Description: Use ca-certificates rather than Mozilla::CA
Origin: vendor
Bug-Debian: https://bugs.debian.org/619059
Forwarded: not-needed
Author: Nicholas Bamber <nicholas@periapt.co.uk>
Reviewed-by: gregor herrmann <gregoa@debian.org>
Last-Update: 2024-01-27

--- a/lib/LWP/Protocol/https.pm
+++ b/lib/LWP/Protocol/https.pm
@@ -34,24 +34,8 @@
                 && defined &IO::Socket::SSL::default_ca
                 && IO::Socket::SSL::default_ca() ) {
                 # IO::Socket::SSL has a usable default CA
-            } elsif ( my $cafile = eval {
-            require Mozilla::CA;
-            Mozilla::CA::SSL_ca_file()
-            }) {
-            # use Mozilla::CA
-            $ssl_opts{SSL_ca_file} = $cafile;
             } else {
-                die <<'EOT';
-Can't verify SSL peers without knowing which Certificate Authorities to trust.
-
-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
-environment variable to the file where your trusted CA are, or by installing
-the Mozilla::CA module for set of commonly trusted CAs.
-
-To completely disable the verification that you talk to the correct SSL peer you
-can set SSL_verify_mode to 0 within ssl_opts.  But, if you do this you can't be
-sure that you communicate with the expected peer.
-EOT
+              $ssl_opts{SSL_ca_file} = '/etc/ssl/certs/ca-certificates.crt';
             }
         }
     }