Greetings wise brothers, I seek your advice on secret communication an how we can be sure we know who we are talking to.

Specifically, I am trying to get LWP::UserAgent running inside a locally compiled perlbrew install, to accept a corporate root cert.

At my company, IT have created a private SSL certificate keypair, and used it to sign the ssl certs on numerous internal servers. They also publish the public half of the SSL cert which (on ubuntu) I have installed in /etc/ssl/certs/ where it is accepted by system perl, firefox, wget etc.

For some reason the corporate public certificate is not accepted by a perlbrew install of perl 5.10 that I have compiled localy. Do I need to install the corporate root cert somewhere else for perlbrew to accept it?

Code to reproduce

use strict;
use warnings;

use XML::Simple;
use LWP::UserAgent;
use Data::Dumper;

my $url = "https://--- REDACTED ----";
my $parser = new XML::Simple;
my $ua = new LWP::UserAgent;

# $ua->ssl_opts( verify_hostname => 0 ,SSL_verify_mode => 0x00);

my $req = new HTTP::Request('GET', $url);
my $resp = $ua->request($req);

# print "Result from fetching $url : " . Dumper($resp);

if( $resp->is_success() ){
    # print "Result content: ". $resp->content;
    
    eval{
        my $parsed_xml = $parser->XMLin($resp->content, ForceArray => 
+['publishedfile']);
    };
    if( $@ ){
        print "Error parsing XML: $@";
    }
    else
    {
        print "File downloaded and XML parsed OK"
    }
}
else
{
    die "Error fetching $url : ".$resp->message;
}

[download]

This code works fine using Ubuntu's system perl on all the versions of Ubuntu I could find. It also works if I uncomment the $ua->ssl_opts( verify_hostname => 0 ,SSL_verify_mode => 0x00); line, But it fails on line 35 with  Can't connect to REDACTED:443 (certificate verify failed) at scripts/dev/test_ssl_download.pl line 35. if I use perlbrew perl.

Any ideas?

NB: I asked this question in chatterbox about an hour ago, but did not get a reply, so I am re-posting as a perl question.

In reply to SSL certificate store for a Perlbrew install by chrestomanci

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.