Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2018-11-02
Initial Package Version: 6.07
Upstream Status: Unsuitable for CPAN
Origin: Based on Arch, which is based on Debian, but adapted for BLFS.
Description: Use system certificates instead of whatever happened to
be at Mozilla when Mozilla::CA was last updated.  See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619059

diff -Naur a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
--- a/lib/LWP/Protocol/https.pm	2017-02-20 02:41:37.000000000 +0000
+++ b/lib/LWP/Protocol/https.pm	2018-11-02 19:12:49.006187556 +0000
@@ -25,25 +25,7 @@
     }
     if ($ssl_opts{SSL_verify_mode}) {
 	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
-	    eval {
-		require Mozilla::CA;
-	    };
-	    if ($@) {
-		if ($@ =~ /^Can't locate Mozilla\/CA\.pm/) {
-		    $@ = <<'EOT';
-Can't verify SSL peers without knowing which Certificate Authorities to trust
-
-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
-environment variable or by installing the Mozilla::CA module.
-
-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
-environment variable to 0.  If you do this you can't be sure that you
-communicate with the expected peer.
-EOT
-		}
-		die $@;
-	    }
-	    $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
+	    $ssl_opts{SSL_ca_file} = '/etc/pki/tls/certs/ca-bundle.crt';
 	}
     }
     $self->{ssl_opts} = \%ssl_opts;
diff -Naur a/Makefile.PL b/Makefile.PL
--- a/Makefile.PL	2016-06-30 11:43:17.000000000 +0100
+++ b/Makefile.PL	2018-11-02 19:13:25.634958845 +0000
@@ -26,7 +26,6 @@
                     'LWP::UserAgent' => '6.06',
                     'Net::HTTPS' => 6,
                     'IO::Socket::SSL' => "1.54",
-                    'Mozilla::CA' => "20110101",
                     'perl' => '5.008001',
                 },
             },