perl客户端-SSL-警告:未验证对等证书
perl客户端-SSL-警告:未验证对等证书
提问于 2010-06-02 03:03:53
我在一个HTTPS站点的perl屏幕抓取程序中遇到了问题。在调试过程中,我运行了以下代码:
print $res->headers_as_string;在输出中,我有下面一行代码:
Client-SSL-Warning: Peer certificate not verified有没有办法可以自动接受这个证书,或者这不是问题所在?
#!/usr/bin/perl
use LWP::UserAgent;
use Crypt::SSLeay::CTX;
use Crypt::SSLeay::Conn;
use Crypt::SSLeay::X509;
use LWP::Simple qw(get);
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => 'https://vzw-cat.sun4.lightsurf.net/vzwcampaignadmin/');
my $res = $ua->request($req);
print $res->headers_as_string;输出:
Cache-Control: no-cache
Connection: close
Date: Tue, 01 Jun 2010 19:28:08 GMT
Pragma: No-cache
Server: Apache
Content-Type: text/html
Expires: Wed, 31 Dec 1969 16:00:00 PST
Client-Date: Tue, 01 Jun 2010 19:28:09 GMT
Client-Peer: 64.152.68.114:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Client-SSL-Cert-Subject: /C=US/ST=Massachusetts/L=Boston/O=verizon wireless/OU=TERMS OF USE AT WWW.VERISIGN.COM/RPA (C)00/CN=PSMSADMIN.VZW.COM
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Client-Transfer-Encoding: chunked
Link: <css/vtext_style.css>; rel="stylesheet"; type="text/css"
Set-Cookie: JSESSIONID=DE6C99EA2F3DD1D4DF31456B94F16C90.vz3; Path=/vzwcampaignadmin; Secure
Title: Verizon Wireless - Campaign Administrator更新:我添加了
$ENV{HTTPS_CA_FILE} = 'certs/PSMSADMIN.VZW.COM';
$ENV{HTTPS_CA_DIR} = 'certs/';如下所示。我还打开了调试:
$ENV{HTTPS_DEBUG} = 1;下面是我的输出:
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:error in SSLv2 read server hello B
content: 500 SSL negotiation failed: error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed我试图忽略失败,但问题是现在页面上只有这一项,所以没有登录表单或其他任何东西。
回答 1
Stack Overflow用户
发布于 2010-06-02 03:44:19
据我所知,这只是一个警告。该站点上的证书与域不匹配,因此perl对此(理所当然)进行了抱怨。如果您实际打开了对等证书验证,如下所示:
# CA cert peer verification
$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
$ENV{HTTPS_CA_DIR} = 'certs/';您将获得以下输出:
Content-Type: text/plain
Client-Date: Tue, 01 Jun 2010 19:32:51 GMT
Client-Warning: Internal response
500 SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed
Content-Type: text/plain
Client-Date: Tue, 01 Jun 2010 19:32:51 GMT
Client-Warning: Internal response在Net::SSL ( Crypt::SSLeay提供的)中有一个名为get_peer_verify的方法,它返回是否需要对等验证。我相信它是添加了in 2001之类的,以便能够隐藏这条消息。2002年的This patch声称在不需要对等验证时关闭警告,但我认为它从未被应用过。
因此,简而言之,您可以忽略该警告,除非您打算进行验证,在这种情况下,我建议您将根证书添加到您的CA_DIR和CA_FILE中。但是由于证书的域与服务器的域不匹配,我甚至不确定这是否会有帮助。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/2952493
复制相关文章
相似问题
腾讯云开发者
