How to set PERL_LWP_SSL_VERIFY_HOSTNAME to 0
My server recently upgraded to LWP 6.0 and I need to turn off SSL Verification. Can someone tell me, step by step, how to do so? The documentation says set PERL_LWP_SSL_VERIFY_HOSTNAME to 0 but I don't know where or how to accomplish this. Thanks!
Below is the error message that I get when running an IPN to CCBILL. Can't connect to datalink.ccbill.com:443 (Crypt-SSLeay can't verify hostnames) Net::SSL from Crypt-SSLeay can't verify hostnames; either install IO::Socket::SSL or turn off verification by setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0 at /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/http.pm line 51. |
Have you looked at /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/http.pm line 51 ?
|
Yes, I did check!
Thanks for the reply. I did check and line 51 reads:
Code:
die "$status\n\n$@"; Code:
41 unless ($sock) { 1.) I don't know what value to change. Do I need to make the $1 = $0 in line 49? 2.) I don't know how to change it! When I type in "vi http.pm" and "i" to make changes, I get the message: Code:
W10: Warning: Changing a readonly file |
The problem is not there, that is where the error arises. You would also need to be root to edit that file I suspect.
Anyway, you can specify the environment variables in your script, I suggest near the beginning of the code. Add ... Code:
$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0; |
Thanks!
Thanks smoker! I'll have the script modified to add the environment variable!
|
Smoker,
you resolution worked great but I would love to understand the internet architecture involved here. what does PERL_LWP_SSL_VERIFY_HOSTNAME do? is it comparing an SSL certificate to a hostname or is the SSL cert on the destination out of date? |
Quote:
Yes, serotta, the first option that you mentioned. By default, SSL/HTTPS clients check the Subject name specified in the certificate against the hostname, and report an error if they do not match. This is commonly the case with many automatically generated self-signed certificates, or if you use a CNAME to reach a SSL host (and the cert isn't generated with Subject Alternative Names). In simple terms, this is LWP's version of the "Certificate Name Mismatch" errors displayed by common graphical web browsers. |
All times are GMT -5. The time now is 05:39 PM. |