Control: tag -1 + confirmed upstream patch Control: forwarded -1 https://github.com/libwww-perl/LWP-Protocol-https/pull/77
On Sat, 03 Feb 2024 08:40:41 +0100, Christian Marillat wrote: > This bug should be fixed. If Ipv6 isn't available, Ipv4 should be used. > Before 6.12 this package was working perfectly. > Th best is to forward this bug to upstream author. Right. And before doing this I wanted to understand what's actually going on, and finally I could reproduce it. You gave me the keyword earlier: The problem is in the SNI part of the change, and appears when a _proxy_ is used. So after installing squid in the local network I get: % https_proxy=http://new:3128 HEAD https://metacpan.org/release/LWP-Protocol-https 500 SSL upgrade failed: hostname verification failed Content-Type: text/plain Client-Date: Sun, 04 Feb 2024 15:50:11 GMT Client-Warning: Internal response (And the $host variable in line 85 is undef.) % env -u https_proxy HEAD https://metacpan.org/release/LWP-Protocol-https 200 OK Cache-Control: max-age=3600 Connection: close Date: Sun, 04 Feb 2024 15:50:37 GMT Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 0 Server: nginx Vary: Accept-Encoding Content-Length: 49785 Content-Type: text/html; charset=utf-8 Last-Modified: Mon, 22 Jan 2024 17:51:48 GMT Client-Date: Sun, 04 Feb 2024 15:50:37 GMT Client-Peer: 151.101.194.217:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2 Client-SSL-Cert-Subject: /CN=metacpan.org Client-SSL-Cipher: ECDHE-RSA-CHACHA20-POLY1305 Client-SSL-Socket-Class: IO::Socket::SSL Client-SSL-Version: TLSv1_2 Content-Security-Policy: default-src * data: 'unsafe-inline'; frame-ancestors 'self' *.metacpan.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.metacpan.org *.google-analytics.com *.google.com www.gstatic.com Strict-Transport-Security: max-age=31557600 X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Runtime: 3.174736 X-Served-By: cache-lhr7344-LHR, cache-vie6362-VIE X-Timer: S1707061835.628790,VS0,VE3218 X-XSS-Protection: 1; mode=block And before I could file the bug upstream, I noticed that there is already a new pull request for this issue: https://github.com/libwww-perl/LWP-Protocol-https/pull/77 And at least for me, the little change from https://patch-diff.githubusercontent.com/raw/libwww-perl/LWP-Protocol-https/pull/77.diff works: % https_proxy=http://new:3128 HEAD https://metacpan.org/release/LWP-Protocol-https 200 OK Cache-Control: max-age=3600 Connection: close Date: Sun, 04 Feb 2024 15:54:18 GMT Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 221 Server: nginx Vary: Accept-Encoding Content-Length: 49785 Content-Type: text/html; charset=utf-8 Last-Modified: Mon, 22 Jan 2024 17:51:48 GMT Client-Date: Sun, 04 Feb 2024 15:54:18 GMT Client-Peer: 192.168.0.247:3128 Client-Response-Num: 1 Content-Security-Policy: default-src * data: 'unsafe-inline'; frame-ancestors 'self' *.metacpan.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.metacpan.org *.google-analytics.com *.google.com www.gstatic.com Strict-Transport-Security: max-age=31557600 X-Cache: MISS, HIT X-Cache-Hits: 0, 1 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Runtime: 3.174736 X-Served-By: cache-lhr7344-LHR, cache-vie6320-VIE X-Timer: S1707062059.838034,VS0,VE2 X-XSS-Protection: 1; mode=block I'm preparing an upload with this new fix. Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `-
signature.asc
Description: Digital Signature
