b632bed3a2
+ Set local $SIG{PIPE} = \&die before $ssl->connect() to capture the "broken pipe" error associated with connecting to a computer that is not running a SSL web server + Documented differences / conflicts between LWP proxy support and Crypt::SSLeay which seems to be a source of confusion for users. + Added Net::SSL::get_peer_verify call so the warning header from LWP that says: Client-SSL-Warning: Peer certificate not verified can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment variables are set to invoke peer certificate verification. + $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging, so one can debug from LWP:: calls without using ./net_ssl_test script - removed exit from Makefile.PL + Streamlined *CA* patches so only in $CTX->set_verify() which gets called every time now. + Throw error instead of return undef in Net::SSL->connect() because we loose the errors otherwise. - Turn SSL_MODE_AUTO_RETRY on so clients can survive changes in SSLVerifyClient changes in the modssl connection + Integrated patches from Gamid Isayev for CA peer verification. - Client certs weren't working correctly, setup certs earlier in connection now, also create new CTX per request, so cert settings don't remain sticky from one request to the next. + update ./net_ssl_test to do smart parsing of host, where host can now be of the form http://www.nodeworks.com:443/ - local $@ in Net::SSL::DESTROY so we don't kill real errors - return undef in Net::SSL::connect() instead of die() for better LWP support & error handling. + alarm() on Unix platforms around ssl ctx connect, which can hang for process for way too long when trying to connect to dead https SSL servers. Fixes PR/15053 by Shell Hung. |
||
---|---|---|
.. | ||
patch-aa |