[RAS] certificate failure

'Christian Zimmermann' zimmermann at stlouisfed.org
Tue Mar 25 14:27:31 UTC 2014 

Other servers using OpenID are not reporting errors, so I suspect the 
issue is not on RAS. Getting OpenID to work on all.repec.org required 
tinkering with some SSL perl module. Dan can report on that.

On Tue, 25 Mar 2014, Thomas Krichel wrote:

>
>  Consider
>
> -----------------------------------------------------------------
> #!/usr/bin/perl
>
> use warnings;
> use strict;
>
> use LWPx::ParanoidAgent;
>
> my $shortid='pkr1';
> my $openid='https://authors.repec.org/pro/'.$shortid;
>
> #$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'}=0;
>
> $ENV{HTTPS_CA_FILE} = $ENV{'HOME'} . '/opt/ca-bundle';
> $ENV{HTTPS_DEBUG} = 1;
>
> ## user agent
> my $ua= LWPx::ParanoidAgent->new;
> $ua->whitelisted_hosts("authors.repec.org");
>
> # get/set the DNS resolver object that's used
> my $resolver = $ua->resolver;
> $ua->resolver(Net::DNS::Resolver->new());
>
> # and then just like a normal LWP::UserAgent, because it is one.
> my $response = $ua->get($openid);
> if ($response->is_success) {
>  print $response->content;  # or whatever
> }
> else {
>  die $response->status_line;
> }
>
> exit;
>
> -----------------------------------------------------------------
>
>  This produces
>
> SSL_connect:before/connect initialization
> SSL_connect:unknown state
> SSL_connect:SSLv3 read server hello A
> SSL3 alert write:fatal:unknown CA
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL3 alert write:fatal:bad certificate
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL3 alert write:fatal:bad certificate
> SSL_connect:error in SSLv3 read server certificate B
> 500 SSL negotiation failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at ./test_ras line 30.
>
>  What is wrong?
>
> -- 
>
>  Cheers,
>
>  Thomas Krichel                  http://openlib.org/home/krichel
>                                              skype:thomaskrichel
>
> _______________________________________________
> RAS-run mailing list
> RAS-run at lists.openlib.org
> http://lists.openlib.org/cgi-bin/mailman/listinfo/ras-run
>

Christian Zimmermann                          FIGUGEGL!
Economic Research
Federal Reserve Bank of St. Louis
P.O. Box 442
St. Louis MO 63166-0442 USA
http://ideas.repec.org/zimm/

More information about the RAS-run mailing list