Re^5: Can Log4Perl integrated with LWP log SSL/TLS handshaking?

> How do I get that version number?
This works the same as with other perl modules, just print $IO::Socket::SSL::VERSION. But according to your description you must have the newest version, that is 1.997.

> I can't get the server certificate, even with openssl s_client (it times out), though that happily gets the server certificate from every other server I need to communicate with using https.
If s_client cannot connect then there is probably no valid SSL server at the other end. But, it might also be a buggy server or a server with a bad SSL accelerator in front. Try to restrict the protocol in s_client with the -ssl3 option and see if this helps.

Comment on Re^5: Can Log4Perl integrated with LWP log SSL/TLS handshaking?

Replies are listed 'Best First'.
Re^6: Can Log4Perl integrated with LWP log SSL/TLS handshaking? by ted.byers (Monk) on Aug 06, 2014 at 12:45 UTC
Thanks I finally did solve the problem with connecting to that server using openssl s_client. I can now reliably connect using that The problem that remains is that although I provide the same information to my client, written in Perl, the server fails to send it's certificate. This is a puzzle since I have no problem using the same code when connecting to the servers I control, which are set up to require client side certificates also. In those cases, both certificates are exchanged and verified successfully, and the requested data retrieved. Is there any chance that openssl s_client does anything that the LWP user agent, using IO::SOCKET::SSL doesn't do? Thanks Ted	[reply]
Re^7: Can Log4Perl integrated with LWP log SSL/TLS handshaking? by noxxi (Pilgrim) on Aug 06, 2014 at 17:39 UTC
> I finally did solve the problem with connecting to that server using openssl s_client... How did you solve the problem with s_client? Which options did you use for IO::Socket::SSL when you tried to make it work the same way your s_client setup works?	[reply]
Re^8: Can Log4Perl integrated with LWP log SSL/TLS handshaking? by ted.byers (Monk) on Aug 06, 2014 at 19:19 UTC
I got that working by adding the fields for the CA certificate and path, as well as the client sider crtificate and client key. In perl, I used SSL_ca_file, SSL_ca_path, , SSL_cert_file, SSL_key_file, with the appropriate values, passed to UserAgent's function ssl_opts. I noticed, in Wireshark, that there are a couple differences between the handshaking between workstation and client. 1) Frame 4, there was more data sent from my workstation to the server: 371 (successful connection) vs 201 (unsuccessful) 2) Frame 10, there was a lot more data sent from the server to the client when the hand shaking was successful: 949 (successful) vs 339 (unsuccessful). After that, there are a couple acknowledgements, but at that point the unsuccessful died a nasty death, returning the error that the function GET_SERVER_CERTIFICATE failed, while the successful connect proceeded to have my workstation send the client certificate to the server. I wonder if the difference in data in frame #4 is responsible for the server not sending the certificate. But, if that is the case, what if the Perl module doing differently from what openssl is doing? Thanks Ted	[reply]
Re^9: Can Log4Perl integrated with LWP log SSL/TLS handshaking? by noxxi (Pilgrim) on Aug 07, 2014 at 07:07 UTC
Re^10: Can Log4Perl integrated with LWP log SSL/TLS handshaking? by ted.byers (Monk) on Aug 07, 2014 at 15:26 UTC