You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.4 KiB
41 lines
1.4 KiB
commit 3b266f17ccd5613a9c42d1e04118e94ca6467489
|
|
Author: Gisle Aas <gisle@aas.no>
|
|
Date: Sun Jan 16 12:56:30 2011 +0100
|
|
|
|
Call IO::Socket::SSL's verify_hostname when available
|
|
|
|
--- a/lib/LWP/Protocol/https.pm
|
|
+++ b/lib/LWP/Protocol/https.pm
|
|
@@ -14,6 +14,15 @@ sub socket_type
|
|
sub _check_sock
|
|
{
|
|
my($self, $req, $sock) = @_;
|
|
+ if ($sock->can("verify_hostname")) {
|
|
+ if (!$sock->verify_hostname($req->uri->host, "www")) {
|
|
+ my $subject = $sock->peer_certificate("subject");
|
|
+ die "SSL-peer fails verification [subject=$subject]\n";
|
|
+ }
|
|
+ else {
|
|
+ $req->{ssl_sock_verified}++;
|
|
+ }
|
|
+ }
|
|
my $check = $req->header("If-SSL-Cert-Subject");
|
|
if (defined $check) {
|
|
my $cert = $sock->get_peer_certificate ||
|
|
@@ -36,9 +45,14 @@ sub _get_sock_info
|
|
$res->header("Client-SSL-Cert-Subject" => $cert->subject_name);
|
|
$res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name);
|
|
}
|
|
- if(! eval { $sock->get_peer_verify }) {
|
|
- $res->header("Client-SSL-Warning" => "Peer certificate not verified");
|
|
+ if (!$res->request->{ssl_sock_verified}) {
|
|
+ if(! eval { $sock->get_peer_verify }) {
|
|
+ my $msg = "Peer certificate not verified";
|
|
+ $msg .= " [$@]" if $@;
|
|
+ $res->header("Client-SSL-Warning" => $msg);
|
|
+ }
|
|
}
|
|
+ $res->header("Client-SSL-Socket-Class" => $Net::HTTPS::SSL_SOCKET_CLASS);
|
|
}
|
|
|
|
#-----------------------------------------------------------
|