http://www.perlmonks.org?node_id=1107969

linxdev has asked for the wisdom of the Perl Monks concerning the following question:

After and upgrade of perl sending mail via my mail relay is failing. I suspect this has to do with an invalid certification because my test program works fine for sending to gmail.

Here is my strace output:

fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(465), sin_addr=inet_addr +("192.168.100.1")}, 16) = 0 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 time(NULL) = 1416523433 time(NULL) = 1416523433 time(NULL) = 1416523433 open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 4 fstat64(4, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0 poll([{fd=4, events=POLLIN}], 1, 10) = 1 ([{fd=4, revents=POLLIN}]) read(4, "u6\323\253L`x\256\317\234\240\243\36\325c\227\r\240\336DD\216 +{D@j\302c\372\rv\2"..., 48) = 48 close(4) = 0 getuid32() = 500 time(NULL) = 1416523433 write(3, "\26\3\1\0;\1\0\0007\3\1Tnn\251\274\252V\253\212\314\26:\306Q +0*\327\214\213\210\367"..., 64) = 64 read(3, 0x8edbc30, 7) = -1 EAGAIN (Resource temporar +ily unavailable) select(8, [3], NULL, NULL, {120, 0}) = 1 (in [3], left {119, 912250 +}) time(NULL) = 1416523433 time(NULL) = 1416523433 read(3, "\26\3\1\0J\2\0", 7) = 7 time(NULL) = 1416523433 time(NULL) = 1416523433 read(3, "\0F\3\1Tnn\246\350wT#\224\230\314\324\320\333^BP\17\314\225\3 +40\315D\304\346\352O\375"..., 72) = 72 read(3, "\26\3\1\3\341", 5) = 5 read(3, "\v\0\3\335\0\3\332\0\3\3270\202\3\3230\202\3<\240\3\2\1\2\2\1 +\0000\r\6\t*\206"..., 993) = 993 write(3, "\25\3\1\0\2\0020", 7) = 7 fcntl64(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLO +CK) rt_sigaction(SIGPIPE, NULL, {SIG_DFL, [], SA_RESTORER|SA_INTERRUPT|SA_ +NODEFER|0x34302d0, 0x8ad36e000000000}, 8) = 0 rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0 rt_sigaction(SIGPIPE, {0x1, [], SA_RESTORER|SA_RESTART|SA_INTERRUPT|SA +_NODEFER|SA_RESETHAND|SA_SIGINFO|0x3726080, (nil)}, {SIG_DFL, ~[HUP Q +UIT ILL TRAP FPE SEGV ALRM TERM STKFLT CONT STOP TSTP TTIN XFSZ VTALR +M PROF IO PWR RTMIN RT_1 RT_2 RT_4 RT_6 RT_10 RT_11 RT_12 RT_14 RT_16 + RT_17 RT_21 RT_25 RT_26 RT_27 RT_29 RT_30], SA_RESTORER|SA_INTERRUPT +|SA_NODEFER|0x34302d0, 0x100000000}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0 rt_sigaction(SIGPIPE, {SIG_DFL, [], SA_STACK|0xac5c70}, {0x1, [RT_4 RT +_5 RT_6 RT_7 RT_8 RT_9 RT_11 RT_12 RT_14 RT_16 RT_18 RT_19 RT_23 RT_2 +4 RT_25 RT_26 RT_27 RT_28 RT_29 RT_30 RT_31], SA_RESTORER|SA_RESTART| +SA_INTERRUPT|SA_NODEFER|SA_RESETHAND|SA_SIGINFO|0x3726080, (nil)}, 8) + = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 close(3) = 0 write(2, "ERROR: Died at ./invite.pl line "..., 37ERROR: Died at ./inv +ite.pl line 10.

I am using:

my $s = Net::SMTP::SSL->new('192.168.100.1', Port => 465, Debug=>1) or + die "$!";

I never get far enough to see a failure so I had to use strace.

Is this a certificate issue?

Chris

Replies are listed 'Best First'.
Re: Net::SMTP::SSL connect failure
by linxdev (Sexton) on Nov 20, 2014 at 22:54 UTC

    Did some stracing.

    $Net::SSLeay::trace = 2;
    DEBUG: .../IO/Socket/SSL.pm:539: socket not yet connected DEBUG: .../IO/Socket/SSL.pm:541: socket connected DEBUG: .../IO/Socket/SSL.pm:563: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:605: not using SNI because openssl is too +old DEBUG: .../IO/Socket/SSL.pm:650: set socket to non-blocking to enforce + timeout=120 DEBUG: .../IO/Socket/SSL.pm:673: ssl handshake in progress DEBUG: .../IO/Socket/SSL.pm:683: waiting for fd to become ready: SSL w +ants a read first DEBUG: .../IO/Socket/SSL.pm:703: socket ready, retrying connect DEBUG: .../IO/Socket/SSL.pm:1779: SSL connect attempt failed DEBUG: .../IO/Socket/SSL.pm:1784: SSL connect attempt failed error:140 +90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify fai +led DEBUG: .../IO/Socket/SSL.pm:669: fatal SSL error: SSL connect attempt +failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certif +icate verify failed DEBUG: .../IO/Socket/SSL.pm:1768: IO::Socket::IP configuration failed ERROR: Died at ./invite.pl line 11.

      > I suspect this has to do with an invalid certification because my test program works fine for sending to gmail.
      > ...
      > my $s = Net::SMTP::SSL->new('192.168.100.1'...
      > ...
      > ...SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

      I guess your certificate is not signed by any of the trusted CAs on the system. Thus the verification will fail, because there is not trust anchor. In old times (before 1.950, released 07/2013) the default was to not verify the certificate which is of course a bad idea for a default when doing security relevant stuff.

        Yep, I changed that code. These devices run on LANs with multiple interfaces.