http://qs1969.pair.com?node_id=1107971


in reply to Net::SMTP::SSL connect failure

Did some stracing.

 $Net::SSLeay::trace = 2;

[download]
DEBUG: .../IO/Socket/SSL.pm:539: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:541: socket connected
DEBUG: .../IO/Socket/SSL.pm:563: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:605: not using SNI because openssl is too 
+old
DEBUG: .../IO/Socket/SSL.pm:650: set socket to non-blocking to enforce
+ timeout=120
DEBUG: .../IO/Socket/SSL.pm:673: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:683: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:703: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:1779: SSL connect attempt failed

DEBUG: .../IO/Socket/SSL.pm:1784: SSL connect attempt failed error:140
+90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify fai
+led
DEBUG: .../IO/Socket/SSL.pm:669: fatal SSL error: SSL connect attempt 
+failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certif
+icate verify failed
DEBUG: .../IO/Socket/SSL.pm:1768: IO::Socket::IP configuration failed
ERROR: Died at ./invite.pl line 11.

[download]

Replies are listed 'Best First'.
Re^2: Net::SMTP::SSL connect failure
by noxxi (Pilgrim) on Nov 21, 2014 at 20:34 UTC

    > I suspect this has to do with an invalid certification because my test program works fine for sending to gmail.
    > ...
    > my $s = Net::SMTP::SSL->new('192.168.100.1'...
    > ...
    > ...SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    I guess your certificate is not signed by any of the trusted CAs on the system. Thus the verification will fail, because there is not trust anchor. In old times (before 1.950, released 07/2013) the default was to not verify the certificate which is of course a bad idea for a default when doing security relevant stuff.

[reply]
      Yep, I changed that code. These devices run on LANs with multiple interfaces.
[reply]

In Section Seekers of Perl Wisdom