http://www.perlmonks.org?node_id=11126918

chrestomanci has asked for the wisdom of the Perl Monks concerning the following question:

Greetings wise brothers, I seek your advice on secret communication an how we can be sure we know who we are talking to.

Specifically, I am trying to get LWP::UserAgent running inside a locally compiled perlbrew install, to accept a corporate root cert.

At my company, IT have created a private SSL certificate keypair, and used it to sign the ssl certs on numerous internal servers. They also publish the public half of the SSL cert which (on ubuntu) I have installed in /etc/ssl/certs/ where it is accepted by system perl, firefox, wget etc.

For some reason the corporate public certificate is not accepted by a perlbrew install of perl 5.10 that I have compiled localy. Do I need to install the corporate root cert somewhere else for perlbrew to accept it?

Code to reproduce

use strict; use warnings; use XML::Simple; use LWP::UserAgent; use Data::Dumper; my $url = "https://--- REDACTED ----"; my $parser = new XML::Simple; my $ua = new LWP::UserAgent; # $ua->ssl_opts( verify_hostname => 0 ,SSL_verify_mode => 0x00); my $req = new HTTP::Request('GET', $url); my $resp = $ua->request($req); # print "Result from fetching $url : " . Dumper($resp); if( $resp->is_success() ){ # print "Result content: ". $resp->content; eval{ my $parsed_xml = $parser->XMLin($resp->content, ForceArray => +['publishedfile']); }; if( $@ ){ print "Error parsing XML: $@"; } else { print "File downloaded and XML parsed OK" } } else { die "Error fetching $url : ".$resp->message; }

This code works fine using Ubuntu's system perl on all the versions of Ubuntu I could find. It also works if I uncomment the $ua->ssl_opts( verify_hostname => 0 ,SSL_verify_mode => 0x00); line, But it fails on line 35 with  Can't connect to REDACTED:443 (certificate verify failed) at scripts/dev/test_ssl_download.pl line 35. if I use perlbrew perl.

Any ideas?

NB: I asked this question in chatterbox about an hour ago, but did not get a reply, so I am re-posting as a perl question.