Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 82512
Status: rejected
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: tokuhirom+cpan [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sun Jan 06 07:43:02 2013 tokuhirom+cpan [...] gmail.com - Ticket created
Subject: Cannot handle errors with IO::Socket::SSL::errstr()
code: ----------------------------------------------- use IO::Socket::SSL; my $sock = IO::Socket::SSL->new( PeerHost => 'pause.perl.org', PeerPort => '443', SSL_verify_mode => SSL_VERIFY_PEER, ); warn $@; warn IO::Socket::SSL::errstr(); ----------------------------------------------- Result: ----------------------------------------------- IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at ssl-bug.pl line 15. IO::Socket::INET configuration failed error:00000000:lib(0):func(0):reason(0) at ssl-bug.pl line 16. ----------------------------------------------- Problem: I can't get a good error message with IO::Socket::SSL::errstr() when I got a certification error.
  Sun Jan 06 13:53:19 2013 Steffen_Ullrich [...] genua.de - Correspondence added
Show quoted text
> IO::Socket::SSL: SSL connect attempt failed with unknown error > error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at ssl- > bug.pl line 15.
sorry, but IO::Socket::SSL uses OpenSSL and 'certificate verify failed' is all you get as an error message from OpenSSL. And yes - finding the problem based on these short error message is not much fun, but maybe using the debug mode will help a bit.
  Sun Jan 06 13:53:20 2013 The RT System itself - Status changed from 'new' to 'open'
  Sun Jan 06 13:53:20 2013 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'
  Sun Jan 06 14:01:15 2013 Steffen_Ullrich [...] genua.de - Correspondence added
On Sun Jan 06 13:53:19 2013, SULLR wrote: Show quoted text
>
> > IO::Socket::SSL: SSL connect attempt failed with unknown error > > error:14090086:SSL > > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
> ssl-
> > bug.pl line 15.
> > sorry, but IO::Socket::SSL uses OpenSSL and 'certificate verify > failed' is all you get as an error message from OpenSSL. > And yes - finding the problem based on these short error message is > not much fun, but maybe using the debug mode will help a bit.
BTW, in this case it was probably, that you don't have an SSL_ca_path set and thus the certificate could not be verified. Setting SSL_ca_path to '/etc/ssl/certs' on ubuntu fixed the problem for me. Debugging did not help to find the problem, but using openssl s_client did.
  Sun Jan 06 14:01:17 2013 The RT System itself - Status changed from 'rejected' to 'open'
  Sun Jan 06 14:02:34 2013 Steffen_Ullrich [...] genua.de - Correspondence added
close request again
  Sun Jan 06 14:02:35 2013 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'