RE: [Crypt::SSLeay] Peer certificate not verified problem

Sun, 08 Jun 2003 12:19:11 -0700 

Ah, great.  Thanks, I actually saw this patch and thought that it was
already incorporated into the module.  I'm going to patch it up now.

Thanks again.

Ilya

> -----Original Message-----
> From: Josh Chamas [mailto:[EMAIL PROTECTED] 
> Sent: Sunday, June 08, 2003 2:37 PM
> To: Sterin, Ilya
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Crypt::SSLeay] Peer certificate not verified problem
> 
> 
> Sterin, Ilya wrote:
> > Crypt::SSLeay version .49.
> > 
> > I'm having an issue with receiving a result of...
> > 
> > .... stuff before ....
> > Client-SSL-Cipher: EDH-RSA-DES-CBC3-SHA
> > Client-SSL-Warning: Peer certificate not verified
> > .... stuff after ....
> > 
> > response from a server.  The weird thing is that it used to 
> work about 
> > a week ago, and I don't remember making any upgrades, etc...
> > 
> 
> Whether or not you are doing any peer cert verification, LWP 
> will add that Client-SSL-Warning header to the response 
> output.  I had submitted a patch a while back that would fix 
> this in LWP, I think at least a couple times, and have given 
> up.  Just know that if you are doing peer cert verification 
> with configs like:
> 
>           # CA CERT PEER VERIFICATION
>           $ENV{HTTPS_CA_FILE}   = 'certs/ca-bundle.crt';
>           $ENV{HTTPS_CA_DIR}    = 'certs/';
> 
> Then it will work, or throw an error like:
> 
> SSL negotiation failed: error:1407E086:SSL 
> routines:SSL2_SET_CERTIFICATE:certificate verify failed
> 
> The patch I had submitted this before for LWP was:
> 
> [EMAIL PROTECTED] libwww-perl-5.64]# diff -u 
> lib/LWP/Protocol/https.pm.old lib/LWP/Protocol/https.pm
> --- lib/LWP/Protocol/https.pm.old     Fri Nov 16 18:10:28 2001
> +++ lib/LWP/Protocol/https.pm Mon Mar 18 12:38:37 2002
> @@ -34,7 +34,9 @@
>       $res->header("Client-SSL-Cert-Subject" => $cert->subject_name);
>       $res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name);
>       }
> -    $res->header("Client-SSL-Warning" => "Peer certificate 
> not verified");
> +    if(! eval { $sock->get_peer_verify }) {
> +     $res->header("Client-SSL-Warning" => "Peer certificate 
> not verified");
> +    }
>   }
> 
> Regards,
> 
> Josh
> 
> ________________________________________________________________
> Josh Chamas, Founder                   phone:925-552-0128
> Chamas Enterprises Inc.                http://www.chamas.com
> NodeWorks Link Checking                http://www.nodeworks.com
>

Reply via email to