Reputation: 141
Perl LWP::UserAgent failing SSL on a specific server
my $ua = LWP::UserAgent->new();
my $res = $ua->get("https://url");
print $res->content;
Resulted in a response that the certificate was not valid (and if I disabled hostname verification the server would say I needed encryption instead), until I started using Net::SSL :
$ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = 'Net::SSL';
Before doing my request, ofc.
Module Versions at the moment:
Crypt::SSLeay 0.58
IO::Socket::SSL 1.955
Net::SSLeay 1.55
LWP 6.05
LWP::Protocol::https 6.04
Also tried the latest Crypt::SSLeay but that still failed (tried this in a test environment).
Is this just a limitation in the Crypt::SSLeay library, between the client and the server - that they maybe can't agree upon an encryption method?
I also used OpenSSL to manually connect to the server in question, which worked without problems, no certificate failures or so.
My problem is sort of solved already, but not in a way that feels very graceful, but I am curious as to where the error lies, as I spent ages trying to find a solution, and the root of the issue. I send SSL requests to hundreds of other servers without this problem, but this one server would just respond with a message saying I need to encrypt my request.
Is LWP together with Net:SSL more supported?
How would you try and trace the root of the issue?
EDIT: An interesting thing is this didn't happen in older versions of the modules (it worked recently). I strongly suspect that it was LWP or something that got updated. Weird how the behaviour can change like this in an update.
Upvotes: 0
Views: 2630
Answers (2)
Reputation: 123260
If it says that the certificate is not valid it probably cannot verify it because it is self-signed, the CA not know or similar issues. If I understand you right it fails only on this specific server, so there might be something wrong with its certificate. Please check, if you get an error message with a browser too. More help could probably be provided if I knew the exact url and had access to it.
As for Net::SSL vs. IO::Socket::SSL: recent LWP versions use by default IO::Socket::SSL (which is based on Net::SSLeay) instead of the older Net::SSL/Crypt::SSLeay, because IO::Socket::SSL has more features, more correct certificate verification and is in active development.
Steffen (current maintainer/developer of IO::Socket::SSL)
Upvotes: 1
Reputation: 1212
Some servers do not support TLSv1.2. LWP by default will connect to some servers but not to those requiring a lower TLS version. I had a very generic 500 error over https with LWP 6.0x and setting LWP::UserAgent to SSL_version => 'TLSv1' did not work for me. Try forcing LWP to only use IO::Socket::SSL and force the TLS version for additional testing.
LWP::UserAgent Can't Post with TLS1.1
Upvotes: 0
Related Questions
- Certificate verify failed perl
- LWP::UserAgent ignoring SSL_VERIFY_PEER
- sslv3 alert handshake failure with LWP::UserAgent
- LWP::UserAgent and 500 SSL negotiation failed
- Perl UserAgent won't connect to TLS1.2 server
- Perl LWP::UserAgent cannot connect to HTTPS
- Perl LWP::UserAgent SSL/TLS Inconsistent Certificate Error Message Issue
- 500 SSL read timeout error in LWP perl
- I cannot Connect to any HTTPS site using LWP::UserAgent
- Why does LWP::UserAgent GET request fail with HTTPS?