in reply to Mechanize - Bad File descriptor

As seen by https://www.ssllabs.com/ssltest/analyze.html?d=contests.arrl.org :
Path #1: Trusted
1 Sent by server *.arrl.org
2 Extra download Go Daddy Secure Certificate Authority - G2
3 In trust store Go Daddy Root Certificate Authority - G2
So yes, that website forgot to include the intermediate chain file. Firefox is willing to download it, but neither Perl nor Curl are. Maybe there's an SSL setting to eable downloads of intermediate certs?

Replies are listed 'Best First'.
Re^2: Mechanize - Bad File descriptor
by cavac (Prior) on Sep 10, 2024 at 10:31 UTC

    Correct. The webserver must deliver the complete certificate chain up to (but excluding) the root certificate. Depending on your server, you will also have to be sure to provide the chain in the correct order.

    Popular browsers do try to download (or cache) intermediate certs. But from what i remember from the protocol specs, i think that strictly speaking they are not supposed to do that. Pretty sure that the behaviour of Perl and Curl is the correct one.

    PerlMonks XP is useless? Not anymore: XPD - Do more with your PerlMonks XP
    Also check out my sisters artwork and my weekly webcomics
[reply]
      The Perl code's reliance on protocol behaviour may be correct, but failing to catch it in a more coherent/comprehensible way than "bad file descriptor" can hardly be called correct.
[reply]

        Agreed. However, choroba received the correct error message when running the same code. I have just tested and I also receive the correct error:

        $ perl 11161659.pl 
Error GETing https://contests.arrl.org/: Can't connect to contests.arr
+l.org:443 (certificate verify failed) at 11161659.pl line 12.

        [download]

        Can anyone reproduce what Marshall has reported?

        🦛

[reply]
[d/l]

In Section Seekers of Perl Wisdom