blob: 45452be389aab41e05206bb28281724862489593 [file] [log] [blame]
From a22785783b17cbaa28afaee4a024d81a1903701d
From: Stig Palmquist <git@stig.io>
Date: Sun Jun 18 11:36:05 2023 +0200
Subject: [PATCH] Fix incorrect env var name for verify_SSL default
The variable to override the verify_SSL default differed slightly in the
documentation from what was checked for in the code.
This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT`
as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was
missing `SSL_`
CVE: CVE-2023-31486
Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d]
Signed-off-by: Soumya <soumya.sambu@windriver.com>
---
cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
index ebc34a1..65ac8ff 100644
--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
@@ -148,7 +148,7 @@ sub _verify_SSL_default {
my ($self) = @_;
# Check if insecure default certificate verification behaviour has been
# changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
- return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
+ return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
}
sub _set_proxies {
--
2.40.0