Wednesday, April 27, 2011

More LWP SSL 500 issues! Now with HTTP::DAV crossover

LWP::UserAgent is returning a 500 level error in the case of a self-signed site key. This is similar to my previous post on this topic, ( Fixed 500 can't verify SSL peers ):
For https://... default to verified connections with require IO::Socket::SSL and Mozilla::CA modules to be installed. Old behaviour can be requested by setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0. The LWP::UserAgent got new ssl_opts method to control this as well.
I use HTTP::DAV to push changes to the Los Angeles Perl Mongers website. When I tried to push updates for tonight's meeting, HTTP::DAV threw an error " The URL "https://groups.pm.org/groups/losangeles/" is not DAV enabled or not accessible.".

This seemed familiar -- in fact I filed a bug against HTTP::DAV ( Bug 59674 ) to pass through SSL errors from LWP when SSL libraries were not installed. ( Cosimo, I am sorry that I didn't respond in a timely manner when the fixes were proposed. Thanks for fixing it!). The fix for 59674 included having a specific message for various classes of errors out of LWP::UserAgent. 

## Error conditions
my %err = (
    'ERR_WRONG_ARGS'    => 'Wrong number of arguments supplied.',
    'ERR_UNAUTHORIZED'  => 'Unauthorized. ',
    'ERR_NULL_RESOURCE' => 'Not connected. Do an open first. ',
    'ERR_RESP_FAIL'     => 'Server response: ',
    'ERR_501'           => 'Server response: ',
    'ERR_405'           => 'Server response: ',
    'ERR_GENERIC'       => '',
);

LWP::UserAgent is returning a 500 level error in the case of a self-signed site key. Not 501 as in the prior case.

Example: 

#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use Data::Dumper;
my $url = "https://groups.pm.org/groups/losangeles";
my $ua=LWP::UserAgent->new();
my $resp = $ua->get( $url );
print Dumper $resp;
Output Snippet:
LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /Library/Perl/5.10.0/LWP/Protocol/http.pm line 51.

One can get around this by setting an environment variable export PERL_LWP_SSL_VERIFY_HOSTNAME=0, or by using the ssl_opts option to UserAgent. A third, preferred solution would be import the key and mark it as "OK" on the client side.

I pushed my website changes by using the PERL_LWP_SSL_VERIFY_HOSTNAME=0 workaround. Now let's see if I can figure out workarounds 3 and 2.

Posted by Andrew Grangaard at 3:25 PM
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)