From 9baa19987f93284be254415d15db56c599e52e1e Mon Sep 17 00:00:00 2001 From: Kent Fredric Date: Tue, 21 Mar 2017 10:07:35 +1300 Subject: Ensure using System Certificates instead of Mozilla-CA Bug: https://bugs.gentoo.org/358081 --- lib/LWP/Protocol/https.pm | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm index ed4d832..f8ab398 100644 --- a/lib/LWP/Protocol/https.pm +++ b/lib/LWP/Protocol/https.pm @@ -24,27 +24,9 @@ sub _extra_sock_opts $ssl_opts{SSL_verify_mode} = 0; } if ($ssl_opts{SSL_verify_mode}) { - unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { - eval { - require Mozilla::CA; - }; - if ($@) { - if ($@ =~ /^Can't locate Mozilla\/CA\.pm/) { - $@ = <<'EOT'; -Can't verify SSL peers without knowing which Certificate Authorities to trust - -This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE -environment variable or by installing the Mozilla::CA module. - -To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME -environment variable to 0. If you do this you can't be sure that you -communicate with the expected peer. -EOT - } - die $@; - } - $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file(); - } + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { + $ssl_opts{SSL_ca_path} = '/etc/ssl/certs'; + } } $self->{ssl_opts} = \%ssl_opts; return (%ssl_opts, $self->SUPER::_extra_sock_opts); -- 2.12.0