LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 09-23-2014, 03:22 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,171

Rep: Reputation: 60
Failed SSL Connection Attempt


The below error message I started seeing in testing a script using Ubuntu 14.04 and was wondering if the forum has seen it because I cant seem much on the net for this:

Code:
perl -e 'use IO::Socket::SSL qw(debug3);IO::Socket::SSL->new(PeerAddr=>"10.0.0.100",PeerPort=> 443,Proto=>"TCP") or die $!'
DEBUG: .../IO/Socket/SSL.pm:1914: new ctx 14374608
DEBUG: .../IO/Socket/SSL.pm:402: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:404: socket connected
DEBUG: .../IO/Socket/SSL.pm:422: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:455: not using SNI because hostname is unknown
DEBUG: .../IO/Socket/SSL.pm:491: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1388: SSL connect attempt failed with unknown error

DEBUG: .../IO/Socket/SSL.pm:497: fatal SSL error: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1948: free ctx 14374608 open=14374608
DEBUG: .../IO/Socket/SSL.pm:1956: OK free ctx 14374608
IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed	...propagated at -e line 1.
?

Last edited by metallica1973; 09-23-2014 at 03:25 PM.
 
Old 09-23-2014, 05:20 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
Try against a server that doesn't use a self signed SSL certificate?
 
Old 09-24-2014, 09:02 AM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,171

Original Poster
Rep: Reputation: 60
I did some reading and it appears to be IO:Socket::SSL versions 1.56 or higher that has SNI Support where the client sends the hostname it want to connect, used if you have multiple SSL servers behind the same IP.

Before:

Code:
perl -e 'use IO::Socket::SSL qw(debug3);IO::Socket::SSL->new(PeerAddr=>"10.0.0.100",PeerPort=>
443,Proto=>"TCP",SSL_hostname => '10.0.0.100') or die $!'
DEBUG: .../IO/Socket/SSL.pm:1914: new ctx 17252256
DEBUG: .../IO/Socket/SSL.pm:402: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:404: socket connected
DEBUG: .../IO/Socket/SSL.pm:422: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:452: using SNI with hostname d
DEBUG: .../IO/Socket/SSL.pm:491: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1388: SSL connect attempt failed with unknown error

DEBUG: .../IO/Socket/SSL.pm:497: fatal SSL error: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1948: free ctx 17252256 open=17252256
DEBUG: .../IO/Socket/SSL.pm:1956: OK free ctx 17252256
IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed    ...propagated at -e line 1.
After with SNI disabled:

Code:
perl -e 'use IO::Socket::SSL qw(debug3);IO::Socket::SSL->new(SSL_hostname => '',PeerAddr=>"10.0.0.100",PeerPort=> 443,Proto=>"TCP") or die $!'
DEBUG: .../IO/Socket/SSL.pm:1914: new ctx 16772768
DEBUG: .../IO/Socket/SSL.pm:1948: free ctx 16772768 open=16772768
DEBUG: .../IO/Socket/SSL.pm:1956: OK free ctx 16772768
I grabbed from here:

https://rt.cpan.org/Public/Bug/Display.html?id=86684
 
1 members found this post helpful.
Old 09-24-2014, 05:10 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
Ah, thanks for enlightening us!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Proxy tunneling failed: UnauthorizedUnable to establish SSL connection. thomas2004ch Linux - Software 1 08-12-2013 08:18 AM
vsftpd not working: Connection attempt failed with "ECONNREFUSED - Connection refused davidlu766 Linux - Server 7 05-03-2010 08:34 PM
vsftpd SSL problem (522 SSL connection failed) stringZ Linux - Server 8 05-05-2009 02:27 PM
Failed attempt at 2.6.10 icpsvt Slackware 6 02-08-2005 08:25 PM
every attempt has failed ed_norton Linux - Newbie 3 04-03-2004 04:59 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration