Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

LWP Can't connect to api-ssl.bitly.com

by Anonymous Monk
on May 20, 2015 at 21:11 UTC ( [id://1127281]=perlquestion: print w/replies, xml ) Need Help??

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Since two days i can't generate bitly url. Here is the error i am having: 
    $VAR1 = bless( {
                 '_content' => 'Can\'t connect to api-ssl.bitly.com:44
+3
    LWP::Protocol::https::Socket: SSL connect attempt failed with unkn
+own error error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unkn
+own message digest algorithm at /usr/local/share/perl/5.10.1/LWP/Prot
+ocol/http.pm line 51.
    ', '_rc' => 500,
                 '_headers' => bless( {
                                        'client-warning' => 'Internal 
+response',
                                        'client-date' => 'Wed, 15 Apr 
+2015 18:08:08 GMT',
                                        'content-type' => 'text/plain'
                                      }, 'HTTP::Headers' ),
                 '_msg' => 'Can\'t connect to api-ssl.bitly.com:443',
                 '_request' => bless( {
                                        '_content' => '',
                                        '_uri' => bless( do{\(my $o = 
+'https://api-ssl.bitly.com/v3/shorten?login=LOGIN&apiKey=API_KEY&long
+url=LONG_URL')}, 'URI::https' ),
                                        '_headers' => bless( {
                                                               'user-a
+gent' => 'libwww-perl/6.04'
                                                             }, 'HTTP:
+:Headers' ),
                                        '_method' => 'GET'
                                      }, 'HTTP::Request' )
               }, 'HTTP::Response' );

[download]
cat /etc/issue.net     
   
Ubuntu 10.04.4 LTS    
openssl version -a     
OpenSSL 0.9.8k 25 Mar 2009    
built on: Mon Aug 18 16:08:20 UTC 2014     
platform: debian-amd64     
options:  bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) blowfi
+sh(ptr2)        
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
+ -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexec
+stack -g -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSH
+A256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM      
    
apt-cache policy openssl      
openssl:    
  Installed: 0.9.8k-7ubuntu8.21     
  Candidate: 0.9.8k-7ubuntu8.27   
  Version table:     
     0.9.8k-7ubuntu8.27 0     
        500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packa
+ges    
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Pac
+kages    
 *** 0.9.8k-7ubuntu8.21 0     
        100 /var/lib/dpkg/status     
     0.9.8k-7ubuntu8 0      
        500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages     

   
   
    $ perl -MIO::Socket::SSL -e 'print $IO::Socket::SSL::VERSION'   
    1.74    
    $ perl -MIO::Socket::SSL -e 'print $Net::SSLeay::VERSION'    
    1.48    
    $ perl -MIO::Socket::SSL -e 'print $LWP::Protocol::https::VERSION'
+  
    $ perl -MLWP -le "print(LWP->VERSION)"    
     6.04     
    $ perl -MIO::Socket::SSL -e 'print Net::SSLeay::OPENSSL_VERSION_NU
+MBER()'   
    9470143

[download]
Any insight appreciated.

Replies are listed 'Best First'.
Re: LWP Can't connect to api-ssl.bitly.com
by ww (Archbishop) on May 20, 2015 at 23:40 UTC

    FWIW, current version (on CPAN) of IO::Socket::SSL is 2.015. Net::SSLeay vers. is 1.68. And LWP::Protocol::https is 6.06.

    Can you update your modules? Seems to me we've recently (March) heard about an exploitable weakness (aka "FREAK" and/or "the heartbleed bug") in some versions of SSL.

    But this may be a red herring. Your problem statement, "Since two days i can't generate bitly url" to a native English speaker strongly suggests that prior to two days ago, you were able to "generate bitly url."

    If that's actually the case here, what changed (other than the inability to build short URLs)?


    Spirit of the Monastery

[reply]

      Thanks.

      Nothing has changed, the website code is the same. It just stopped working (generating short link) giving the error above. It worked for the last 18 months until April 10 (first time the error show up on logs).

      What frustrate me is that i cannot reproduce the same error on the development.

      I know it the modules are olds. I am working on migrating the website to some thing newer. If i have to update just one module which one should i update (just worried about breaking the site)?
[reply]
        "Nothing has changed, the website code is the same."

        Although your code may not have changed, this does not mean that "Nothing has changed". [Assumption: "website code" is "your code"]

        Check with your sysadmin, ISP, or equivalent for changes to server(s). This could be related to hardware, configuration, environment, etc.

        -- Ken

[reply]

        re "which one (module)..." to change:

        1. if, as kcott inferred, the change is at your hosting service or by your syssadmin you'll have to take his advice: talk to the supplier. Your observation that you can't reproduce the error on the dev box (I assume that's what you meant) reinforces, for me, anyway, the notion that 'the other guy' made a change, but didn't tell you.
        2. if the issue is related to an update (by others) calculated to minimize opportunities for an exploit, and you actually control the production box, you might want to check and see if there's any kind of auto-update process that you've not noticed (logs may help as might other sleuthing thru the software, OS included.

        Finishing the thought: OTOH, suppose the change is at bitly -- that would explain their rejection of an older SSL protocol. Again, check the source....

        And finally, the Perl Porters go to great lengths to avoid "breaking" things; backward compatibility (at least to 5.8 or maybe 5.6) is a high priority precisely because some major users are so slow (reluctant?) to update. What you're talking about is not quite as ancient, but both your Ubuntu and your Perl date to well before the discovery of the SSL problem (or others which come less readily to mind).


        ++$anecdote ne $data

[reply]
[d/l]
Re: LWP Can't connect to api-ssl.bitly.com
by noxxi (Pilgrim) on May 22, 2015 at 14:37 UTC 
    > ...Installed: 0.9.8k-7ubuntu8.21     
> ...ASN1_item_verify:unknown message digest algorithm
    The certificate for api-ssl.bitly.com is signed with SHA-256. Support for these signatures is enabled by default starting with OpenSSL 0.9.8o. Which means your version of OpenSSL is too old and you need to upgrade.
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1127281]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (7)
As of 2024-04-24 06:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found