Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

need to fix my installation of IO::Socket::SSL, but how?

by ted.byers (Monk)
on Nov 28, 2012 at 21:08 UTC ( #1006100=perlquestion: print w/replies, xml ) Need Help??
ted.byers has asked for the wisdom of the Perl Monks concerning the following question:

In the docs, I read, under limitations, "IO::Socket::SSL uses Net::SSLeay as the shiny interface to OpenSSL, which is the shiny interface to the ugliness of SSL. As a result, you will need both Net::SSLeay and OpenSSL on your computer before using this module."

The question is, what does this really require? For example, I have, on the machines in question, openssl. And I run it from the commandline, either in it's install/bin directory, or by specifying the full path to the openssl binary. I assume that isn't good enough for IO::Socket::SSL, and that, at a minimum I need to add the path to the openssl binary to the system path (this is on Windows).

However, I am uncertain as to whether or not it also requires the path and file name for the configuration file I normally use for openssl. The openssl binary, on Windows, uses a unix path, beginning with '/usr' to search for the configuration file, and obviously that path does not exist on Windows. Therefore, for any real use, I have to pass a commandline argument to openssl to tell it where the configuration file is. How, then, do I tell IO::Socket::SSL where openssl is and where it's configuration file is?

Please note, I have never used IO::Socket::SSL directly, but I need it in order for LWP::UserAgent to connect to secure sites.



  • Comment on need to fix my installation of IO::Socket::SSL, but how?

Replies are listed 'Best First'.
Re: need to fix my installation of IO::Socket::SSL, but how?
by syphilis (Chancellor) on Nov 28, 2012 at 22:04 UTC
    The following should be all that's needed:
    ppm install --force ppm install --force ppm install --force
    Neither Net::SSLeay nor IO::Socket::SSL need to find the openssl executable (or any config file) as they don't use it. Instead, Net::SSLeay uses the openssl library - which needs to be found when building that module from source.
    If the openssl libraries against which it is built are dynamic ones (dll) then those dll files need also to be in the path whenever Net::SSLeay is used by a script.
    (IO::Socket::SSL is just a pure perl module that uses Net::SSLeay.)

    The above ppm package for Net::SSLeay was built against static openssl libraries - it doesn't need to find any openssl library at runtime, and should work fine even if there's no openssl installation on the PC, because the requisite openssl functionality has been built into that Net::SSLeay package. (Any existing openssl library won't do any harm - it just won't be used.)

    I notice that those ppm packages for Net::SSLeay and IO::Socket::SSL are not quite current - I'll update them in the next hour or so, though I expect that the versions presently available would be suitable for your purposes.
    Note that there are probably ppm packages on offer at other repos - some of those might require the installation of openssl dll files (which they should install for you).

    UPDATE: Uploaded ppm packages for Net-SSLeay-1.49, but have left IO-Socket-SSL at version 1.76. The tests for IO-S-SSL-1.76 work fine against Net-SSLeay-1.49 (and 1.48), but t/acceptSSL-timeout.t (which hasn't changed from IO-S-SSL-1.76 to IO-S-SSL-1.79) hangs with IO-S-SSL-1.79. IO-Socket-SSL is pure perl, and easy to update if the OP wants.

    UPDATE 2: The problem with IO-Socket-SSL-1.79 is fixed in version 1.80. IO-Socket-SSL-1.80 has therefore now been uploaded to the sisyphusion ppm repo.


        Thanks runrig. I double checked that, when I saw your reply. It was already at it's latest version, as was Net::HTTPS.

        Alas, I still get a problem with my client being unable to verify the host name (part of the usual hand-shaling between client and server)



      Thanks Rob

      I have applied the updates you have provided, although from the output, I was probably already running the latest versions of these packages, as well as Net::HTTP and Net::HTTPS.

      I had assumed, obviously, that I had to have openssl in order to have this reliable. However, you have shown me the error of that assumption. But, that leaves the puzzle illustrated by the following output:

      C:/Perl64.v.5.14/bin\perl.exe -w c:/Projects/LWP/ https://w 2012/11/28 20:13:53> Request: POST, User-Agen +t: libwww-perl/6.02, Content-Length: 0, Content-Type: applicati +on/x-www-form-urlencoded, (no content) 2012/11/28 20:13:53> Response last request: 2012/11/28 20:13:53> Response headers: Content-Type: text/plain, Cl +ient-Date: Thu, 29 Nov 2012 01:13:53 GMT, Client-Warning: Internal + response 2012/11/28 20:13:53> Response code: 500 2012/11/28 20:13:53> Response status: Internal Server Error 2012/11/28 20:13:53> Response status: 500 Can't connect to +ca:443 (Crypt-SSLeay can't verify hostnames) Header field names: Content-TypeClient-DateClient-Warning Previous: undef 2012/11/28 20:13:53> The URL was not successfull +y retrieved.

      I had belived that the inability to verify the hostname was due to a problem with my installation WRT openssl. But, if that is incorrect, why does the code fail to verify the hostname? I had even tried each of the following lines of code (separately):

      $ua->ssl_opts( SSL_ca_file => Mozilla::CA::SSL_ca_file() ); $ua->ssl_opts( verify_hostnames => 0 );

      Of course, $ua is created beforehand using "my $ua = LWP::UserAgent->new;".

      Also, I used the statement "$ENV{HTTPS_DEBUG} = 1; " to try to get more detailed debugging information. However, as you can see above, I get very little useful debugging information. How can I get more detailed information about the hand-shaking between my client and the server, and especially, diagnostics as to what can go awry?



        (Crypt-SSLeay can't verify hostnames)

        It seems that, somehow, Crypt::SSLeay is getting involved, instead of (or as well as) Net::SSLeay. I suspect you may well find that Net::SSLeay is not being used at all (but I don't know that for sure, and have no experience with Crypt::SSLeay).

        One thing I think you could do is to grab the test suite from IO::Socket::SSL and check that those test scripts run ok. For me, some tests are (rightly) skipped, all other tests pass.
        If there are problems for you, firstly try with version 1.76 of IO::Socket::SSL (if you're not already using that version) and see if that makes any difference.

        It seems there's a connectivity problem ... maybe someone else here has an understanding of precisely what's going wrong. (I don't.)


      A quick question related to this, that arose when I asked openssl gurus about the problems I am having. The question is, how current is the versiion of openssl that is built into Net::SSLeay? Is there a way for me to find out directly from Net::SSLeay?



        $ perldoc Net::SSLeay |ack version

        $ perldoc Net::SSLeay |grep version

        $ perl -MNet::SSLeay -e " print Net::SSLeay::SSLeay_version(); "

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1006100]
Approved by Gangabass
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (6)
As of 2018-06-24 19:51 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (126 votes). Check out past polls.