From a22785783b17cbaa28afaee4a024d81a1903701d From: Stig Palmquist Date: Sun Jun 18 11:36:05 2023 +0200 Subject: [PATCH] Fix incorrect env var name for verify_SSL default The variable to override the verify_SSL default differed slightly in the documentation from what was checked for in the code. This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT` as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was missing `SSL_` CVE: CVE-2023-31486 Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d] Signed-off-by: Soumya --- cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm index ebc34a1..65ac8ff 100644 --- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm @@ -148,7 +148,7 @@ sub _verify_SSL_default { my ($self) = @_; # Check if insecure default certificate verification behaviour has been # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 - return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; + return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; } sub _set_proxies { -- 2.40.0