Package: libio-socket-ssl-perl
Version: 1.35-1
Severity: normal
Tags: patch
if i supply a verify_callback to IO::Socket::SSL, but fail to supply
ca_file or ca_path (and the default ca_file and ca_path locations are
not populated), initialization fails.
This is silly because i'm using my own verify_callback, and so i
don't need to give OpenSSL a ca_file or ca_path.
The attached patch fixes it for me.
--dkg
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.36-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libio-socket-ssl-perl depends on:
ii libnet-ssleay-perl 1.36-1 Perl module for Secure Sockets Lay
ii netbase 4.43 Basic TCP/IP networking system
ii perl 5.10.1-16 Larry Wall's Practical Extraction
Versions of packages libio-socket-ssl-perl recommends:
ii libnet-libidn-perl 0.12.ds-1+b1 Perl bindings for GNU Libidn
Versions of packages libio-socket-ssl-perl suggests:
pn libio-socket-inet6-perl <none> (no description available)
-- no debconf information
diff --git a/SSL.pm b/SSL.pm
index ee2d85e..0cd640b 100644
--- a/SSL.pm
+++ b/SSL.pm
@@ -1366,7 +1366,8 @@ sub new {
if ( $verify_mode != Net::SSLeay::VERIFY_NONE() and
! Net::SSLeay::CTX_load_verify_locations(
$ctx, $arg_hash->{SSL_ca_file} || '',$arg_hash->{SSL_ca_path} || '') ) {
- return IO::Socket::SSL->error("Invalid certificate authority locations");
+ return IO::Socket::SSL->error("Invalid certificate authority locations")
+ if (! defined $arg_hash->{SSL_verify_callback});
}
if ($arg_hash->{'SSL_check_crl'}) {
