Re: CPAN broken after update

I THINK the previous version was around 1.96

1.96 is 12 years old. That's quite an upgrade jump.

HTTP::Tiny failed with an internal error: SSL connection failed for cpan.org: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Have you also upgraded Mozilla::CA? You can do that by hand, it's pretty simple. Might be a bigger task if you also have to upgrade IO::Socket::SSL and/or Net::SSLeay and/or your O/S openssl libs.

Try a simple openssl s_client -servername cpan.org -connect cpan.org:443 </dev/null and see if your O/S can even connect first.

🦛

Comment on Re: CPAN broken after update Select or Download Code

Replies are listed 'Best First'.
Re^2: CPAN broken after update by misterperl (Friar) on May 19, 2023 at 16:22 UTC
I get this: `openssl s_client -servername cpan.org -connect cpan.org:443 </dev/null . . . Start Time: 1684513153 Timeout : 300 (sec) Verify return code: 10 (certificate has expired) --- DONE` [download] Is that the cert on my side or on the cpan side? Do I need to gen a new self-signed cert? I hate to get into that on a Friday who knows what sort of chaos might ensue!?	[reply] [d/l]
Re^3: CPAN broken after update by hippo (Archbishop) on May 19, 2023 at 16:28 UTC
Well, I don't know how you achieved that because the cert is absolutely in date. Here's my output in full: CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X +1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = cpan.org verify return:1 --- Certificate chain 0 s:CN = cpan.org i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISBI1CNTTNrgtqrsF1DYyg6kAJMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzA0MTYxMDAyNThaFw0yMzA3MTUxMDAyNTdaMBMxETAPBgNVBAMT CGNwYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo7+RU8N GY5zahKQQpjBgsr5QhZOBpTd17P6MGLb+k5Dx7KLmbH0FjTFsYxLTB9ymyA0mz+l W7xnlAQL8C6HURMtBHt/UG29SPC+MmQQ2eIASyZ2HDZxmWwZYyxC8ErZdiBJrhUm WLQb8TjkEvXeuXoORjrHYiL395Py4TcXcKzbMhIIjUnWCFgwIMKas3DPfICC0ASc 9q68I0X50qtuU/DrEKKYM8+FlkoIUS7umGQq77YhmEvwi39hM/t+QyrP2Wkl0weX UnSgba7jK3mh6EtA/u3kdG78YlAmDMiGGS/SOE1hd2HkdnmBUBSYDUyMob7wwPja cgYqdbReL8xNyQIDAQABo4ICQzCCAj8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQz CQMWiEQdMrHhX0NQ16ICpL9QIDAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+d ixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxl bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzATBgNV HREEDDAKgghjcGFuLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81 xJ4dCYEl7bSZAAABh4m7fM8AAAQDAEcwRQIgSjnEdR4d7aEsW2Ua/hPLsDhMOC2D SqJUZBKAbn4WFsICIQDH7l1oyjBDXgSmrq6u8M/czAsWc7ubYelLnyrvGfUjjAB2 AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABh4m7fO4AAAQDAEcw RQIhAPjcsFOOslmKXr3WcEniyFee/ektxFZFn9vXqleK874rAiACHosjshKzNdEq CvloGawVWPsg1goLgQhnmMgz2y+NXDANBgkqhkiG9w0BAQsFAAOCAQEAt+op7ASD jPL+wnr5phLRKv0pqNcjnZs3XSC+uM6Cp+fvDWDiuvsq8obJ+ODTLK9Yo3au7P9m hHaiInKG7l3fj13KqTzUCQBdjE+8ogGJxDcdyQsKO40DtwYQeBtLOWpB8LMjJ9wZ 0JleHVBPjFFjGSVpKbWrd2dYlBTK3kygqyA1pfSq/UUuFpTdlwI1AxEyaDuHx5z8 MhiHoddSpg4T06zIB6b4eVPdaZVGZz8LN3LKewAalQbjmKjGe2JMhG7P2JW9sHLR DGecniWGWMWhCuEiXPnDSz5wl3niHltl/xGJSiDxfWdWez9++3hAKcXIWEK/jz9k B70ULOJ8beVodQ== -----END CERTIFICATE----- subject=CN = cpan.org issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4562 bytes and written 392 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE [download] Are you behind a proxy or something? 🦛	[reply] [d/l]
Re^4: CPAN broken after update by misterperl (Friar) on May 19, 2023 at 16:34 UTC
Yes, I AM behind a proxy I believe? I got a 1.98 copy of CPAN.pm from an old box and replaced the copy on this box, and still the same exact error :{	[reply]
Re^5: CPAN broken after update by hippo (Archbishop) on May 19, 2023 at 16:38 UTC
Re^6: CPAN broken after update by misterperl (Friar) on May 19, 2023 at 16:42 UTC