Marshall has asked for the wisdom of the Perl Monks concerning the following question:

I am having trouble connecting to an HTTPS site with Mechanize. I can connect to other HTTPS sites with this same code. So, I don't think that this is an encryption problem. There appears to be something weird with the particular site below. The URL is correct and works in Chrome and Edge.

This particular site got hit with a massive ransomware attack some months back. Something subtle could have changed on this site when putting Humpty Dumpty back together again. My code has been working without problems for the last 5 years. Ideas? 

use strict;
use warnings;

use WWW::Mechanize;
$|=1;

#my $page = 'https://contests.arrl.org/publiclogs.php?eid=18&iid=1049'
+;
my $page = 'https://contests.arrl.org/';

my $mech = WWW::Mechanize->new( autocheck => 1 ); 

$mech->get($page);

exit;

__END__
Error GETing https://contests.arrl.org/publiclogs.php?eid=18&iid=1049:
Can't connect to contests.arrl.org:443 (Bad file descriptor) at test.p
+l line 11.

Now with just the minimal URL, I get the same error:
Error GETing https://contests.arrl.org/: Can't connect to contests.arr
+l.org:443 (Bad file descriptor)

[download]
Update: Changed the code to not verify_hostname. I guess this is then a non-secure connection? I am not sure exactly what this does. 
my $mech = WWW::Mechanize->new( autocheck => 1, 
                                ssl_opts => { verify_hostname => 0}, )
+;

[download]

Replies are listed 'Best First'.
Re: Mechanize - Bad File descriptor
by NERDVANA (Priest) on Sep 10, 2024 at 06:08 UTC
    As seen by https://www.ssllabs.com/ssltest/analyze.html?d=contests.arrl.org :
    Path #1: Trusted
    1 Sent by server *.arrl.org
    2 Extra download Go Daddy Secure Certificate Authority - G2
    3 In trust store Go Daddy Root Certificate Authority - G2
    So yes, that website forgot to include the intermediate chain file. Firefox is willing to download it, but neither Perl nor Curl are. Maybe there's an SSL setting to eable downloads of intermediate certs?
[reply]

      Correct. The webserver must deliver the complete certificate chain up to (but excluding) the root certificate. Depending on your server, you will also have to be sure to provide the chain in the correct order.

      Popular browsers do try to download (or cache) intermediate certs. But from what i remember from the protocol specs, i think that strictly speaking they are not supposed to do that. Pretty sure that the behaviour of Perl and Curl is the correct one.

      PerlMonks XP is useless? Not anymore: XPD - Do more with your PerlMonks XP
      Also check out my sisters artwork and my weekly webcomics
[reply]
        The Perl code's reliance on protocol behaviour may be correct, but failing to catch it in a more coherent/comprehensible way than "bad file descriptor" can hardly be called correct.
[reply]
Re: Mechanize - Bad File descriptor
by choroba (Cardinal) on Sep 09, 2024 at 21:29 UTC
    I can view the page without problems in Firefox.

    Running the Perl code I get a slightly different error: 

    Error GETing https://contests.arrl.org/: Can't connect to contests.arr
+l.org:443 (certificate verify failed) at ./1.pl line 13.

    [download]

    Similarly, wget complains: 

    $ wget -O- https://contests.arrl.org/
--2024-09-09 23:28:00--  https://contests.arrl.org/
Resolving contests.arrl.org (contests.arrl.org)... 44.212.212.223
Connecting to contests.arrl.org (contests.arrl.org)|44.212.212.223|:44
+3... connected.
ERROR: cannot verify contests.arrl.org's certificate, issued by ‘CN=Go
+ Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/
+repository/,O=GoDaddy.com\\, Inc.,L=Scottsdale,ST=Arizona,C=US’:
  Unable to locally verify the issuer's authority.
To connect to contests.arrl.org insecurely, use `--no-check-certificat
+e'.

    [download]

    and so does curl: 

    $ curl  https://contests.arrl.org/
curl: (60) SSL certificate problem: unable to get local issuer certifi
+cate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could
+ not
establish a secure connection to it. To learn more about this situatio
+n and
how to fix it, please visit the web page mentioned above.

    [download]

    map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
[reply]
[d/l]
[select]
Re: Mechanize - Bad File descriptor
by hippo (Archbishop) on Sep 09, 2024 at 22:11 UTC

    Best guess after using s_client is that the server isn't configured to include the chain.

    🦛

[reply]

Back to Seekers of Perl Wisdom