个人中心
gpt4 book ai didi

perl - LWP HTTPS GET 上的连接失败或 "certificate verify failed"

转载 作者:行者123 更新时间:2023-12-01 04:10:47 26 4
gpt4 key购买 nike

我昨天在 Perl Monks 上发布了这个问题,但它对尝试过它的每个人都有效(参见 http://www.perlmonks.org/?node_id=909968)。但是,我使用了不同的 URL,希望能简化问题。

我正在尝试通过 HTTPS 连接到 api.betfair.com,并且他们拥有我在浏览器中验证过的有效证书。我正在运行 ubuntu 并且有 2 个版本的 Perl。系统一 5.10.0 工作,通过 perlbrew 安装的 5.14.0 失败。代码是:

use LWP::UserAgent; 
use strict;
use warnings;

#$ENV{HTTPS_CA_FILE} = "/usr/share/ca-certificates/cacert.org/cacert.org.crt";

my $ua  = LWP::UserAgent->new; 
my $req = HTTP::Request->new(GET => 'https://api.betfair.com');
my $res = $ua->request($req);

print $res->headers_as_string;
print $res->content;

在系统 Perl 5.10.0 下运行它,它工作正常,我得到: 
Date: Fri, 17 Jun 2011 08:33:04 GMT
Accept-Ranges: bytes
ETag: W/"0-1307353787000"
Content-Length: 0
Content-Type: text/html
Last-Modified: Mon, 06 Jun 2011 09:49:47 GMT
Client-Date: Fri, 17 Jun 2011 08:33:04 GMT
Client-Peer: 84.20.200.10:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
Client-SSL-Cert-Subject: /C=GB/ST=London/L=London/O=The Sporting Exchange Ltd/OU=IS/OU=Terms of use at www.verisign.com/rpa (c)05/CN=*.betfair.com
Client-SSL-Cipher: RC4-MD5
Set-Cookie: NSC_mc-80-qvcbqj.efgbvmu=ffffffff09208c5545525d5f4f58455e445a4a4229a0;expires=Fri, 17-Jun-2011 20:33:05 GMT;path=/;httponly

在 Perl 5.14.0 下运行它我得到:

内容类型:文本/纯文本
客户日期:2011 年 6 月 17 日星期五 08:34:30 GMT
客户警告:内部响应
无法连接到 api.betfair.com:443

如果我取消注释 HTTPS_CA_FILE 的设置并在 5.14.0 中重新运行,我会得到: 
Content-Type: text/plain
Client-Date: Fri, 17 Jun 2011 08:35:09 GMT
Client-Warning: Internal response
Can't connect to api.betfair.com:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /home/martin/perl5/perlbrew/perls/perl-5.14.0/lib/site_perl/5.14.0/LWP/Protocol/http.pm line 51.

我在版本 20110409 上安装了 Mozilla::CA。Mozilla::CA::SSL_ca_file() 返回“/home/martin/perl5/perlbrew/perls/perl-5.14.0/lib/site_perl/5.14.0/Mozilla/CA/cacert.pem”,它存在并且我可以读取。我在 Perl 5.14.0 中使用 LWP 6.02,在 Perl 5.10.0 中使用 5.836。我读到设置 HTTPS_DEBUG=1 应该输出一些调试信息,但它只在使用 Perl 5.10.0 而不是 5.14.0 时(对我来说)这样做。

我无论如何都不是 SSL 大师,但我尝试了一些我发现的东西,它们只会让我更加困惑: 
openssl verify -verbose -CAfile /home/martin/perl5/perlbrew/perls/perl-5.14.0/lib/site_perl/5.14.0/Mozilla/CA/cacert.pem < /dev/null
unable to load certificate
10888:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE

openssl s_client -CAfile /usr/local/share/perl/5.10.0/Mozilla/CA/cacert.pem -connect api.betfair.com:443 < /dev/null
CONNECTED(00000003)
depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=GB/ST=London/L=London/O=The Sporting Exchange Ltd/OU=IS/OU=Terms of use at www.verisign.com/rpa (c)05/CN=*.betfair.com
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
---
Server certificate
-----BEGIN CERTIFICATE-----
certificate snipped
sg==
-----END CERTIFICATE-----
subject=/C=GB/ST=London/L=London/O=The Sporting Exchange Ltd/OU=IS/OU=Terms of use at www.verisign.com/rpa (c)05/CN=*.betfair.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 3068 bytes and written 303 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 81802384A47AF45D2D809A2D10041A4E0B4B4DD821507569216A199ED467B207
    Session-ID-ctx: 
    Master-Key: 50DEC11CD2FA57E9BFA95B0156905D2717A79F333A2028FCCCB0F1C32A6B35202A958CEF24D3D2332A00CDCD158B40FB
    Key-Arg   : None
    Start Time: 1308304989
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
DONE

更新:我认为这是因为我设置了 PERL_UNICODE=SAL 但取消设置并不能解决问题。

更新:版本:
Linux ubuntu 10.10 代号特立独行
openssl 0.9.80(我相信我的 ubuntu 发行版是最新的

最佳答案 

$ openssl s_client -connect api.betfair.com:443 < /dev/null > api.betfair.com.pem
$ openssl x509 -in api.betfair.com.pem -issuer_hash
eb99629b

好吧,whaddayasay,这是我之前和其他人看到的同样愚蠢的中间证书 0xeb99629b,请参阅 comment above有关详细信息以及如何获取它。

出于好奇,您正在运行什么版本的 OpenSSL 和 ca 证书?您的系统版本/供应商是什么?

关于perl - LWP HTTPS GET 上的连接失败或 "certificate verify failed",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6384217/

26 4 0
文章推荐: python - ConfigParser - 打印 config.sections() 返回 []
文章推荐: jquery - 第二次点击时稍微改变功能
文章推荐: Jquery datatable sdom如何同时定义id和class
文章推荐: java - JFace:更改 TreeViewer 中 TreeItem 的颜色
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com