Skip Menu |
 

This queue is for tickets about the Mozilla-CA CPAN distribution.

Report information
The Basics
Id: 120332
Status: open
Priority: 0/
Queue: Mozilla-CA

People
Owner: Nobody in particular
Requestors: 'spro^^*%*^6ut# [...] &$%*c
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Let’s Encrypt certificates fail
Download (untitled) / with headers
text/plain 910b
$ perl -MIO::Socket::SSL -e 'new IO::Socket::SSL "easternchristiansupply.biz:443" or die IO::Socket::SSL::errstr' SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at -e line 1. The certificate in question is issued by Let’s Encrypt. IO::Socket::SSL is using the pem file from Mozilla::CA by default: $ perl -MIO::Socket::SSL -le 'print IO::Socket::SSL::default_ca' SSL_ca_file/Library/Perl/5.18/Mozilla/CA/cacert.pem Firefox 38 recognizes that certificate. So why does IO::Socket::SSL not recognize it when using Mozilla::CA’s database? Where should I be reporting this problem? Version information: $ perl -v|head -2 This is perl 5, version 18, subversion 2 (v5.18.2) built for darwin-thread-multi-2level $ perl -MIO::Socket::SSL -le 'print VERSION IO::Socket::SSL' 2.047 $ perl -MMozilla::CA -le 'print VERSION Mozilla::CA' 20160104 1
Subject: Re: [rt.cpan.org #120332] Let’s Encrypt certificates fail
Date: Mon, 27 Feb 2017 07:23:22 +0700
To: bug-Mozilla-CA [...] rt.cpan.org
From: Ask Bjørn Hansen <ask [...] perl.org>
Download (untitled) / with headers
text/plain 131b
https://news.ntppool.org/ and https://www.ntppool.org/ are also Let’s Encrypt certs and they validate as far as I can tell. :-/
RT-Send-CC: ask [...] perl.org
Download (untitled) / with headers
text/plain 342b
On Sun Feb 26 19:23:34 2017, ask@perl.org wrote: Show quoted text
> https://news.ntppool.org/ and https://www.ntppool.org/ are also Let’s > Encrypt certs and they validate as far as I can tell. :-/
Strange. Did you test easternchristiansupply.biz the same way? I wonder whether it has to do with something else on the machine on which I’m running it.
Download (untitled) / with headers
text/plain 539b
On Mon Feb 27 23:01:01 2017, SPROUT wrote: Show quoted text
> On Sun Feb 26 19:23:34 2017, ask@perl.org wrote:
> > https://news.ntppool.org/ and https://www.ntppool.org/ are also > > Let’s > > Encrypt certs and they validate as far as I can tell. :-/
> > Strange. Did you test easternchristiansupply.biz the same way? I > wonder whether it has to do with something else on the machine on > which I’m running it.
Well it turns out to be a misconfiguration on the server. The problem is now fixed. Sorry for the noise. This ticket can be closed.
Subject: Re: [rt.cpan.org #120332] Let’s Encrypt certificates fail
Date: Mon, 13 Mar 2017 19:45:43 -0700
To: bug-Mozilla-CA [...] rt.cpan.org
From: Ask Bjørn Hansen <ask [...] perl.org>
Download (untitled) / with headers
text/plain 111b
Great, thank you for following up! Can you share what was wrong (for future seekers of configuration errors).
Download (untitled) / with headers
text/plain 323b
On Mon Mar 13 22:46:16 2017, ask@perl.org wrote: Show quoted text
> Great, thank you for following up! > > Can you share what was wrong (for future seekers of configuration errors).
Having just SSLCertificateFile and SSLCertificateKeyFile set in the Apache configuration file is insufficient. SSLCACertificateFile needs to be set as well.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.