Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Guidance on SSL Cert Checking

by setuk1 (Initiate)
on Oct 31, 2013 at 17:56 UTC ( #1060616=perlquestion: print w/ replies, xml ) Need Help??
setuk1 has asked for the wisdom of the Perl Monks concerning the following question:

Googled around and i cant get an SSL test using IO::Socket:SSL to work. Can someone point me in the right direction to set up SSL validation against a server running https.
use IO::Socket::SSL qw(debug4); use Data::Dumper; # simple HTTP client --------------------------------------------- +-- my $sock = IO::Socket::SSL->new( # where to connect PeerHost => "mail.google.com", PeerPort => "443", SSL_verify_mode => SSL_VERIFY_PEER, SSL_ca_path => 'C:\\Users\\Simon\\ptest\\certs' ) or die "failed connect or ssl handshake: $!,$SSL_ERROR";
And getting:-
C:\Users\Simon\ptest>t2.pl DEBUG: .../IO/Socket/SSL.pm:1805: new ctx 46151184 DEBUG: .../IO/Socket/SSL.pm:449: socket not yet connected DEBUG: .../IO/Socket/SSL.pm:451: socket connected DEBUG: .../IO/Socket/SSL.pm:469: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:504: using SNI with hostname mail.google.c +om DEBUG: .../IO/Socket/SSL.pm:540: Net::SSLeay::connect -> -1 DEBUG: .../IO/Socket/SSL.pm:1411: SSL connect attempt failed with unkn +own error DEBUG: .../IO/Socket/SSL.pm:546: fatal SSL error: SSL connect attempt +failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER +_ CERTIFICATE:certificate verify failed DEBUG: .../IO/Socket/SSL.pm:449: socket not yet connected DEBUG: .../IO/Socket/SSL.pm:451: socket connected DEBUG: .../IO/Socket/SSL.pm:469: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:507: not using SNI because hostname is unk +nown DEBUG: .../IO/Socket/SSL.pm:540: Net::SSLeay::connect -> -1 DEBUG: .../IO/Socket/SSL.pm:1411: SSL connect attempt failed with unkn +own error DEBUG: .../IO/Socket/SSL.pm:546: fatal SSL error: SSL connect attempt +failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER +_ CERTIFICATE:certificate verify failed DEBUG: .../IO/Socket/SSL.pm:1842: free ctx 46151184 open=46151184 DEBUG: .../IO/Socket/SSL.pm:1850: OK free ctx 46151184 failed connect or ssl handshake: Bad file descriptor,IO::Socket::IP co +nfiguration failed SSL connect attempt failed with unknown error erro +r :14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify +failed at C:\Users\Simon\ptest\t2.pl line 6.

As i am testing against google mail - i downloaded all 3 certs in the key chain and put them in the certs dir. mail.google.com.crt GoogleInternetAuthorityG2.crt GeoTrustGlobalCA.crt Any ideas as to what im doing wrong.

Comment on Guidance on SSL Cert Checking
Select or Download Code
Re: Guidance on SSL Cert Checking
by sundialsvc4 (Abbot) on Nov 01, 2013 at 01:53 UTC

    I suggest that you should be very specific in your Google Searches about this problem.   For example, a search for:

    ssl "14090086" "mail.google.com"
    appears to be fruitful, although I have not yet explored the hits.   Clearly, whatever-it-is is not by any means “perl-specific.”   It is, rather ... and this is way too “familiar” to me ... SSL ... being itself.

    Unfortunately, the careful-design of SSL is that it gives nothing away to “what it always presumes to be an attacker.”

    My best advice to you at this point is that ... “this is not a Perl problem.”   It is, however, a most familiar problem . . .   At this point, “Perl” is, in its own way, more-or-less returning to you the same codes that <<PHP | dot-Net | Java | ... >> would (had to have ...) have done, and for the same impenetrable reasons.

    “Been there.   Oh, yes I have.   Done that.”   Keep us informed.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1060616]
Approved by toolic
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (9)
As of 2014-12-23 03:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (134 votes), past polls