LWP::UserAgent is returning a 500 level error in the case of a self-signed site key. This is similar to my previous post on this topic, (
Fixed 500 can't verify SSL peers ):
For https://... default to verified connections with require IO::Socket::SSL and Mozilla::CA modules to be installed. Old behaviour can be requested by setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0. The LWP::UserAgent got new ssl_opts method to control this as well.
I use HTTP::DAV to push changes to the
Los Angeles Perl Mongers website. When I tried to push updates for tonight's meeting,
HTTP::DAV threw an error
" The URL "https://groups.pm.org/groups/losangeles/" is not DAV enabled or not accessible."
.
This seemed familiar -- in fact I filed a bug against HTTP::DAV ( Bug 59674 ) to pass through SSL errors from LWP when SSL libraries were not installed. ( Cosimo, I am sorry that I didn't respond in a timely manner when the fixes were proposed. Thanks for fixing it!). The fix for 59674 included having a specific message for various classes of errors out of LWP::UserAgent.
## Error conditions
my %err = (
'ERR_WRONG_ARGS' => 'Wrong number of arguments supplied.',
'ERR_UNAUTHORIZED' => 'Unauthorized. ',
'ERR_NULL_RESOURCE' => 'Not connected. Do an open first. ',
'ERR_RESP_FAIL' => 'Server response: ',
'ERR_501' => 'Server response: ',
'ERR_405' => 'Server response: ',
'ERR_GENERIC' => '',
);
LWP::UserAgent is returning a 500 level error in the case of a self-signed site key. Not 501 as in the prior case.
Example:
#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use Data::Dumper;
my $url = "https://groups.pm.org/groups/losangeles";
my $ua=LWP::UserAgent->new();
my $resp = $ua->get( $url );
print Dumper $resp;
Output Snippet:
LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /Library/Perl/5.10.0/LWP/Protocol/http.pm line 51.
One can get around this by setting an environment variable export PERL_LWP_SSL_VERIFY_HOSTNAME=0
, or by using the ssl_opts
option to UserAgent. A third, preferred solution would be import the key and mark it as "OK" on the client side.
I pushed my website changes by using the PERL_LWP_SSL_VERIFY_HOSTNAME=0 workaround. Now let's see if I can figure out workarounds 3 and 2.