4_all.deb
 b6e79e2bab2fedd0ab41812d79789f5c 1267 perl optional 
liblwpx-paranoidagent-perl_1.10-4.dsc
 44b190999a3b0dc118ab2e67cde9dcba 3332 perl optional 
liblwpx-paranoidagent-perl_1.10-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQOum4ACgkQUCgnLz/SlGhVqgCgmxzO11M2L7M3wvK5+FTF/oxO
WJ8An2bxI4C5l56wOC9TUDSQ0x8WaVaU
=o4Es
-----END PGP SIGNATURE-----

--- End Message ---

Bug#744404: marked as done (LWPx::ParanoidAgent fails complaining about Mozilla::CA, which is not in Debian)

Reply via email to