in reply to Re: HTTPS connection with LWP and self-signed certificate ( openssl/ssldump )
in thread HTTPS connection with LWP and self-signed certificate
There was indeed a mismatch in the hostnames. I changed the hostname of the server and restarted apache. This however did not effect the error nor the debug information shown.
I tried connecting via openssl s_client to get some more information but I didn't really see anything strange. It mentioned that the cert was self-signed but didn't complain, typing "GET / HTTP/1.0" gave me the page just as going to it in a browser does.
The relevant output of "openssl s_client -connect 192.168.100.222:443" is given below
CONNECTED(00000003) depth=0 C = NL, ST = Some-State, O = _______, CN = _____________, emai +lAddress = _______________ verify error:num=18:self signed certificate verify return:1 depth=0 C = NL, ST = Some-State, O = _______, CN = _____________, emai +lAddress = _______________ verify return:1 --- Certificate chain 0 s:/C=NL/ST=Some-State/O=_______/CN=_____________/emailAddress=_____ +__________ i:/C=NL/ST=Some-State/O=_______/CN=_____________/emailAddress=_____ +__________ --- Server certificate -----BEGIN CERTIFICATE----- . .(Same cert as the cert.pem supplied to the perl code) . -----END CERTIFICATE----- subject=/C=NL/ST=Some-State/O=______/CN=_____________/emailAddress=___ +____________ issuer=/C=NL/ST=Some-State/O=______/CN=_____________/emailAddress=____ +___________ --- No client certificate CA names sent --- SSL handshake has read 1820 bytes and written 498 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 Session-ID: 7E2DD78B639825C10C28C8F56AF56100E4CB67155BB1348EB7C32E +10F02C2066 Session-ID-ctx: Master-Key: 4D6A8EA327F98D1DF703D299CA29CEA5776A5FE7DB4FC32F4D5D0A +DEE58FCAB7D24560107E5ECF0DBE12AEE1A8900321 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - a8 71 f5 e4 bd f7 89 bf-cf 9d 4c d8 38 7e 0c 76 .q....... +.L.8~.v 0010 - 54 02 44 c3 02 03 d0 3f-74 05 3f db 16 01 26 1f T.D....?t +.?...&. 0020 - 05 da 8e 34 d7 a5 20 a8-9d 81 69 6c 74 c7 eb 26 ...4.. .. +.ilt..& 0030 - 38 4d b9 fa 2f 59 8b 86-c0 cb b9 f2 72 26 e6 96 8M../Y... +...r&.. 0040 - 67 7c ca 19 6d 28 29 68-19 8b 3b d3 3d de e3 22 g|..m()h. +.;.=.." 0050 - 10 88 0b 47 39 f5 20 96-4e a9 29 b2 78 97 a7 be ...G9. .N +.).x... 0060 - f9 d2 88 95 17 65 21 6e-f4 b5 80 ec 67 c4 ae af .....e!n. +...g... 0070 - c1 06 a8 03 21 54 28 5a-bb 9c 41 12 b3 81 27 73 ....!T(Z. +.A...'s 0080 - 59 86 3f ec 9d 9b 57 06-8d 59 bb 5e fc f2 4b 24 Y.?...W.. +Y.^..K$ 0090 - f7 46 37 64 82 8c 52 46-d1 ee 82 9b c7 c4 0b 12 .F7d..RF. +....... 00a0 - 35 cf 7e 89 3f ad cd 97-da d1 e2 ee 71 03 5c 50 5.~.?.... +...q.\P 00b0 - d2 60 59 1e ad f1 71 de-a4 7b 25 bf 45 0a 36 1a .`Y...q.. +{%.E.6. Start Time: 1420627933 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- GET / HTTP/1.0 HTTP/1.1 200 OK Date: Wed, 07 Jan 2015 10:52:14 GMT Server: Apache/2.2.22 (Debian) Last-Modified: Tue, 09 Jul 2013 11:04:40 GMT ETag: "2069e-b1-4e11220a261a8" Accept-Ranges: bytes Content-Length: 177 Vary: Accept-Encoding Connection: close Content-Type: text/html <html><body><h1>It works!</h1> <p>This is the default web page for this server.</p> <p>The web server software is running but no content has been added, y +et.</p> </body></html> closed
Maybe I should explicitly tell openssl s_client to use the certificate so its behavior is more similar to the perl code, but I couldn't find out how to do so..
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^3: HTTPS connection with LWP and self-signed certificate ( openssl/ssldump )
by Anonymous Monk on Jan 07, 2015 at 11:55 UTC | |
by Anonymous Monk on Jan 07, 2015 at 12:46 UTC | |
by Corion (Patriarch) on Jan 07, 2015 at 13:30 UTC | |
by Anonymous Monk on Jan 07, 2015 at 14:30 UTC | |
by noxxi (Pilgrim) on Jan 07, 2015 at 16:51 UTC | |
by Anonymous Monk on Jan 07, 2015 at 23:39 UTC |