in reply to Re: CPAN broken after update
in thread CPAN broken after update

I get this: 
openssl s_client -servername cpan.org -connect cpan.org:443 </dev/null
.
.
.
    Start Time: 1684513153
    Timeout   : 300 (sec)
    Verify return code: 10 (certificate has expired)
---
DONE

[download]
Is that the cert on my side or on the cpan side? Do I need to gen a new self-signed cert? I hate to get into that on a Friday who knows what sort of chaos might ensue!?

Replies are listed 'Best First'.
Re^3: CPAN broken after update
by hippo (Archbishop) on May 19, 2023 at 16:28 UTC

    Well, I don't know how you achieved that because the cert is absolutely in date.

    Here's my output in full:

    CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X
+1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cpan.org
verify return:1
---
Certificate chain
 0 s:CN = cpan.org
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISBI1CNTTNrgtqrsF1DYyg6kAJMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA0MTYxMDAyNThaFw0yMzA3MTUxMDAyNTdaMBMxETAPBgNVBAMT
CGNwYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo7+RU8N
GY5zahKQQpjBgsr5QhZOBpTd17P6MGLb+k5Dx7KLmbH0FjTFsYxLTB9ymyA0mz+l
W7xnlAQL8C6HURMtBHt/UG29SPC+MmQQ2eIASyZ2HDZxmWwZYyxC8ErZdiBJrhUm
WLQb8TjkEvXeuXoORjrHYiL395Py4TcXcKzbMhIIjUnWCFgwIMKas3DPfICC0ASc
9q68I0X50qtuU/DrEKKYM8+FlkoIUS7umGQq77YhmEvwi39hM/t+QyrP2Wkl0weX
UnSgba7jK3mh6EtA/u3kdG78YlAmDMiGGS/SOE1hd2HkdnmBUBSYDUyMob7wwPja
cgYqdbReL8xNyQIDAQABo4ICQzCCAj8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQz
CQMWiEQdMrHhX0NQ16ICpL9QIDAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+d
ixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxl
bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzATBgNV
HREEDDAKgghjcGFuLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81
xJ4dCYEl7bSZAAABh4m7fM8AAAQDAEcwRQIgSjnEdR4d7aEsW2Ua/hPLsDhMOC2D
SqJUZBKAbn4WFsICIQDH7l1oyjBDXgSmrq6u8M/czAsWc7ubYelLnyrvGfUjjAB2
AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABh4m7fO4AAAQDAEcw
RQIhAPjcsFOOslmKXr3WcEniyFee/ektxFZFn9vXqleK874rAiACHosjshKzNdEq
CvloGawVWPsg1goLgQhnmMgz2y+NXDANBgkqhkiG9w0BAQsFAAOCAQEAt+op7ASD
jPL+wnr5phLRKv0pqNcjnZs3XSC+uM6Cp+fvDWDiuvsq8obJ+ODTLK9Yo3au7P9m
hHaiInKG7l3fj13KqTzUCQBdjE+8ogGJxDcdyQsKO40DtwYQeBtLOWpB8LMjJ9wZ
0JleHVBPjFFjGSVpKbWrd2dYlBTK3kygqyA1pfSq/UUuFpTdlwI1AxEyaDuHx5z8
MhiHoddSpg4T06zIB6b4eVPdaZVGZz8LN3LKewAalQbjmKjGe2JMhG7P2JW9sHLR
DGecniWGWMWhCuEiXPnDSz5wl3niHltl/xGJSiDxfWdWez9++3hAKcXIWEK/jz9k
B70ULOJ8beVodQ==
-----END CERTIFICATE-----
subject=CN = cpan.org

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4562 bytes and written 392 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE

    [download]

    Are you behind a proxy or something?

    🦛

[reply]
[d/l]
      Yes, I AM behind a proxy I believe? I got a 1.98 copy of CPAN.pm from an old box and replaced the copy on this box, and still the same exact error :{
[reply]

        Ah well, if you are behind a proxy you should talk politely with your sysadm, show them the openssl command and ask what you should do to enable it to work. It will probably be something simple but is not something anyone external to your network can help you with. Good luck.

        🦛

[reply]

In Section Seekers of Perl Wisdom