Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 82512
Status: rejected
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: tokuhirom+cpan [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Cannot handle errors with IO::Socket::SSL::errstr()
Download (untitled) / with headers
text/plain 782b
code: ----------------------------------------------- use IO::Socket::SSL; my $sock = IO::Socket::SSL->new( PeerHost => 'pause.perl.org', PeerPort => '443', SSL_verify_mode => SSL_VERIFY_PEER, ); warn $@; warn IO::Socket::SSL::errstr(); ----------------------------------------------- Result: ----------------------------------------------- IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at ssl-bug.pl line 15. IO::Socket::INET configuration failed error:00000000:lib(0):func(0):reason(0) at ssl-bug.pl line 16. ----------------------------------------------- Problem: I can't get a good error message with IO::Socket::SSL::errstr() when I got a certification error.
Download (untitled) / with headers
text/plain 430b
Show quoted text
> IO::Socket::SSL: SSL connect attempt failed with unknown error > error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at ssl- > bug.pl line 15.
sorry, but IO::Socket::SSL uses OpenSSL and 'certificate verify failed' is all you get as an error message from OpenSSL. And yes - finding the problem based on these short error message is not much fun, but maybe using the debug mode will help a bit.
Download (untitled) / with headers
text/plain 775b
On Sun Jan 06 13:53:19 2013, SULLR wrote: Show quoted text
>
> > IO::Socket::SSL: SSL connect attempt failed with unknown error > > error:14090086:SSL > > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
> ssl-
> > bug.pl line 15.
> > sorry, but IO::Socket::SSL uses OpenSSL and 'certificate verify > failed' is all you get as an error message from OpenSSL. > And yes - finding the problem based on these short error message is > not much fun, but maybe using the debug mode will help a bit.
BTW, in this case it was probably, that you don't have an SSL_ca_path set and thus the certificate could not be verified. Setting SSL_ca_path to '/etc/ssl/certs' on ubuntu fixed the problem for me. Debugging did not help to find the problem, but using openssl s_client did.
close request again


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.