Perl Certificate Problems for Accessing Web-page

agnome has asked for the wisdom of the Perl Monks concerning the following question:

I'm having trouble accessing a web-page that requires a certificate. The page is actually a SOAP web-service but once I installed the .pfx certificate into Firefox then if I simply enter the URL it comes up with some technical info.

To test out my Perl code certificate handling I tried to access this same page using LWP::UserAgent but I'm getting error messages. From what I can tell the certification is OK (I translated the .pfx file to .pem certificate & key using OpenSSL) but I'm at a bit of a loss as to what the issue is and what to try next.

#!/usr/bin/perl
use warnings;
use strict;

use IO::Socket::SSL qw(debug4);
use LWP::UserAgent;
 
my $url =  'https://xxxxx.xxxxx.com/xxxx/Cms.asmx';

 my $ua = LWP::UserAgent->new;
 $ua->ssl_opts(  SSL_use_cert => 1,
        verify_hostname => 0,
        SSL_cert_file => "BW_cert.pem",
        SSL_key_file =>  "BW_key.pem"
        );
 
 my $response = $ua->get( $url );
 
 if ($response->is_success) 
 {
     print $response->decoded_content;  
 }
 else 
 {
     die $response->status_line;
 }
[download]

The output that I get is as follows:

DEBUG: .../IO/Socket/SSL.pm:1482: new ctx 42693424
DEBUG: .../IO/Socket/SSL.pm:334: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:336: socket connected
DEBUG: .../IO/Socket/SSL.pm:349: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:392: Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:447: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:1213: SSL read errorerror:140940E5:SSL rou
+tines:SSL3_READ_BYTES:ssl handshake failure

DEBUG: .../IO/Socket/SSL.pm:1519: free ctx 42693424 open=42693424
DEBUG: .../IO/Socket/SSL.pm:1527: OK free ctx 42693424
500 Status read failed:  at testUA.pm line 29.
[download]

Comment on Perl Certificate Problems for Accessing Web-page Select or Download Code

Replies are listed 'Best First'.
Re: Perl Certificate Problems for Accessing Web-page by noxxi (Pilgrim) on Feb 06, 2015 at 17:27 UTC
The SSL handshake failure in the debug output can mean multiple things, among them that the server does not like your certificates. You could try the following things to narrow down the problem: Use `openssl s_client -connect ... -key BW_key.pem -cert BW_cert.pem`. If thus succeeds the problem might be inside LWP/IO::Socket::SSL (diferent cipher set or something else). If you don't have the openssl binary you might also try curl or wget where you should also be able to specify a client certificate. Make a packet capture and look at it with wireshark. See at which stage of the SSL handshake it fails. If you need help with that post the packet capture to cloudshark.org	[reply]

Replies are listed 'Best First'.

Re: Perl Certificate Problems for Accessing Web-page
by noxxi (Pilgrim) on Feb 06, 2015 at 17:27 UTC

Use openssl s_client -connect ... -key BW_key.pem -cert BW_cert.pem. If thus succeeds the problem might be inside LWP/IO::Socket::SSL (diferent cipher set or something else). If you don't have the openssl binary you might also try curl or wget where you should also be able to specify a client certificate.
Make a packet capture and look at it with wireshark. See at which stage of the SSL handshake it fails. If you need help with that post the packet capture to cloudshark.org

[reply]