LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-20-2011, 03:14 PM   #1
karlschweigert
LQ Newbie
 
Registered: Mar 2011
Posts: 3

Rep: Reputation: 0
How to set PERL_LWP_SSL_VERIFY_HOSTNAME to 0


My server recently upgraded to LWP 6.0 and I need to turn off SSL Verification. Can someone tell me, step by step, how to do so? The documentation says set PERL_LWP_SSL_VERIFY_HOSTNAME to 0 but I don't know where or how to accomplish this. Thanks!

Below is the error message that I get when running an IPN to CCBILL.

Can't connect to datalink.ccbill.com:443 (Crypt-SSLeay can't verify hostnames) Net::SSL from Crypt-SSLeay can't verify hostnames; either install IO::Socket::SSL or turn off verification by setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0 at /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/http.pm line 51.
 
Old 03-21-2011, 12:52 AM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
Have you looked at /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/http.pm line 51 ?
 
Old 03-21-2011, 01:50 AM   #3
karlschweigert
LQ Newbie
 
Registered: Mar 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Yes, I did check!

Thanks for the reply. I did check and line 51 reads:

Code:
die "$status\n\n$@";
The whole block of text is:


Code:
41 unless ($sock) {
42        # IO::Socket::INET leaves additional error messages in $@
43        my $status = "Can't connect to $host:$port";
44        if ($@ =~ /\bconnect: (.*)/ ||
45            $@ =~ /\b(Bad hostname)\b/ ||
46            $@ =~ /\b(certificate verify failed)\b/ ||
47            $@ =~ /\b(Crypt-SSLeay can't verify hostnames)\b/
48        ) {
49            $status .= " ($1)";
50        }
51        die "$status\n\n$@";
60    }
Which still leaves me with two problems:

1.) I don't know what value to change. Do I need to make the $1 = $0 in line 49?
2.) I don't know how to change it! When I type in "vi http.pm" and "i" to make changes, I get the message:
Code:
W10: Warning: Changing a readonly file
and I am unable to edit it as I normally do.
 
Old 03-21-2011, 12:37 PM   #4
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
The problem is not there, that is where the error arises. You would also need to be root to edit that file I suspect.

Anyway, you can specify the environment variables in your script, I suggest near the beginning of the code.
Add ...

Code:
$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;
 
Old 03-21-2011, 12:41 PM   #5
karlschweigert
LQ Newbie
 
Registered: Mar 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks!

Thanks smoker! I'll have the script modified to add the environment variable!
 
Old 08-22-2011, 11:44 AM   #6
serotta1958
LQ Newbie
 
Registered: Aug 2011
Posts: 1

Rep: Reputation: Disabled
Smoker,

you resolution worked great but I would love to understand the internet architecture involved here.
what does PERL_LWP_SSL_VERIFY_HOSTNAME do?

is it comparing an SSL certificate to a hostname or is the SSL cert on the destination out of date?
 
Old 02-23-2012, 11:18 AM   #7
jantman
Member
 
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492

Rep: Reputation: 31
Quote:
Originally Posted by serotta1958 View Post
Smoker,

you resolution worked great but I would love to understand the internet architecture involved here.
what does PERL_LWP_SSL_VERIFY_HOSTNAME do?

is it comparing an SSL certificate to a hostname or is the SSL cert on the destination out of date?
In case anyone else finds this post, and for the sake of completeness...
Yes, serotta, the first option that you mentioned. By default, SSL/HTTPS clients check the Subject name specified in the certificate against the hostname, and report an error if they do not match. This is commonly the case with many automatically generated self-signed certificates, or if you use a CNAME to reach a SSL host (and the cert isn't generated with Subject Alternative Names).

In simple terms, this is LWP's version of the "Certificate Name Mismatch" errors displayed by common graphical web browsers.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I set a real system user in ProFTP to set to a specific directory? j.smith1981 Linux - Server 27 12-14-2010 08:32 AM
Can't set PWD despite having sudo permission set. spoovy Linux - Newbie 7 03-04-2010 02:07 AM
Cannot set LD_LIBRARY_PATH in .cshrc (able to set other env variables) senthilpr_in Linux - Newbie 4 02-26-2007 12:46 PM
Set group id,set user id? JAKK Slackware 3 06-15-2006 10:16 PM
How to view set-user-ID and set-group-ID Xris718 Linux - General 7 01-10-2004 01:44 PM


All times are GMT -5. The time now is 02:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration