DEVHIDE
Login Or Sign up

SSL error calling Perl web service via https using LWP

1.7k Views Asked by At

I have a Perl script that acts as a web service to other Perl scripts running under the same domain. I recently created a new SSL certificate (AlphaSSL) for this domain and installed it on the server and it shows up fine when accessing the site using https.

However, now when a client script calls the web service using htttps via LWP, an error is issued where previously it was not. The code to call the web service looks like this:

$useragent = LWP::UserAgent->new();
$useragent->agent("someagentid");
$postdata = {
    'action' => $apiaction,
    'xauth' => $REQUEST_AUTH_KEY,
};
$response = $useragent->post($BILLING_INFO_GATEWAY, $postdata);

The gateway in the post is an https: URL to the web service script running under the same domain.

The error it produces is:

500 Can't connect to xxxxx.com:443 (certificate verify failed) 
Content-Type: text/plain 
Client-Date: Tue, 25 Nov 2014 01:52:20 GMT Client-Warning: Internal response 
Can't connect to xxxxx.com:443 (certificate verify failed) 
LWP::Protocol::https::Socket: SSL connect attempt failed with unknown error 
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify 
failed at /usr/perl/lib/site_perl/5.10.1/LWP/Protocol/http.pm line 49.

If I add:

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;

then the error goes away, but then the secure connection seems less secure.

I have located the certificate directory on my server which is /ssl/certs/ which has one .crt file in it, so I tried adding:

$ENV{HTTPS_CA_PATH} = '/ssl/certs';

but I still receive the error. I also tried:

$ENV{HTTPS_CA_FILE} = '/ssl/certs/xxxxxxxxxx.cabundle';

after copying a CA bundle file to the same folder (there was no bundle file there previously). This folder contained a .crt file which already existed there after installing the certificate via WHM/cPanel.)

I also tried specifying just the HTTPS_CA_FILE environment variable without the HTTPS_CA_PATH variable but no luck. Still the error persists.

Any ideas about what I might be missing either in the code or on the server to allow the script to verify the hostname successfully? This is a dedicated web server running Linux and cPanel.

Thanks!

perl ssl hostname verify
Original Q&A
1

There are 1 best solutions below

1
On BEST ANSWER

If it works in the browser but not in LWP script it might be because intermediate certificates are missing. Browser often receive these intermediates certificates from earlier SSL connections and cache them, but scripts usually don't do that. You can check this if you check the host with SSLLabs and watch out for "Chain Issues".

If this is not the problem please provide the versions of the modules you are using and preferable also the URL of the host you are trying to reach. To get the versions:

#!/usr/bin/perl
for (qw(LWP::UserAgent LWP::Protocol::https IO::Socket::SSL)) {
    eval "require $_; warn '$_: '.$_->VERSION";
}

Related Questions in PERL

Related Questions in SSL

Related Questions in HOSTNAME

Related Questions in VERIFY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.