LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How to set PERL_LWP_SSL_VERIFY_HOSTNAME to 0 (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-set-perl_lwp_ssl_verify_hostname-to-0-a-869836/)

karlschweigert 03-20-2011 03:14 PM
How to set PERL_LWP_SSL_VERIFY_HOSTNAME to 0
 
My server recently upgraded to LWP 6.0 and I need to turn off SSL Verification. Can someone tell me, step by step, how to do so? The documentation says set PERL_LWP_SSL_VERIFY_HOSTNAME to 0 but I don't know where or how to accomplish this. Thanks!

Below is the error message that I get when running an IPN to CCBILL.

Can't connect to datalink.ccbill.com:443 (Crypt-SSLeay can't verify hostnames) Net::SSL from Crypt-SSLeay can't verify hostnames; either install IO::Socket::SSL or turn off verification by setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0 at /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/http.pm line 51.

smoker 03-21-2011 12:52 AM
Have you looked at /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/http.pm line 51 ?

karlschweigert 03-21-2011 01:50 AM
Yes, I did check!
 
Thanks for the reply. I did check and line 51 reads:

Code:
die "$status\n\n$@";
The whole block of text is:


Code:
41 unless ($sock) {
42        # IO::Socket::INET leaves additional error messages in $@
43        my $status = "Can't connect to $host:$port";
44        if ($@ =~ /\bconnect: (.*)/ ||
45            $@ =~ /\b(Bad hostname)\b/ ||
46            $@ =~ /\b(certificate verify failed)\b/ ||
47            $@ =~ /\b(Crypt-SSLeay can't verify hostnames)\b/
48        ) {
49            $status .= " ($1)";
50        }
51        die "$status\n\n$@";
60    }
Which still leaves me with two problems:

1.) I don't know what value to change. Do I need to make the $1 = $0 in line 49?
2.) I don't know how to change it! When I type in "vi http.pm" and "i" to make changes, I get the message:
Code:
W10: Warning: Changing a readonly file
and I am unable to edit it as I normally do.

smoker 03-21-2011 12:37 PM
The problem is not there, that is where the error arises. You would also need to be root to edit that file I suspect.

Anyway, you can specify the environment variables in your script, I suggest near the beginning of the code.
Add ...

Code:
$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;

karlschweigert 03-21-2011 12:41 PM
Thanks!
 
Thanks smoker! I'll have the script modified to add the environment variable!

serotta1958 08-22-2011 11:44 AM
Smoker,

you resolution worked great but I would love to understand the internet architecture involved here.
what does PERL_LWP_SSL_VERIFY_HOSTNAME do?

is it comparing an SSL certificate to a hostname or is the SSL cert on the destination out of date?

jantman 02-23-2012 11:18 AM
Quote:
Originally Posted by serotta1958 (Post 4450260)
Smoker,

you resolution worked great but I would love to understand the internet architecture involved here.
what does PERL_LWP_SSL_VERIFY_HOSTNAME do?

is it comparing an SSL certificate to a hostname or is the SSL cert on the destination out of date?
In case anyone else finds this post, and for the sake of completeness...
Yes, serotta, the first option that you mentioned. By default, SSL/HTTPS clients check the Subject name specified in the certificate against the hostname, and report an error if they do not match. This is commonly the case with many automatically generated self-signed certificates, or if you use a CNAME to reach a SSL host (and the cert isn't generated with Subject Alternative Names).

In simple terms, this is LWP's version of the "Certificate Name Mismatch" errors displayed by common graphical web browsers.


All times are GMT -5. The time now is 05:39 PM.