summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch')
-rw-r--r--dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch48
1 files changed, 48 insertions, 0 deletions
diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch
new file mode 100644
index 000000000000..2553c7949af9
--- /dev/null
+++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch
@@ -0,0 +1,48 @@
+From 9baa19987f93284be254415d15db56c599e52e1e Mon Sep 17 00:00:00 2001
+From: Kent Fredric <kentnl@gentoo.org>
+Date: Tue, 21 Mar 2017 10:07:35 +1300
+Subject: Ensure using System Certificates instead of Mozilla-CA
+
+Bug: https://bugs.gentoo.org/358081
+---
+ lib/LWP/Protocol/https.pm | 24 +++---------------------
+ 1 file changed, 3 insertions(+), 21 deletions(-)
+
+diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
+index ed4d832..f8ab398 100644
+--- a/lib/LWP/Protocol/https.pm
++++ b/lib/LWP/Protocol/https.pm
+@@ -24,27 +24,9 @@ sub _extra_sock_opts
+ $ssl_opts{SSL_verify_mode} = 0;
+ }
+ if ($ssl_opts{SSL_verify_mode}) {
+- unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+- eval {
+- require Mozilla::CA;
+- };
+- if ($@) {
+- if ($@ =~ /^Can't locate Mozilla\/CA\.pm/) {
+- $@ = <<'EOT';
+-Can't verify SSL peers without knowing which Certificate Authorities to trust
+-
+-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
+-environment variable or by installing the Mozilla::CA module.
+-
+-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
+-environment variable to 0. If you do this you can't be sure that you
+-communicate with the expected peer.
+-EOT
+- }
+- die $@;
+- }
+- $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
+- }
++ unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
++ $ssl_opts{SSL_ca_path} = '/etc/ssl/certs';
++ }
+ }
+ $self->{ssl_opts} = \%ssl_opts;
+ return (%ssl_opts, $self->SUPER::_extra_sock_opts);
+--
+2.12.0
+