Description: <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 webauth (4.7.0-8) unstable; urgency=medium
 .
   * QA upload.
   * Add patch to remove embedding of username, hostname and set date to
     use SOURCE_DATE_EPOCH. (Closes: #977610)
   * debian/rules: Run tests in C.UTF-8 locale.
   * debian/source/options: Drop custom compression setting.
   * debian/rules: Remove --parallel argument to dh, already the default.
   * debian/control: Update Vcs headers.
   * Remove obsolete lintian overrides.
   * debian/control: Update to debhelper-compat 13.
   * debian/copyright: Update "Format" to use https URL.
   * debian/rules: Add override for dh_missing to pass --list-missing.
   * debian/control: Update Standards-Version to 4.5.1.
   * Add patch to convert document encodings to UTF-8.
Author: Vagrant Cascadian <vagrant@reproducible-builds.org>
Bug-Debian: https://bugs.debian.org/977610

---
The information above should follow the Patch Tagging Guidelines, please
checkout https://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: (upstream|backport|vendor|other), (<patch-url>|commit:<commit-id>)
Bug: <upstream-bugtracker-url>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: (no|not-needed|<patch-forwarded-url>)
Applied-Upstream: <version>, (<commit-url>|commit:<commid-id>)
Reviewed-By: <name and email of someone who approved/reviewed the patch>
Last-Update: 2023-11-10

--- webauth-4.7.0.orig/perl/lib/WebKDC.pm
+++ webauth-4.7.0/perl/lib/WebKDC.pm
@@ -283,6 +283,18 @@ sub request_token_request {
     # fail once and the second try should succeed.
     my $xml = $webkdc_doc->root->to_string (1);
     my $ua = LWP::UserAgent->new;
+
+    ## Stanford patch: we disable SSL and certificate verification
+    ## when the target URL is localhost. This seems to be the only
+    ## way to get this to work on more recent versions of Debian.
+    ## adamhl@stanford.edu Adam Lewenberg 08-June-2018
+    if ($WebKDC::Config::URL =~ m{localhost}xsm) {
+        $ua->ssl_opts(
+            SSL_verify_mode => 0,
+            verify_hostname => 0x00,
+            );
+    }
+
     my $http_req = HTTP::Request->new (POST => $WebKDC::Config::URL);
     $http_req->content_type ('text/xml');
     $http_req->content ($webkdc_doc->root->to_string);
