Hi! Daniel Kahn Gillmor reported the message below to the Debian bugtracker [1]. If one explicitly supply a verify_callback but do not pass ca_file and ca_path locations or the default are not populated, then IO::Socket::SSL will trow error 'Invalid certificate authority locations'.
Would it make sense, to allow, if a user is suppliying an own verify_callback to IO::Socket::SSL then to not fail? [1] http://bugs.debian.org/606243 Thanks for your comments. Bests Salvatore ----- Forwarded message from Daniel Kahn Gillmor <d...@fifthhorseman.net> ----- From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Resent-From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Reply-To: Daniel Kahn Gillmor <d...@fifthhorseman.net>, 606...@bugs.debian.org X-Mailer: reportbug 4.12.6 Date: Tue, 07 Dec 2010 13:41:21 -0500 To: Debian Bug Tracking System <sub...@bugs.debian.org> Subject: Bug#606243: libio-socket-ssl-perl: IO::Socket::SSL fails when verify_callback is supplied without ca_path or ca_file Package: libio-socket-ssl-perl Version: 1.35-1 Severity: normal Tags: patch if i supply a verify_callback to IO::Socket::SSL, but fail to supply ca_file or ca_path (and the default ca_file and ca_path locations are not populated), initialization fails. This is silly because i'm using my own verify_callback, and so i don't need to give OpenSSL a ca_file or ca_path. The attached patch fixes it for me. --dkg -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.36-trunk-686 (SMP w/1 CPU core) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libio-socket-ssl-perl depends on: ii libnet-ssleay-perl 1.36-1 Perl module for Secure Sockets Lay ii netbase 4.43 Basic TCP/IP networking system ii perl 5.10.1-16 Larry Wall's Practical Extraction Versions of packages libio-socket-ssl-perl recommends: ii libnet-libidn-perl 0.12.ds-1+b1 Perl bindings for GNU Libidn Versions of packages libio-socket-ssl-perl suggests: pn libio-socket-inet6-perl <none> (no description available) -- no debconf information diff --git a/SSL.pm b/SSL.pm index ee2d85e..0cd640b 100644 --- a/SSL.pm +++ b/SSL.pm @@ -1366,7 +1366,8 @@ sub new { if ( $verify_mode != Net::SSLeay::VERIFY_NONE() and ! Net::SSLeay::CTX_load_verify_locations( $ctx, $arg_hash->{SSL_ca_file} || '',$arg_hash->{SSL_ca_path} || '') ) { - return IO::Socket::SSL->error("Invalid certificate authority locations"); + return IO::Socket::SSL->error("Invalid certificate authority locations") + if (! defined $arg_hash->{SSL_verify_callback}); } if ($arg_hash->{'SSL_check_crl'}) { _______________________________________________ pkg-perl-maintainers mailing list pkg-perl-maintain...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-perl-maintainers ----- End forwarded message -----
diff --git a/SSL.pm b/SSL.pm index ee2d85e..0cd640b 100644 --- a/SSL.pm +++ b/SSL.pm @@ -1366,7 +1366,8 @@ sub new { if ( $verify_mode != Net::SSLeay::VERIFY_NONE() and ! Net::SSLeay::CTX_load_verify_locations( $ctx, $arg_hash->{SSL_ca_file} || '',$arg_hash->{SSL_ca_path} || '') ) { - return IO::Socket::SSL->error("Invalid certificate authority locations"); + return IO::Socket::SSL->error("Invalid certificate authority locations") + if (! defined $arg_hash->{SSL_verify_callback}); } if ($arg_hash->{'SSL_check_crl'}) {
signature.asc
Description: Digital signature