| Andrew Geissler | 8f84068 | 2023-07-21 09:09:43 -0500 | [diff] [blame] | 1 | From a22785783b17cbaa28afaee4a024d81a1903701d |
| 2 | From: Stig Palmquist <git@stig.io> |
| 3 | Date: Sun Jun 18 11:36:05 2023 +0200 |
| 4 | Subject: [PATCH] Fix incorrect env var name for verify_SSL default |
| 5 | |
| 6 | The variable to override the verify_SSL default differed slightly in the |
| 7 | documentation from what was checked for in the code. |
| 8 | |
| 9 | This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT` |
| 10 | as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was |
| 11 | missing `SSL_` |
| 12 | |
| 13 | CVE: CVE-2023-31486 |
| 14 | |
| 15 | Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d] |
| 16 | |
| 17 | Signed-off-by: Soumya <soumya.sambu@windriver.com> |
| 18 | --- |
| 19 | cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +- |
| 20 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 21 | |
| 22 | diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm |
| 23 | index ebc34a1..65ac8ff 100644 |
| 24 | --- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm |
| 25 | +++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm |
| 26 | @@ -148,7 +148,7 @@ sub _verify_SSL_default { |
| 27 | my ($self) = @_; |
| 28 | # Check if insecure default certificate verification behaviour has been |
| 29 | # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 |
| 30 | - return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; |
| 31 | + return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; |
| 32 | } |
| 33 | |
| 34 | sub _set_proxies { |
| 35 | -- |
| 36 | 2.40.0 |