Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

issue with ssl_opts verify_hostname = 1

by myuserid7 (Scribe)
on Oct 20, 2012 at 10:17 UTC ( #1000120=perlquestion: print w/ replies, xml ) Need Help??
myuserid7 has asked for the wisdom of the Perl Monks concerning the following question:

I've been having issues enforcing hostname verification via verify_hostname => 1 on line 27.

When running the code with Verify_hostname => 1 I get the following error: "certificate verify failed"

My code is below. You will need to change 0 to 1 on line 27 to see the issue.

Example usage: /content_check.pl --hostname=www.verisign.com --IPAddress=69.58.181.89 --uri=products-services/ --searchstring='Products and Services'

http://pastebin.com/xNwiTdz2

Here is version info:

perl-GD-SVG-0.33-1.el5

perl-Sub-Install-0.925-1.el5

perl-MRO-Compat-0.09-1.el5

perl-Error-0.17010-1.el5

perl-Params-Util-1.00-3.el5

perl-CPAN-DistnameInfo-0.06-2.el5

perl-Net-SSLeay-1.30-4.fc6

perl-String-CRC32-1.4-2.fc6

perl-SVG-2.49-1.el5

perl-Convert-ASN1-0.20-1.1

perl-IPC-Run-0.80-3.el5

perl-HTML-Tagset-3.10-2.1.1

perl-version-0.7203-1.el5

perl-Sub-Identify-0.03-1.el5

perl-Algorithm-C3-0.06-1.el5

perl-Moose-0.51-1.el5

perl-DBD-MySQL-3.0007-2.el5

perl-URI-1.35-3

perl-Git-1.7.4.1-1.el5

perl-HTML-Parser-3.55-1.fc6

perl-Class-C3-XS-0.08-1.el5

perl-Package-Generator-0.100-2.el5

perl-Class-C3-0.19-2.el5

perl-Parse-CPAN-Packages-2.33-8.el5

perl-5.8.8-32.el5_6.3

perl-libwww-perl-5.805-1.1.1

perl-Sub-Exporter-0.982-11.el5

perl-Crypt-SSLeay-0.51-11.el5

perl-DBI-1.52-2.el5

perl-GD-2.35-2.el5

perl-Compress-Zlib-1.42-1.fc6

perl-Data-OptList-0.101-2.el5

perl-Class-MOP-0.62-1.el5

This is my first Perl script, be gentle.

#!/usr/bin/perl -w use strict; #use warnings; use Getopt::Long; use LWP::UserAgent; use LWP::Protocol::https; use LWP::UserAgent::DNS::Hosts; use Crypt::SSLeay; use Mozilla::CA; GetOptions( 'hostname|h=s' => \my $hostname1, 'IPAddress|i=s' => \my $ipaddress1, 'uri|u=s' => \my $URI, 'searchstring|s=s' => \my $searchstring, 'help|?' => sub { &usage(); }, ); my $webpage = "https://$hostname1/$URI"; my $returnvalue; LWP::UserAgent::DNS::Hosts->register_host( "$hostname1" => "$ipaddress1", ); LWP::UserAgent::DNS::Hosts->enable_override; my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 }); $ua->protocols_allowed( ['https'] ); $ua->agent('Mozilla/8.0'); my $res = $ua->get($webpage); #returns http status print "HTTP status: ", $res->status_line( ), " "; #Example of header elements that can be polled #print "Header: ", $res->header('Server'), "\n"; my $response=''; my $result = $res->content; if ( $result =~ /$searchstring/ ) { print "\""."$searchstring" . "\" found on " . "$webpage" . " a +t " . "$ipaddress1" . "\n"; $returnvalue='0'; }else{ print "\""."$searchstring" . "\" not found on " . "$webpage" . + " at " . "$ipaddress1" . "\n"; $returnvalue='2'; } sub usage() { print(" Content checking script Example usage: ./content_check.pl --hostname=www.verisign.com --IPAddr +ess=69.58.181.89 --uri=products-services/ --searchstring='Products an +d Services' --host=<host> Hostna +me to connect to. --ip=<ip address> IP add +ress to use if unable to use DNS lookup to test. Ex. Site is behind a + load balancer and you want to test one of the webheads. --uri=</uri/to/test/> URI pa +th relevant to the hostname. --searchstring=<string to search for> String + of test to base content check off of. --help Displa +ys this page. "); } exit($returnvalue);
urlhttp://www.centplay.com/affiliate/id_366//url

Comment on issue with ssl_opts verify_hostname = 1
Download Code
Re: issue with ssl_opts verify_hostname = 1
by zwon (Monsignor) on Oct 20, 2012 at 13:46 UTC

    Module needs CA certificate to verify site certificate. Perhaps you should install Mozilla::CA. Alternatively you can specify path to CA certificate using SSL_ca_file or SSL_ca_path option. See LWP::Protocol::https.

      Thanks for the reply.

      Line 9 currently contains "use Mozilla::CA;" and when I call print Mozilla::CA::SSL_ca_file(); it outputs the correct file and the file has correct permissions.

      I tried defining SSL_ca_file before posting to no avail Any other ideas?

        After looking more closely on your example (it works for me with libwww-6.04 btw) I see that you're using libwww-perl-5.805. According to changelog libwww supports Mozilla::CA since version 6.00. Also older version uses Crypt::SSLeay for https support, so my previous link to LWP::Protocol::https was misleading. In order to specify CA certificate for Crypt::SSLeay you should set $ENV{HTTPS_CA_FILE}

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1000120]
Approved by philipbailey
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (13)
As of 2014-10-31 15:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (219 votes), past polls