Hi,
Here is a script showing the insecure default when using HTTP::Thin.
Kind regards
Felix Lechner
* * *
#!/usr/bin/perl
use 5.12.1;
use HTTP::Request::Common;
use HTTP::Thin;
say HTTP::Thin->new()->request(GET
'https://self-signed.badssl.com/')->as_string;
Package: libhttp-thin-perl
Severity: important
Dear maintainer,
Your package uses the Perl module HTTP::Tiny but does not set the
verify_SSL attribute to a true value.
By default, that module does not validate the identity of server
certificates. The documentation states that "Server identity
ve
3 matches
Mail list logo
