Provided by: libnet-sslglue-perl_1.058-1_all bug


       Net::SSLGlue::LWP - proper certificate checking for https in LWP

SYNOPSIS u use Net::SSLGlue::LWP SSL_ca_path => ...; use LWP::Simple; get( 'https://www....' );

               local %Net::SSLGlue::LWP::SSLopts = %Net::SSLGlue::LWP::SSLopts;

               # switch off verification
               $Net::SSLGlue::LWP::SSLopts{SSL_verify_mode} = 0;

               # or: set different verification policy, because cert does
               # not conform to RFC (wildcards in CN are not allowed for https,
               # but some servers do it anyway)
               $Net::SSLGlue::LWP::SSLopts{SSL_verifycn_scheme} = {
                   wildcards_in_cn => 'anywhere',
                   check_cn => 'always',


       Net::SSLGlue::LWP modifies Net::HTTPS and LWP::Protocol::https so that Net::HTTPS is
       forced to use IO::Socket::SSL instead of Crypt::SSLeay, and that LWP::Protocol::https does
       proper certificate checking using the "http" SSL_verify_scheme from IO::Socket::SSL.

       This module should only be used for older LWP version, see Supported LWP versions below.

       Because LWP does not have a mechanism to forward arbitrary parameters for the construction
       of the underlying socket these parameters can be set globally when including the package,
       or with local settings of the %Net::SSLGlue::LWP::SSLopts variable.

       All of the "SSL_*" parameter from IO::Socket::SSL can be used; the following parameters
       are especially useful:

       SSL_ca_path, SSL_ca_file
           Specifies the path or a file where the CAs used for checking the certificates are
           located. This is typically "etc/ssl/certs" on UNIX systems.

           If set to 0, verification of the certificate will be disabled. By default it is set to
           1 which means that the peer certificate is checked.

           Usually the name given as the hostname in the constructor is used to verify the
           identity of the certificate. If you want to check the certificate against another name
           you can specify it with this parameter.

Supported LWP versions

       This module should be used for older LWP version only. Starting with version 6.06 it is
       recommended to use LWP directly. If a recent version is found Net::SSLGlue::LWP will print
       out a warning and not monkey patch too much into LWP (only as much as necessary to still
       support %Net::SSLGlue::LWP::SSLopts).


       IO::Socket::SSL, LWP, Net::HTTPS, LWP::Protocol::https


       This module is copyright (c) 2008..2015, Steffen Ullrich.  All Rights Reserved.  This
       module is free software. It may be used, redistributed and/or modified under the same
       terms as Perl itself.