LWP and SHA2

dorko has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I've got several Perl programs that talk to a learning management system (LMS) used by about 50,000 users. The LMS has three environments, TEST, QA and PRODUCTION. From my desktop, I can talk to all three environments just fine. From the server that handles the management of the LMS, I can talk to PRODUCTION ok. The server can't talk to the TEST or QA environments.

I'm using LWP for all the communications. My desktop and server are at the same version of the LWP module (6.04 -- the current of LWP is 6.13).

This is the error I'm getting:

 (
       '500 Can\'t connect to QA.server.example.com:443',
       \bless( {
                  '_content' => '',
                  '_uri' => bless( do{\(my $o = 'https://QA.server.exa
+mple.com/)}, 'URI::https' ),
                  '_headers' => bless( {
                                         'user-agent' => 'Management P
+rogram',
                                         'authorization' => 'Bearer SU
+PERPOWERFULLPASSWORDGOESHERE'
                                       }, 'HTTP::Headers' ),
                  '_method' => 'GET'
                }, 'HTTP::Request' ),
       'Can\'t connect to QA.server.example.com:443

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown 
+error error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown 
+message digest algorithm at /opt/perl/lib/site_perl/5.16.1/LWP/Protoc
+ol/http.pm line 51.
',
       \bless( {
                  '_content' => 'Can\'t connect to QA.server.example.c
+om:443

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown 
+error error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown 
+message digest algorithm at /opt/perl/lib/site_perl/5.16.1/LWP/Protoc
+ol/http.pm line 51.
',
                  '_rc' => 500,
                  '_headers' => bless( {
                                         'client-warning' => 'Internal
+ response',
                                         'client-date' => 'Sun, 26 Apr
+ 2015 18:18:56 GMT',
                                         'content-type' => 'text/plain
+',
                                         '::std_case' => {
                                                           'client-war
+ning' => 'Client-Warning',
                                                           'client-dat
+e' => 'Client-Date'
                                                         }
                                       }, 'HTTP::Headers' ),
                  '_msg' => 'Can\'t connect to QA.server.example.com/:
+443',
                  '_request' => ${$![1]}
                }, 'HTTP::Response' )
     );
[download]

I pretty sure I know what's going on: The TEST and QA servers are using SHA2 / SHA256 SSL certificates. PRODUCTION is using SHA1. The OpenSSL on the server is 0.9.8y. Everything I've read says OpenSSL greater than 0.9.8o can handle SHA2.

My question is how do I fix this? Will upgrading LWP to 6.13 fix things? (I'm assuming the version of LWP I'm using was installed using an earlier version of OpensSSL than is currently installed.) How can I get LWP to work with SHA2? How can I get LWP to use the more recent version of OpensSSL?

Cheers,

Brent

-- Yup, I'm a Delt.

Comment on LWP and SHA2 Download Code

Replies are listed 'Best First'.
Re: LWP and SHA2 by Anonymous Monk on Apr 26, 2015 at 20:37 UTC
always upgrade LWP dependencies ... reinstall then, reinstall IO::Socket::SSL	[reply]
Re^2: LWP and SHA2 by dorko (Prior) on Apr 27, 2015 at 13:14 UTC
Thanks for your time. Would that be something as simple as: `> cpan install LWP::Bundle` [download] followed by: `> cpan install IO::Socket::SSL` [download] Is that enough to get Perl using the installed copy of OpenSSL 0.9.8y ? UPDATE: IO::Socket::SSL version 1.90 "RT#85290, support more digest, especially SHA-2." is the fix I'm looking for. UPDATE: that's actually `cpan install Bundle::LWP` Cheers, Brent -- Yeah, I'm a Delt.	[reply] [d/l] [select]
Re^3: LWP and SHA2 by dorko (Prior) on Apr 27, 2015 at 16:16 UTC
In case anyone ever finds this looking for answers, did three things to get it working: I installed IO::Socket::SSL to a version greater than 1.90 (in fact version 2.012). (I just copied the source of that module to a file in a directory on the server.) I had to do the same with IO::Socket::SSL::PublicSuffix. I used a `use lib qw( /path/to/module )` statement to get my program to load the right modules. I did not find it necessary to upgrade LWP. And I did have a version of OpenSSL installed that was greater than 0.9.8o. Cheers, Brent -- Yeah, I'm a Delt.	[reply] [d/l]

Back to Seekers of Perl Wisdom