Interesting to see this requires certificate validation to be actively enabled.
I wonder how many Perl projects using LWP are vulnerable to TLS interception by
self-signed/untrusted certificates... :-/

Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/cfgroot/ids-functions.pl | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
> index 74d55def6..bf02bcbaa 100644
> --- a/config/cfgroot/ids-functions.pl
> +++ b/config/cfgroot/ids-functions.pl
> @@ -281,7 +281,15 @@ sub downloadruleset ($) {
>  	use LWP::UserAgent;
>  
>  	# Init the download module.
> -	my $downloader = LWP::UserAgent->new;
> +	#
> +	# Request SSL hostname verification and specify path
> +	# to the CA file.
> +	my $downloader = LWP::UserAgent->new(
> +		ssl_opts => {
> +			SSL_ca_file     => '/etc/ssl/cert.pem',
> +			verify_hostname => 1,
> +		}
> +	);
>  
>  	# Set timeout to 10 seconds.
>  	$downloader->timeout(10);