Reputation: 2707
Perl LWP GET or POST to an SNI SSL URL
I have a system that sends data to customers using perl LWP. They can choose their URL and whether to POST or GET.
A new customer recently complained that the service doesn't work and they suspect it's because their endpoint uses SNI SSL.
Looking in the logs, all I see is the error message "(certificate verify failed) (500 read timeout)".
Is there any way to tell if this issue is because of their SNI SSL, or something different? I think I can solve the problem by turning off verify_hostname, but this is a last resort, I would rather have it working properly.
What other steps should I take?
Upvotes: 3
Views: 2721
Answers (1)
Reputation: 123320
If SNI might be a problem depends on the module you use and their versions:
- LWP uses IO::Socket::SSL since version 6.0 as the backend SSL library. Before that it used Crypt::SSLeay which does not support SNI and you can still enforce use of Crypt::SSLeay. But, while this might cause the server to return the wrong data it should in most cases not lead to verify problems, because Crypt::SSLeay does not verify if the name in the certificate matches the requested hostname (and thus does not detect man-in-the-middle attacks).
- IO::Socket::SSL does SNI on the client side since version 1.56 (02/2012), but you need at least version 1.0 of OpenSSL. Support for older versions is disabled because of bugs in OpenSSL when interacting with some servers.
You can try to debug the issue with setting $IO::Socket::SSL::DEBUG=4 when running the code.
Upvotes: 9
Related Questions
- How to POST content with an HTTP Request (Perl)
- Perl - How to request HTTPS website
- Unable to get page via HTTPS with LWP::Simple in Perl
- how to pass variable to http post API in Perl?
- Testing an SNI https service by ip address
- LWP POST request not working
- Perl "lwp-request" giving error 500 using TLS 1.2
- SSL error calling Perl web service via https using LWP
- Perl - LWP API Post
- Perl and LWP not authenticating