http://qs321.pair.com?node_id=993244

dorko has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

In my (self-declared virtuous) laziness, I'm trying to write a script to POST an XML file to a server. The alternative is to do this by by hand, about 10,000 times - it's part of a migration process.

I've done things like this before; it's not hard. But it's also not working.

I think I'm seeing a problem with LWP handling SSL. If I send the POST to HTTPS, it fails. If I send the post to HTTP is succeeds. (Well, the server doesn't accept HTTP connections, but it connects and the server responds with a 302 redirect to the HTTPS address.)

I've Googled around and others have suggested upgrading OpenSSL. I'm already using the latest OpenSSL 1.01c.

Long delay with Crypt::SSLeay and LWP suggested setting $ENV{HTTPS_VERSION} = 3;, but that didn't work either.

I'd also like to mention in the same script, using WWW::Mechanize, I'm POSTing to an HTTP site and downloading a file and that works fine.

This is the error from LWP: 

500 Can't connect to xxxx.ucf.edu:443
Content-Type: text/plain
Client-Date: Wed, 12 Sep 2012 14:38:58 GMT
Client-Warning: Internal response

Can't connect to xxxx.ucf.edu:443

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown 
+errorerror:00000000:lib(0):func(0):reason(0) at C:/web/perl/site/lib/
+LWP/Protocol/http.pm line 51.

[download]
I'm running WinXP, ActiveState Perl 5.14.2, OpenSSL 1.01c, and LWP 6.04.

Thoughts? Questions? Comments? Any help will be greatly appreciated.

Cheers,

Brent

-- Yup, I'm a Delt.

Replies are listed 'Best First'.
Re: LWP Can't POST to HTTPS
by daxim (Curate) on Sep 12, 2012 at 16:15 UTC
    Please provide the output of

    openssl s_client -connect xxxx.ucf.edu:443

[reply]
[d/l]
      OpenSSL> s_client -connect xxxx.ucf.edu:443
Loading 'screen' into random state - done
CONNECTED(000000C0)
write:errno=10053
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 321 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
error in s_client
OpenSSL> s_client -connect xxxx.ucf.edu:443
Loading 'screen' into random state - done
CONNECTED(00000080)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 321 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
error in s_client

      [download]
      I'm guessing that means I have to provide certs? Looking at brian d foy's blog, something along the lines of
      $ua->ssl_opts( SSL_ca_file => '/path/to/root.crt' );
      or
       $ua->ssl_opts( SSL_ca_file => Mozilla::CA::SSL_ca_file() );
      ?

      Cheers,

      Brent

      -- Yeah, I'm a Delt.
[reply]
[d/l]
[select]
        I've also tried:

        $ua->ssl_opts( verify_hostname => 0 );

        and it didn't work.

        Cheers,

        Brent

        -- Yeah, I'm a Delt.
[reply]
[d/l]
        You certificates seem to be gone. Are they?

        You never said whether adding certificates explicitely worked for you. In any case you can extract the certificates and then blindly accept them.

        echo -n|openssl s_client -connect webcourses.ucf.edu:443 -showcerts|perl -Mautodie -0 -ne'%c = m|^\s*\d+ s:.*?/CN=([^\n]+).*?(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)|gms; for (keys %c) { open $c, ">", "$_.crt.pem"; print {$c} $c{$_}; close $c }'

        Translating this to Windows is left as an exercise for you.

[reply]
[d/l]
Re: LWP Can't POST to HTTPS
by Anonymous Monk on Sep 12, 2012 at 16:21 UTC

    but that didn't work either.

    What about the trace/debuggery output?

[reply]

Back to Seekers of Perl Wisdom