issue with ssl_opts verify

myuserid7 has asked for the wisdom of the Perl Monks concerning the following question:

I've been having issues enforcing hostname verification via verify_hostname => 1 on line 27.

When running the code with Verify_hostname => 1 I get the following error: "certificate verify failed"

My code is below. You will need to change 0 to 1 on line 27 to see the issue.

Example usage: /content_check.pl --hostname=www.verisign.com --IPAddress=69.58.181.89 --uri=products-services/ --searchstring='Products and Services'

http://pastebin.com/xNwiTdz2

Here is version info:

perl-GD-SVG-0.33-1.el5

perl-Sub-Install-0.925-1.el5

perl-MRO-Compat-0.09-1.el5

perl-Error-0.17010-1.el5

perl-Params-Util-1.00-3.el5

perl-CPAN-DistnameInfo-0.06-2.el5

perl-Net-SSLeay-1.30-4.fc6

perl-String-CRC32-1.4-2.fc6

perl-SVG-2.49-1.el5

perl-Convert-ASN1-0.20-1.1

perl-IPC-Run-0.80-3.el5

perl-HTML-Tagset-3.10-2.1.1

perl-version-0.7203-1.el5

perl-Sub-Identify-0.03-1.el5

perl-Algorithm-C3-0.06-1.el5

perl-Moose-0.51-1.el5

perl-DBD-MySQL-3.0007-2.el5

perl-URI-1.35-3

perl-Git-1.7.4.1-1.el5

perl-HTML-Parser-3.55-1.fc6

perl-Class-C3-XS-0.08-1.el5

perl-Package-Generator-0.100-2.el5

perl-Class-C3-0.19-2.el5

perl-Parse-CPAN-Packages-2.33-8.el5

perl-5.8.8-32.el5_6.3

perl-libwww-perl-5.805-1.1.1

perl-Sub-Exporter-0.982-11.el5

perl-Crypt-SSLeay-0.51-11.el5

perl-DBI-1.52-2.el5

perl-GD-2.35-2.el5

perl-Compress-Zlib-1.42-1.fc6

perl-Data-OptList-0.101-2.el5

perl-Class-MOP-0.62-1.el5

This is my first Perl script, be gentle.

#!/usr/bin/perl -w
use strict;
#use warnings;
use Getopt::Long;
use LWP::UserAgent;
use LWP::Protocol::https;
use LWP::UserAgent::DNS::Hosts;
use Crypt::SSLeay;
use Mozilla::CA;

GetOptions(
        'hostname|h=s' => \my $hostname1,
        'IPAddress|i=s' => \my $ipaddress1,
        'uri|u=s' => \my $URI,
        'searchstring|s=s' => \my $searchstring,
        'help|?' => sub { &usage(); },
);

my $webpage = "https://$hostname1/$URI";
my $returnvalue;

LWP::UserAgent::DNS::Hosts->register_host(
        "$hostname1" => "$ipaddress1",
);
LWP::UserAgent::DNS::Hosts->enable_override;

my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
   $ua->protocols_allowed( ['https'] );
   $ua->agent('Mozilla/8.0');
my $res = $ua->get($webpage);

#returns http status
print "HTTP status: ", $res->status_line( ), " ";

#Example of header elements that can be polled
#print "Header: ", $res->header('Server'), "\n";

my $response='';

my $result = $res->content;
if ( $result =~ /$searchstring/ )
{
        print "\""."$searchstring" . "\" found on " . "$webpage" . " a
+t " . "$ipaddress1" . "\n";
        $returnvalue='0';
   }else{
        print "\""."$searchstring" . "\" not found on " . "$webpage" .
+ " at " . "$ipaddress1" . "\n";
        $returnvalue='2';
}

sub usage() {
        print("
Content checking script
Example usage: ./content_check.pl --hostname=www.verisign.com --IPAddr
+ess=69.58.181.89 --uri=products-services/ --searchstring='Products an
+d Services'

  --host=<host>                                                 Hostna
+me to connect to.
  --ip=<ip address>                                             IP add
+ress to use if unable to use DNS lookup to test. Ex. Site is behind a
+ load balancer and you want to test one of the webheads.
  --uri=</uri/to/test/>                                         URI pa
+th relevant to the hostname.
  --searchstring=<string to search for>                         String
+ of test to base content check off of.
  --help                                                        Displa
+ys this page.

");
}

exit($returnvalue);
[download]

urlhttp://www.centplay.com/affiliate/id_366//url

Comment on issue with ssl_opts verify_hostname = 1 Download Code

Replies are listed 'Best First'.
Re: issue with ssl_opts verify_hostname = 1 by zwon (Abbot) on Oct 20, 2012 at 13:46 UTC
Module needs CA certificate to verify site certificate. Perhaps you should install Mozilla::CA. Alternatively you can specify path to CA certificate using `SSL_ca_file` or `SSL_ca_path` option. See LWP::Protocol::https.	[reply] [d/l] [select]
Re^2: issue with ssl_opts verify_hostname = 1 by Anonymous Monk on Oct 22, 2012 at 08:10 UTC
Thanks for the reply. Line 9 currently contains "use Mozilla::CA;" and when I call print Mozilla::CA::SSL_ca_file(); it outputs the correct file and the file has correct permissions. I tried defining SSL_ca_file before posting to no avail Any other ideas?	[reply]
Re^3: issue with ssl_opts verify_hostname = 1 by zwon (Abbot) on Oct 22, 2012 at 14:07 UTC
After looking more closely on your example (it works for me with libwww-6.04 btw) I see that you're using libwww-perl-5.805. According to changelog libwww supports Mozilla::CA since version 6.00. Also older version uses Crypt::SSLeay for https support, so my previous link to LWP::Protocol::https was misleading. In order to specify CA certificate for Crypt::SSLeay you should set `$ENV{HTTPS_CA_FILE}`	[reply] [d/l]

Back to Seekers of Perl Wisdom