Skip Menu |

This queue is for tickets about the Mojolicious-Plugin-SslAuth CPAN distribution.

Report information
The Basics
Id: 125484
Status: open
Priority: 0/
Queue: Mojolicious-Plugin-SslAuth
People
Owner: Nobody in particular
Requestors: SREZIC [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.08
Fixed in: (no value)

History Show all quoted text
  Mon Jun 04 18:18:44 2018 SREZIC [...] cpan.org - Ticket created
Subject: Fails with newer Mojolicious (SSL issue)
My smokers started to report the following failure: # SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed # Failed test 'GET https://127.0.0.1:29538' # at t/auth.t line 48. # Failed test '200 OK' # at t/auth.t line 48. # got: undef # expected: '200' # Failed test 'exact match for content' # at t/auth.t line 48. # got: '' # expected: 'ok' # SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed # Failed test 'GET https://127.0.0.1:29538' # at t/auth.t line 58. # Failed test '401 Unauthorized' # at t/auth.t line 58. # got: undef # expected: '401' # Looks like you failed 5 tests of 6. t/auth.t .. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/6 subtests This is probably caused by the enforcement of SSL certificate validity in Mojolicious: https://metacpan.org/changes/release/SRI/Mojolicious-7.83#L27
  Fri May 24 09:00:06 2019 duncan_j_ferguson [...] yahoo.co.uk - Correspondence added
On Mon Jun 04 18:18:44 2018, SREZIC wrote: Show quoted text
> My smokers started to report the following failure: > > > # SSL connect attempt failed error:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify failed > > # Failed test 'GET https://127.0.0.1:29538' > # at t/auth.t line 48. > > # Failed test '200 OK' > # at t/auth.t line 48. > # got: undef > # expected: '200' > > # Failed test 'exact match for content' > # at t/auth.t line 48. > # got: '' > # expected: 'ok' > # SSL connect attempt failed error:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify failed > > # Failed test 'GET https://127.0.0.1:29538' > # at t/auth.t line 58. > > # Failed test '401 Unauthorized' > # at t/auth.t line 58. > # got: undef > # expected: '401' > # Looks like you failed 5 tests of 6. > t/auth.t .. > Dubious, test returned 5 (wstat 1280, 0x500) > Failed 5/6 subtests > > > This is probably caused by the enforcement of SSL certificate validity > in Mojolicious: > https://metacpan.org/changes/release/SRI/Mojolicious-7.83#L27
For reference for anyone else looking at this, the `certificate verify failed` is due to https://github.com/mojolicious/mojo/issues/1223 and can be worked around for the tests by using MOJO_INSECURE=1 cpanm Mojolicious::Plugin::SslAuth However, this still leaves the `exact match for content` error for me.
  Fri May 24 09:00:07 2019 The RT System itself - Status changed from 'new' to 'open'
  Sat May 25 03:36:43 2019 SREZIC [...] cpan.org - Correspondence added
On 2019-05-24 09:00:06, duncs wrote: Show quoted text
> On Mon Jun 04 18:18:44 2018, SREZIC wrote:
> > My smokers started to report the following failure: > > > > > > # SSL connect attempt failed error:14090086:SSL > > routines:ssl3_get_server_certificate:certificate verify failed > > > > # Failed test 'GET https://127.0.0.1:29538' > > # at t/auth.t line 48. > > > > # Failed test '200 OK' > > # at t/auth.t line 48. > > # got: undef > > # expected: '200' > > > > # Failed test 'exact match for content' > > # at t/auth.t line 48. > > # got: '' > > # expected: 'ok' > > # SSL connect attempt failed error:14090086:SSL > > routines:ssl3_get_server_certificate:certificate verify failed > > > > # Failed test 'GET https://127.0.0.1:29538' > > # at t/auth.t line 58. > > > > # Failed test '401 Unauthorized' > > # at t/auth.t line 58. > > # got: undef > > # expected: '401' > > # Looks like you failed 5 tests of 6. > > t/auth.t .. > > Dubious, test returned 5 (wstat 1280, 0x500) > > Failed 5/6 subtests > > > > > > This is probably caused by the enforcement of SSL certificate > > validity > > in Mojolicious: > > https://metacpan.org/changes/release/SRI/Mojolicious-7.83#L27
> > For reference for anyone else looking at this, the `certificate verify > failed` is due to https://github.com/mojolicious/mojo/issues/1223 and > can be worked around for the tests by using > > MOJO_INSECURE=1 cpanm Mojolicious::Plugin::SslAuth > > However, this still leaves the `exact match for content` error for me.
The real fix for the server certificate verification problems is probably to include in the Mojo::UserAgent constructions in t/auth.t the line ca => 't/certs/ca.crt', However, the server still does not see the client certificate for some reason, generating a 401 when it shouldn't...