uscan from devscipts package fail to verify certificates afetr upgrading
to liblwp-protocol-https-perl 6.12-1
,----
| uscan warn: In watchfile debian/watch, reading webpage
| https://qa.debian.org/watch/sf.php/pcre/ failed: 500 SSL upgrade failed: hostname verification failed
| uscan warn: In watchfile debian/watch, reading webpage
| https://qa.debian.org/watch/sf.php/mjpeg/ failed: 500 SSL upgrade failed: hostname verification failed
| uscan warn: In watchfile debian/watch, reading webpage
| https://gitlab.com/AOMediaCodec/SVT-AV1/-/tags failed: 500 SSL upgrade failed: SSL connect attempt failed error:0A000410:SSL routines::sslv3 alert handshake failure
| uscan warn: In watchfile debian/watch, reading webpage
| https://qa.debian.org/watch/sf.php/synfig/ failed: 500 SSL upgrade failed: hostname verification failed
`----
Does it work for you if you downgrade liblwp-protocol-https-perl to 6.11-1 from testing? If yes, which of the two hunks from [0] is causing the problem?This issue doesn't exist with 6.11-1. I've seen this bug when 6.12 has
been installed.
The attached patch isn't clean :
On Sun, 28 Jan 2024 18:44:02 +0100, Christian Marillat wrote:
Does it work for you if you downgrade liblwp-protocol-https-perl to 6.11-1 >> > from testing? If yes, which of the two hunks from [0] is causing theThis issue doesn't exist with 6.11-1. I've seen this bug when 6.12 has
problem?
been installed.
What doesn't help is that I've uploaded libio-socket-ssl-perl 2.085-1
as well … (Although with minimal changes as well.)
The attached patch isn't clean :
Sorry, that was a diff of the upstream git tags.
On Mon, 29 Jan 2024 08:53:45 +0100, Christian Marillat wrote:
This diff fix this issue.
Thanks for checking.
Alright, so we know that
1) something is different between your and my environment, and
2) one of the two small changes between 6.11 and 6.12 causes errors
for you
Could you try which of the two hunks is the culprit? My very random
guess is that it's the first one [0]; for some reason my laptop
prefers IPv4 although I also have IPv6 …
@@ -96,9 +96,12 @@
if ( $Net::HTTPS::SSL_SOCKET_CLASS->can('start_SSL')) {
*_upgrade_sock = sub {
my ($self,$sock,$url) = @_;
+ # SNI should be passed there only if it is not an IP address.
+ # Details: https://github.com/libwww-perl/libwww-perl/issues/449#issuecomment-1896175509
I had the idea to read this github issue.
In my case I've a proxy and IPv6 isn't configured so this explain this
Debian bug and reverting upstream changes in 6.12 is maybe a bad idea.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 01:37:38 |
Calls: | 6,666 |
Calls today: | 4 |
Files: | 12,212 |
Messages: | 5,335,487 |