{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":1114764,"defaultBranch":"master","name":"p5-http-tiny","ownerLogin":"chansen","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2010-11-26T14:42:15.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/7787?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1687442823.872779","currentOid":""},"activityList":{"items":[{"before":"a22785783b17cbaa28afaee4a024d81a1903701d","after":"2f17ba0a6c979b8c37feef830861eeb633484358","ref":"refs/heads/master","pushedAt":"2023-06-22T14:07:03.388Z","pushType":"push","commitsCount":3,"pusher":{"login":"xdg","name":"David Golden","path":"/xdg","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7625322?s=80&v=4"},"commit":{"message":"After release: bump $VERSION and timestamp Changes","shortMessageHtmlLink":"After release: bump $VERSION and timestamp Changes"}},{"before":"6bee9326fe59852189d89c60a9a24b935879a666","after":"a22785783b17cbaa28afaee4a024d81a1903701d","ref":"refs/heads/master","pushedAt":"2023-06-22T14:01:40.337Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"xdg","name":"David Golden","path":"/xdg","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7625322?s=80&v=4"},"commit":{"message":"Fix incorrect env var name for verify_SSL default\n\nThe variable to override the verify_SSL default differed slightly in the\ndocumentation from what was checked for in the code.\n\nThis commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT`\nas documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was\nmissing `SSL_`","shortMessageHtmlLink":"Fix incorrect env var name for verify_SSL default"}},{"before":"68c7a557badf8beb12fe5d119930f9c55e7b2436","after":"6bee9326fe59852189d89c60a9a24b935879a666","ref":"refs/heads/master","pushedAt":"2023-06-14T10:35:25.754Z","pushType":"push","commitsCount":2,"pusher":{"login":"xdg","name":"David Golden","path":"/xdg","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7625322?s=80&v=4"},"commit":{"message":"After release: bump $VERSION and timestamp Changes","shortMessageHtmlLink":"After release: bump $VERSION and timestamp Changes"}},{"before":"d7705dc05a0f64dfeaeca46c8a49b19656f4f3d3","after":"68c7a557badf8beb12fe5d119930f9c55e7b2436","ref":"refs/heads/master","pushedAt":"2023-06-11T11:06:14.473Z","pushType":"push","commitsCount":1,"pusher":{"login":"xdg","name":"David Golden","path":"/xdg","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7625322?s=80&v=4"},"commit":{"message":"After release: bump $VERSION and timestamp Changes","shortMessageHtmlLink":"After release: bump $VERSION and timestamp Changes"}},{"before":"74b30205514c1ade6d421a920570178f6343a88c","after":"d7705dc05a0f64dfeaeca46c8a49b19656f4f3d3","ref":"refs/heads/master","pushedAt":"2023-06-11T11:02:38.076Z","pushType":"push","commitsCount":1,"pusher":{"login":"xdg","name":"David Golden","path":"/xdg","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7625322?s=80&v=4"},"commit":{"message":"Move snake-oil.crt to avoid MinimumPerl false positive","shortMessageHtmlLink":"Move snake-oil.crt to avoid MinimumPerl false positive"}},{"before":"77f557ef84698efeb6eed04e4a9704eaf85b741d","after":"74b30205514c1ade6d421a920570178f6343a88c","ref":"refs/heads/master","pushedAt":"2023-06-11T10:56:37.233Z","pushType":"push","commitsCount":2,"pusher":{"login":"xdg","name":"David Golden","path":"/xdg","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7625322?s=80&v=4"},"commit":{"message":"Add stopword","shortMessageHtmlLink":"Add stopword"}},{"before":"7bdf71f5bdb8d97c8554b59e339d4b82fa41954c","after":"77f557ef84698efeb6eed04e4a9704eaf85b741d","ref":"refs/heads/master","pushedAt":"2023-06-11T10:42:53.468Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"xdg","name":"David Golden","path":"/xdg","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7625322?s=80&v=4"},"commit":{"message":"Change verify_SSL default to 1, add ENV var to enable insecure default\n\n- Changes the `verify_SSL` default parameter from `0` to `1`\n\n  Based on patch by Dominic Hargreaves:\n  https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92\n\n  Fixes CVE-2023-31486\n\n- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that\n  enables the previous insecure default behaviour if set to `1`.\n\n  This provides a workaround for users who encounter problems with the\n  new `verify_SSL` default.\n\n  Example to disable certificate checks:\n  ```\n    $ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl\n  ```\n\n- Updates to documentation:\n  - Describe changing the verify_SSL value\n  - Describe the escape-hatch environment variable\n  - Remove rationale for not enabling verify_SSL\n  - Add missing certificate search paths\n  - Replace \"SSL\" with \"TLS/SSL\" where appropriate\n  - Use \"machine-in-the-middle\" instead of \"man-in-the-middle\"\n\n- Update `210_live_ssl.t`\n  - Use github.com, cpan.org and badssl.com hosts for checking\n    certificates.\n  - Add self signed snake-oil certificate for checking failures rather\n    than bypassing the `SSL_verify_callback`\n  - Test `verify_SSL` parameter in addition to low level SSL_options\n  - Test that `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1` behaves as\n    expected against badssl.com\n\n- Added `180_verify_SSL.t`\n  - Test that `verify_SSL` default is `1`\n  - Test that `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT` behaves as expected\n  - Test that using different values for `verify_SSL` and legacy `verify_ssl`\n    doesn't disable cert checks","shortMessageHtmlLink":"Change verify_SSL default to 1, add ENV var to enable insecure default"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADRvMaRQA","startCursor":null,"endCursor":null}},"title":"Activity · chansen/p5-http-tiny"}