Geek Answers Handbook

Perl Client-SSL-Warning: partner certificate not verified

I am having problems with the perl movie on the https site. In debugging, I ran the following:

print $res->headers_as_string;

and in the output I have the following line:

 Client-SSL-Warning: Peer certificate not verified

Is there a way so that I can automatically accept this certificate, or is this not a problem?

 #!/usr/bin/perl use LWP::UserAgent; use Crypt::SSLeay::CTX; use Crypt::SSLeay::Conn; use Crypt::SSLeay::X509; use LWP::Simple qw(get); my $ua = LWP::UserAgent->new; my $req = HTTP::Request->new(GET => 'https://vzw-cat.sun4.lightsurf.net/vzwcampaignadmin/'); my $res = $ua->request($req); print $res->headers_as_string;

exit:

 Cache-Control: no-cache Connection: close Date: Tue, 01 Jun 2010 19:28:08 GMT Pragma: No-cache Server: Apache Content-Type: text/html Expires: Wed, 31 Dec 1969 16:00:00 PST Client-Date: Tue, 01 Jun 2010 19:28:09 GMT Client-Peer: 64.152.68.114:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Client-SSL-Cert-Subject: /C=US/ST=Massachusetts/L=Boston/O=verizon wireless/OU=TERMS OF USE AT WWW.VERISIGN.COM/RPA (C)00/CN=PSMSADMIN.VZW.COM Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Client-Transfer-Encoding: chunked Link: <css/vtext_style.css>; rel="stylesheet"; type="text/css" Set-Cookie: JSESSIONID=DE6C99EA2F3DD1D4DF31456B94F16C90.vz3; Path=/vzwcampaignadmin; Secure Title: Verizon Wireless - Campaign Administrator

UPDATE: I added

 $ENV{HTTPS_CA_FILE} = 'certs/PSMSADMIN.VZW.COM'; $ENV{HTTPS_CA_DIR} = 'certs/';

as suggested below. I also enabled debugging:

 $ENV{HTTPS_DEBUG} = 1;

Here is my conclusion:

 SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A SSL3 alert write:fatal:bad certificate SSL_connect:error in SSLv3 read server certificate B SSL_connect:before/connect initialization SSL_connect:SSLv2 write client hello A SSL_connect:error in SSLv2 read server hello B content: 500 SSL negotiation failed: error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed

I am trying to ignore the crash, but the problem is that this is the only thing on the page now, so there is no login form or anything else.

+6
perl certificate ssl lwp
source share
1 answer

As far as I can tell, this is just a warning. The certificate on this site does not match the domain, so perl (rightfully) complains about it. If you really enable peer certificate verification, for example:

 # CA cert peer verification $ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt'; $ENV{HTTPS_CA_DIR} = 'certs/';

You will get this as your conclusion:

 Content-Type: text/plain Client-Date: Tue, 01 Jun 2010 19:32:51 GMT Client-Warning: Internal response 500 SSL negotiation failed: error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed Content-Type: text/plain Client-Date: Tue, 01 Jun 2010 19:32:51 GMT Client-Warning: Internal response

There is a get_peer_verify method in Net::SSL (which Crypt::SSLeay provides) that returns whether or not verification from the side is desirable. I believe that in 2001 it was added or so that this message was hidden. This 2002 patch claims to disable the warning when an external check is not needed, but I don't think it has ever been applied.

In short, you can probably ignore the warning if you don't want to do a check, in which case I would say add a root certificate to your CA_DIR and CA_FILE . But since the cert domain does not match the server domain, I'm not even sure if this helps.

+4
source share

More articles:


All Articles