Thanks

I replaced:

IO::Socket::SSL->require();

by

use IO::Socket::SSL qw(debug3);

And it works. I am not sure if the USE statement instead of the require function makes a difference, but it hasn't had an effect I can see, other than that qw(debug) produced what is closer to what I need. The output looks like the following:

DEBUG: .../IO/Socket/SSL.pm:2503: new ctx 50492112
DEBUG: .../IO/Socket/SSL.pm:526: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:528: socket connected
DEBUG: .../IO/Socket/SSL.pm:550: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:583: using SNI with hostname gremlin.site
DEBUG: .../IO/Socket/SSL.pm:634: set socket to non-blocking to enforce
+ timeout=180
DEBUG: .../IO/Socket/SSL.pm:647: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:657: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:667: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:687: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2384: ok=1 cert=46355584
DEBUG: .../IO/Socket/SSL.pm:2384: ok=1 cert=50404096
DEBUG: .../IO/Socket/SSL.pm:1539: scheme=www cert=50404096
DEBUG: .../IO/Socket/SSL.pm:1549: identity=gremlin.site cn=gremlin.sit
+e alt=
DEBUG: .../IO/Socket/SSL.pm:647: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:657: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:667: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:687: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:647: Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:702: ssl handshake done

[download]

The above is a communication with a server that behaves properly. The following is from a server that is not, and SSL handshaking fails:

DEBUG: .../IO/Socket/SSL.pm:2503: new ctx 50487248
DEBUG: .../IO/Socket/SSL.pm:526: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:528: socket connected
DEBUG: .../IO/Socket/SSL.pm:550: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: not using SNI because hostname is unk
+nown
DEBUG: .../IO/Socket/SSL.pm:634: set socket to non-blocking to enforce
+ timeout=180
DEBUG: .../IO/Socket/SSL.pm:647: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:657: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:667: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:687: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:647: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:657: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:667: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:687: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:647: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:657: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:667: waiting for fd to become ready: SSL w
+ants a read first
DEBUG: .../IO/Socket/SSL.pm:687: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2384: ok=0 cert=50477104
DEBUG: .../IO/Socket/SSL.pm:647: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1757: SSL connect attempt failed

DEBUG: .../IO/Socket/SSL.pm:653: fatal SSL error: SSL connect attempt 
+failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certif
+icate verify failed
DEBUG: .../IO/Socket/SSL.pm:2537: free ctx 50487248 open=50487248
DEBUG: .../IO/Socket/SSL.pm:2542: free ctx 50487248 callback
DEBUG: .../IO/Socket/SSL.pm:2549: OK free ctx 50487248

[download]

What is missing is something that distinguishes what was sent to the server from what was received from the server. I can't tell if the problem lies with the server or the client, or what that problem is. All I know, beyond what I show here is that "openssl s_client" with the appropriate arguments times out, and simply does not get the certificate from the server (alas, I do not control the sever). Is it possible to get that, e.g. by using some debug level other than 3, or perhaps trace, or some other means?

Thanks

Ted

In reply to Re^2: Can Log4Perl integrated with LWP log SSL/TLS handshaking? by ted.byers
in thread Can Log4Perl integrated with LWP log SSL/TLS handshaking? by ted.byers

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.