[RAS] certificate failure

Ivan Kurmanov duraley at gmail.com
Tue Mar 25 14:02:35 UTC 2014 

Hi Thomas,

does it work with any other https url?

-ivan


2014-03-25 16:53 GMT+03:00 Thomas Krichel <krichel at openlib.org>:

>
>   Consider
>
> -----------------------------------------------------------------
> #!/usr/bin/perl
>
> use warnings;
> use strict;
>
> use LWPx::ParanoidAgent;
>
> my $shortid='pkr1';
> my $openid='https://authors.repec.org/pro/'.$shortid;
>
> #$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'}=0;
>
> $ENV{HTTPS_CA_FILE} = $ENV{'HOME'} . '/opt/ca-bundle';
> $ENV{HTTPS_DEBUG} = 1;
>
> ## user agent
> my $ua= LWPx::ParanoidAgent->new;
> $ua->whitelisted_hosts("authors.repec.org");
>
> # get/set the DNS resolver object that's used
> my $resolver = $ua->resolver;
> $ua->resolver(Net::DNS::Resolver->new());
>
> # and then just like a normal LWP::UserAgent, because it is one.
> my $response = $ua->get($openid);
> if ($response->is_success) {
>   print $response->content;  # or whatever
> }
> else {
>   die $response->status_line;
> }
>
> exit;
>
> -----------------------------------------------------------------
>
>   This produces
>
> SSL_connect:before/connect initialization
> SSL_connect:unknown state
> SSL_connect:SSLv3 read server hello A
> SSL3 alert write:fatal:unknown CA
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL3 alert write:fatal:bad certificate
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL3 alert write:fatal:bad certificate
> SSL_connect:error in SSLv3 read server certificate B
> 500 SSL negotiation failed: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
> ./test_ras line 30.
>
>   What is wrong?
>
> --
>
>   Cheers,
>
>   Thomas Krichel                  http://openlib.org/home/krichel
>                                               skype:thomaskrichel
>
> _______________________________________________
> RAS-run mailing list
> RAS-run at lists.openlib.org
> http://lists.openlib.org/cgi-bin/mailman/listinfo/ras-run
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openlib.org/pipermail/ras-run/attachments/20140325/65fd2e1c/attachment.html>

More information about the RAS-run mailing list