I upgraded my IO::Socket::SSL to the latest version, it took a while since I also had to upgrade a bunch of other stuff to get it to work, but at least now I have all the utilities.
I ran your code to generate a certificate, setup the server and connect to it, that all worked. Next I ran the server on the host which I'm trying to connect to and modified the ip for the client, still worked. Then I configured apache to use that exact certificate and and again it worked!
Convinced that all my troubles were over I tried to execute my script from the original post to see if it would also work with the new certificate but...
On the serverside openssl s_server said:DEBUG: .../IO/Socket/SSL.pm:2555: new ctx 34454560 DEBUG: .../IO/Socket/SSL.pm:539: socket not yet connected DEBUG: .../IO/Socket/SSL.pm:541: socket connected DEBUG: .../IO/Socket/SSL.pm:563: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:599: not using SNI because hostname is unk +nown DEBUG: .../IO/Socket/SSL.pm:631: request OCSP stapling DEBUG: .../IO/Socket/SSL.pm:650: set socket to non-blocking to enforce + timeout=180 DEBUG: .../IO/Socket/SSL.pm:663: Net::SSLeay::connect -> -1 DEBUG: .../IO/Socket/SSL.pm:673: ssl handshake in progress DEBUG: .../IO/Socket/SSL.pm:683: waiting for fd to become ready: SSL w +ants a read first DEBUG: .../IO/Socket/SSL.pm:703: socket ready, retrying connect DEBUG: .../IO/Socket/SSL.pm:2458: did not get stapled OCSP response DEBUG: .../IO/Socket/SSL.pm:2411: ok=1 cert=34885312 DEBUG: .../IO/Socket/SSL.pm:1559: scheme=www cert=34885312 DEBUG: .../IO/Socket/SSL.pm:1569: identity=192.168.100.222 cn=________ +_____ alt= DEBUG: .../IO/Socket/SSL.pm:1769: hostname verification failed DEBUG: .../IO/Socket/SSL.pm:663: Net::SSLeay::connect -> -1 DEBUG: .../IO/Socket/SSL.pm:1780: SSL connect attempt failed DEBUG: .../IO/Socket/SSL.pm:1785: SSL connect attempt failed error:140 +90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify fai +led DEBUG: .../IO/Socket/SSL.pm:669: fatal SSL error: SSL connect attempt +failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certif +icate verify failed DEBUG: .../IO/Socket/SSL.pm:1769: IO::Socket::IP configuration failed DEBUG: .../IO/Socket/SSL.pm:2588: free ctx 34454560 open=34454560 DEBUG: .../IO/Socket/SSL.pm:2593: free ctx 34454560 callback DEBUG: .../IO/Socket/SSL.pm:2600: OK free ctx 34454560 500 Can't connect to 192.168.100.222:4433 (certificate verify failed) Content-Type: text/plain Client-Date: Wed, 07 Jan 2015 23:00:51 GMT Client-Warning: Internal response Can't connect to 192.168.100.222:4433 (certificate verify failed) SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER +_CERTIFICATE:certificate verify failed at /usr/local/share/perl/5.14. +2/LWP/Protocol/http.pm line 49
Using default temp DH parameters Using default temp ECDH parameters ACCEPT bad gethostbyaddr ERROR 140707196729000:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 aler +t certificate unknown:s3_pkt.c:1256:SSL alert number 46 shutting down SSL CONNECTION CLOSED ACCEPT
trying to connect to apache with the new cert also failed. This leaves me to think that there is something wrong with (the way I'm using) LWP::UserAgent.
Is it possible to handle the ssl connection with IO::Socket::SSL directly but still have all the LWP::UserAgent functionality for my interaction with the server after the connection is established?
In reply to Re^2: HTTPS connection with LWP and self-signed certificate
by Anonymous Monk
in thread HTTPS connection with LWP and self-signed certificate
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |