Re^3: HTTPS connection with LWP and self-signed certificate

Is it possible to handle the ssl connection with IO::Socket::SSL directly but still have all the LWP::UserAgent functionality for my interaction with the server after the connection is established?

No, LWP wants to have full control over the socket and does not allow to create a connection using an already established socket. Apart from that, the following code works for me with LWP::UserAgent 6.05 and LWP::Protocol::https 6.04 (with the modification done in Ubuntu 14.04):

use strict;
use warnings;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new;
$ua->ssl_opts( SSL_ca_file => 'self-signed.pem');
# set verification name explicitly for this test because the
# URL does not contain the correct name
$ua->ssl_opts( SSL_verfifycn_name => 'foo.bar');
my $res = $ua->get('https://127.0.0.1:4433');
print $res->as_string;
[download]

In this case s_server is started with -WWW, that is:

openssl s_server -cert self-signed.pem -key self-signed.pem -WWW
[download]

Which leaves the question about the version of LWP::UserAgent and LWP::Protocol::https you are using.

Comment on Re^3: HTTPS connection with LWP and self-signed certificate Select or Download Code

Replies are listed 'Best First'.
Re^4: HTTPS connection with LWP and self-signed certificate by Anonymous Monk on Jan 08, 2015 at 10:26 UTC
adding the SSL_verifycn_name option fixed it! also, from your "# URL does not contain the correct name" comment I got that LWP tries to automatically derive this from the url if it contains a domain name and not just the ip. To test this I swapped the ip for the domain name (which I originally did not do because it does not resolve to the internal ip and hence does not use the direct route). This also allowed it to work, even without directly specifying the cn via ssl_opts. I'd like to thank you and all the other monks who helped to resolve this problem! It is annoying to see how so much time can go into finding that you just need one extra option for your connection...	[reply]
Re^5: HTTPS connection with LWP and self-signed certificate by Anonymous Monk on Jan 08, 2015 at 10:34 UTC
also, from your "# URL does not contain the correct name" comment I got that LWP tries to automatically derive this from the url if it contains a domain name and not just the ip. See https://metacpan.org/source/MSCHILLI/LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm, its just fetches it, no "derivation"	[reply]
Re^4: HTTPS connection with LWP and self-signed certificate by Anonymous Monk on Jan 08, 2015 at 07:43 UTC
Is it possible to handle the ssl connection with IO::Socket::SSL directly but still have all the LWP::UserAgent functionality for my interaction with the server after the connection is established? No, LWP wants to have full control over the socket and does not allow to create a connection using an already established socket. Well, yes it is possible -- see Re: LWP is there any way to get "real" outgoing headers? -- but it doesn't make much sense .... if there is a bug in LWP suite, fix the bug, not work around it	[reply]