Creating SSL socket

jdudleyh has asked for the wisdom of the Perl Monks concerning the following question:

I had a nice script working with a web service via XML::Compile until recently when the web service went to SSL. I'm not really sure how to go about SSL via XML::Compile. Taking a first leap I decided I'll probably need to create an SSL socket:

use strict;
use warnings;

use IO::Socket::SSL       qw(debug3);

my $socket = IO::Socket::SSL->new
(    PeerAddr    => 'some.server.com',
    PeerPort   => 443,
    Proto    => 'tcp',
    SSL_use_cert => 1,
    SSL_verify_mode => SSL_VERIFY_NONE,
    SSL_cert_file   => 'server.pem'
) or die "failed connect or ssl handshake: $!,",&IO::Socket::SSL::errs
+tr,"\n";
[download]

But when I run this, I get a bad return value from Net::SSLeay

DEBUG: .../IO/Socket/SSL.pm:251: set domain to 2
DEBUG: .../IO/Socket/SSL.pm:1784: new ctx 41181280
DEBUG: .../IO/Socket/SSL.pm:446: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:448: socket connected
DEBUG: .../IO/Socket/SSL.pm:466: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:501: using SNI with hostname some.server.c
+om
DEBUG: .../IO/Socket/SSL.pm:537: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:543: fatal SSL error: SSL connect attempt 
+failed with unknown error
DEBUG: .../IO/Socket/SSL.pm:1821: free ctx 41181280 open=41181280
DEBUG: .../IO/Socket/SSL.pm:1829: OK free ctx 41181280
failed connect or ssl handshake: Bad file descriptor,IO::Socket::INET6
+ configuration failed SSL connect attempt failed with unknown error
[download]

perl -MNet::SSLeay -e " print Net::SSLeay::SSLeay_version();
reveals "OpenSSL 1.0.1e 11 Feb 2013"

I'm not certain I'm pursuing the right direction, or how I'm actually going to pass the socket into the XML::Compile transport, so I thought I'd stop here for a sanity check.

Other info... I'm having to do this via Windows with Strawberry Perl 5.16.3. I updated a whole slew of libraries (from Net::HTTP* to IO::Socket* to Net:SSL*) I do have the ability to run openssl to get the cert info. I can connect via telnet to the server at port 443. I don't really care about the server verification/certificate as the client is just used for test automation.

Thanks Monks

Update: I found a handy script somewhere (lost the link now) that helped me determine that the SSL was version 3. So adding "SSL_version => 'SSLv3'" to the LWP::UserAgent's ssl_opts got the SSL handshake to complete.

Now I'm stuck on a read timeout. I will be increasing the client timeout on the transport layer underneath the SSL layer.

Comment on Creating SSL socket Select or Download Code

Replies are listed 'Best First'.
Re: Creating SSL socket by Khen1950fx (Canon) on Oct 23, 2013 at 06:17 UTC
For a first step, let's get your test client up and running: #!/usr/bin/perl -w BEGIN { $ENV{'AUTOMATED_TESTING'} = 1; use strict; use warnings; use CPAN; CPAN::Shell->install(qw( Socket::GetAddrInfo Socket6 LWP::Protocol::https IO::Socket::SSL IO::Socket::INET6) ); } use strict; use IO::Socket::SSL qw(debug3); my $socket = IO::Socket::SSL->new( PeerAddr => 'www.example.com', PeerPort => 443, SSL_verify_mode => 0x00, ) or die "failed to connect: $SSL_ERROR"; print "OK: Connected\n"; $socket->autoflush; $socket->close( SSL_no_shutdown => 1, SSL_ctx_free => 1, ) or die "not ok: $SSL_ERROR"; print "OK: Closed\n"; [download]	[reply] [d/l]
Re^2: Creating SSL socket by jdudleyh (Acolyte) on Oct 23, 2013 at 16:03 UTC
Thanks Khen1950fx Apparently LWP::Protocol::HTTPS has not been installed on my system, and unfortunately it failed the install tests Running make test C:\strawberry\perl\bin\perl.exe "-MExtUtils::Command::MM" "-e" "test_h +arness(0, 'blib\lib', 'blib\arch')" t/*.t t/apache.t .. 1/4 # Failed test at t/apache.t line 15. # Failed test at t/apache.t line 16. # 'write failed: at C:/strawberry/perl/site/lib/LWP +/Protocol/http.pm line 238. # ' # doesn't match '(?^:Apache Software Foundation)' # Failed test at t/apache.t line 23. # Looks like you failed 3 tests of 4. t/apache.t .. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/4 subtests [download] So now I am working to figure out how to get this module to install. There is no issue connecting to https://apache.org/ in my browsers. Using my internal https host, the script continues on to report: `[...] DEBUG: .../IO/Socket/SSL.pm:537: Net::SSLeay::connect -> -1 DEBUG: .../IO/Socket/SSL.pm:543: fatal SSL error: SSL connect attempt +failed with unknown error [...]` [download] However if I change the host to apache.org (443): `DEBUG: .../IO/Socket/SSL.pm:1784: new ctx 60344912 OK: Connected DEBUG: .../IO/Socket/SSL.pm:1821: free ctx 60344912 open=60344912 DEBUG: .../IO/Socket/SSL.pm:1829: OK free ctx 60344912 not ok: at [ the $socket->close line ]` [download] There's one other important detail that I left out. The server that I'm connecting to is a load balancer. I don't think this should matter as it is supposed transparently forward the requests/responses. I'm going continue to explore testing against a known, working, external web service to determine if our internal web service/load balancer are breaking the script.	[reply] [d/l] [select]
Re^3: Creating SSL socket by Anonymous Monk on Nov 25, 2013 at 20:38 UTC
Was a solution ever fond to the LWP::Protocol::HTTPS make test? I am having the same issue.	[reply]
Re^4: Creating SSL socket by Anonymous Monk on Aug 29, 2014 at 12:34 UTC
Re^4: Creating SSL socket by Anonymous Monk on Nov 26, 2013 at 18:28 UTC
Re: Creating SSL socket (XML::Compile ssl) by Anonymous Monk on Oct 23, 2013 at 06:52 UTC
`[ddg://XML::Compile ssl]` XML::Compile ssl -> XML::Compile::SOAP::FAQ `my $ua = LWP::UserAgent->new; # First the HTTP logic # defaults when https is used $ua->ssl_opts(verify_hostname => 0, keep_alive => 1); # Auto-use cookies $ua->cookie_jar( {file => $my_jar_file , autosave => 1, ignore_discard => 1 }); # Now, we need the SOAP logic my $trans = XML::Compile::Transport::SOAPHTTP ->new(user_agent => $ua, timeout => 10, address => $srv_url);`	[reply] [d/l]
Re^2: Creating SSL socket (XML::Compile ssl) by jdudleyh (Acolyte) on Oct 23, 2013 at 16:11 UTC
Thanks Anonymous This code looks nice and easy. I believe the path to get it the rest of the way to the actual web service call is clear to me. I'm getting the same error as I did originally (Net::SSLeay returning -1). I'm going to do switch to testing with an external https web service as I'm beginning to suspect the load balancing server that I'm connecting to may be causing most of my problems.	[reply]