Interesting to see this requires certificate validation to be actively enabled. I wonder how many Perl projects using LWP are vulnerable to TLS interception by self-signed/untrusted certificates... :-/
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/cfgroot/ids-functions.pl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 74d55def6..bf02bcbaa 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -281,7 +281,15 @@ sub downloadruleset ($) { use LWP::UserAgent;
# Init the download module.
- my $downloader = LWP::UserAgent->new;
#
# Request SSL hostname verification and specify path
# to the CA file.
my $downloader = LWP::UserAgent->new(
ssl_opts => {SSL_ca_file => '/etc/ssl/cert.pem',verify_hostname => 1,});
# Set timeout to 10 seconds. $downloader->timeout(10);