My first followup question is, where do I find this test suite, and can I just run it simply from the commandline? I am running version 1.76 of IO::Socket::SSL, but it was installed with ActiveState's PPM, and I can't find a testsuite in my Perl directory tree. I found IO-Socket-SSL-1.79 on CPan, but I don't see a testsuite directory in it.
Now, experimenting with this further in an attempt to get more useful, this is weird. I added a 'use' statement to get further debug info in the position shown:
use IO::Socket::SSL qw(debug3);
use Net::SSL ();
use Mozilla::CA;
use LWP::UserAgent;
The "use IO::Socket::SSL qw(debug3);" is new. The inclusion of Net::SSL is there as I had found, by googleing, that it is suppose to increase debugging info (not very effective as far as I can see)
Now, the debug output for getting google using https is as follows:
2012/11/28 22:13:55> Request: GET https://www.google.ca, User-Agent
+: libwww-perl/6.02, (no content)
DEBUG: .../IO/Socket/SSL.pm:1645: new ctx 56552016
DEBUG: .../IO/Socket/SSL.pm:363: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:365: socket connected
DEBUG: .../IO/Socket/SSL.pm:383: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:433: set socket to non-blocking to enforce
+ timeout=180
DEBUG: .../IO/Socket/SSL.pm:446: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:456: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:466: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:486: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:1633: ok=1 cert=61147744
DEBUG: .../IO/Socket/SSL.pm:1633: ok=1 cert=60140256
DEBUG: .../IO/Socket/SSL.pm:1633: ok=1 cert=60140080
DEBUG: .../IO/Socket/SSL.pm:1193: scheme=www cert=60140080
DEBUG: .../IO/Socket/SSL.pm:1202: identity=www.google.ca cn=*.google.c
+a alt=2 *.google.ca 2 google.ca
DEBUG: .../IO/Socket/SSL.pm:446: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:456: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:466: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:486: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:446: Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:501: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:1682: free ctx 56552016 open=56552016
DEBUG: .../IO/Socket/SSL.pm:1687: free ctx 56552016 callback
DEBUG: .../IO/Socket/SSL.pm:1690: OK free ctx 56552016
2012/11/28 22:13:55> Response last request: https://www.google.ca
And the response headers and content of Google's home page follow. So, my second followup question is, why did the explicit inclusion of IO::Socket::SSL have this effect? Why does that one 'use' statement result in Crypt::SSLeay not being involved?
Now, my last question is this. With one of the secure servers I must work with, I get the following:
DEBUG: .../IO/Socket/SSL.pm:1645: new ctx 53640288
DEBUG: .../IO/Socket/SSL.pm:363: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:365: socket connected
DEBUG: .../IO/Socket/SSL.pm:383: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:433: set socket to non-blocking to enforce
+ timeout=180
DEBUG: .../IO/Socket/SSL.pm:446: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:456: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:466: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:486: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:446: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1320: SSL connect attempt failed with unkn
+own error error:00000000:lib(0):func(0):reason(0)
DEBUG: .../IO/Socket/SSL.pm:452: fatal SSL error: SSL connect attempt
+failed with unknown error error:00000000:lib(0):func(0):reason(0)
DEBUG: .../IO/Socket/SSL.pm:1320: IO::Socket::INET configuration faile
+d error:00000000:lib(0):func(0):reason(0)
DEBUG: .../IO/Socket/SSL.pm:1682: free ctx 53640288 open=53640288
DEBUG: .../IO/Socket/SSL.pm:1687: free ctx 53640288 callback
DEBUG: .../IO/Socket/SSL.pm:1690: OK free ctx 53640288
My scripts could connect to this site for the past five years, until just the past couple days. The only thing that appears to have changed is that they have new 'extended validation' certificates. Does this warrant a new thread, or is there a hope of getting help diagnosing why this site fails while all others that I have tested succeed?
Thanks
Ted
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
