cormanaz has asked for the wisdom of the Perl Monks concerning the following question:

Greetings Bros. I had a script that was accessing a PlantLink sensor API that was working
#!/usr/bin/perl
use strict;
use JSON;
use Data::Dumper;
require LWP::UserAgent;
my $plantinfo;
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => 'https://dashboard.myplantlink.com
+/api/v1/plants');
$req->authorization_basic('[hide]','[hide]');
my $response = $ua->request($req);
if ($response->is_success) {
    $plantinfo = decode_json $response->decoded_content;
 }
else {
    print "Error: ",$response->status_line;
    exit;
}

[download]
Recently, maybe a month ago, it started throwing error "certificate verify failed." I did some searching around on this error and found this node that says the person solved it by adding ssl_opts => { verify_hostname => 1, SSL_ca_file => '/path/to/servers/ca-bundle'} to LWP::UserAgent->new(). How do I find that path on Windows?

Also it seems strange that the code above was working recently because most of the posts I found on this (including the one linked) are from a couple of years ago. What could have changed?

"I think computers have complicated lives very bigly. The whole age of, you know, computer has made it where nobody knows exactly what's going on." --D. Trump

Replies are listed 'Best First'.
Re: LWP::UserAgent certificate verify failed
by noxxi (Pilgrim) on Feb 03, 2017 at 17:59 UTC

    > ... the code above was working recently ... What could have changed?

    The certificate of the server was changed and the admins have messed up the configuration. From the report from SSLLabs you can see that it reports Chain Issues - incomplete which means that the server fails to provide an essential intermediate certificate which is needed to build the trust chain to a local root certificate.

    To deal with this situation you have to provide the missing certificates yourself. This can be done with 

    my $ua = LWP::UserAgent->new;
$ua->ssl_opts(SSL_ca_file => 'trusted.pem');

    [download]
    where trusted.pem contains the needed certificates, i.e. the root certificate and the missing intermediate. To make it easier I have provided a pastebin with the all the certificates needed for this specific site. Just save it as trusted.pem.

[reply]
[d/l]
      Awesome noxxi, worked like a charm. Thank you so much!
      "I think computers have complicated lives very bigly. The whole age of, you know, computer has made it where nobody knows exactly what's going on." --D. Trump
[reply]
Re: LWP::UserAgent certificate verify failed
by Corion (Patriarch) on Feb 03, 2017 at 16:00 UTC

    If you're using Mozilla::CA, that contains the certificate chains, and some of the SSL certificates were revoked recently.

    If you didn't update Mozilla::CA, maybe the server you're connecting to changed their certificate or that certificate expired.

[reply]
      I had an older Mozilla::CA installed, so I updated it and and that didn't change things. Still the question of how to point to the folder that holds the certificates. I have checked with the company about their certificates, but I can still access the service through their web page, which I assume (but don't know) uses the same certificates.
      "I think computers have complicated lives very bigly. The whole age of, you know, computer has made it where nobody knows exactly what's going on." --D. Trump
[reply]
        How do I find that path on Windows? 
        #!perl
use File::Find;
find(\&wanted,@INC);
sub wanted {
  print "$File::Find::dir/$_\n" if ($_ =~ /\.pem$/);
}

        [download]
        poj
[reply]
[d/l]

        I think you can make LWP::UserAgent tell you in more detail about where things went wrong.

        You could run analyze-ssl.pl to find out where the connection fails, or you could look at the response body of the 500 error to see what the X-whatever headers say about the error reason. You could also look at IO::Socket::SSL and turn up the debugging options there to see where things break down.

[reply]

Back to Seekers of Perl Wisdom