This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problem with HTTPS in LWP module in Perl


Hi,

I think you have hit exactly the same problem than me as far as i can
tell from your output, though I didn't use lwp-request but
LWP::UserAgent, but I tried with lwp-request and it is the same. Let
me explain inline in your mail what I think happened during your
tries.

2012/11/1 Reini Urban <rurban@x-ray.at>:
> On Thu, Nov 1, 2012 at 1:22 PM, Reini Urban wrote:
>> On Thu, Nov 1, 2012 at 1:05 PM, Björn Kautler  wrote:
>>> I'm having a problem with https requests to
>>> "https://www.geocaching.com"; in perl.
>>> Nothing was done at all, then I found out I need to install
>>> LWP::Protocol:https which I did with "cpan LWP::Protocol:https".
>>> Now according to Wireshark at least SSL communication is started.
>>> But after the "Client Hello" it just hangs until a timeout happens,
>>> waiting for the "Server Hello".
>>> With other HTTPS pages like "https://www.google.com"; it works fine.
>>> The exact same Perl script works fine under Ubuntu.
>>> The https request to the same page works fine with curl under cygwin.
>>> If I change the SSL socket class to Net::SSL instead of
>>> IO::Socket::SSL, it also hangs after the "Client Hello", but then
>>> retries with SSLv3 instead of TLSv1 according to Wireshark and this at
>>> least works a bit better though not completely.
>>> So I guess something is weird in the Cygwin port of IO::Socket::SSL. :-/
>>
>> Probably, but I cannot reproduce it.
>> If it is, you need to file a rt.cpan.org ticket for this,
>> with some wireshark loggings and the exact request.
>>
>> $ lwp-request https://www.geocaching.com/
>> 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not
>> installed)
>> $ cpan LWP::Protocol::https
>> ... (built and installed SULLR/IO-Socket-SSL-1.77.tar.gz,
>> GAAS/LWP-Protocol-https-6.03.tar.gz)
>>   /usr/bin/make install  -- OK
>>
>> $ lwp-request -USed https://www.geocaching.com/
>> GET https://www.geocaching.com/
>> User-Agent: lwp-request/6.03 libwww-perl/6.04
>>
>> 500 Can't connect to www.geocaching.com:443
>> Content-Type: text/plain
>> Client-Date: Thu, 01 Nov 2012 18:21:07 GMT
>> Client-Warning: Internal response

How long did this need from executing until error message?
I think this is the exact place where the error happens, also for you.
At least the output seems like that to me.

>> From debian:
>> $ lwp-request -USed https://www.geocaching.com/
>> GET https://www.geocaching.com/
>> User-Agent: lwp-request/5.834 libwww-perl/6.04
>>
>> GET https://www.geocaching.com/ --> 500 Can't connect to www.geocaching.com:443
>> Content-Type: text/plain
>> Client-Date: Thu, 01 Nov 2012 18:18:49 GMT
>> Client-Warning: Internal response
>>
>> $ lwp-request -USed https://www.google.com/
>> -> 200 OK
>
> I got a bit more information from some other version:
>
> $ perl5.14.3 -S lwp-request -USed https://www.geocaching.com/
> GET https://www.geocaching.com/
> User-Agent: lwp-request/5.834 libwww-perl/6.04
>
> GET https://www.geocaching.com/ --> 500 Can't connect to
> www.geocaching.com:443 (Crypt-SSLeay can't verify hostnames)
> Content-Type: text/plain
> Client-Date: Thu, 01 Nov 2012 18:22:57 GMT
> Client-Warning: Internal response
>
> So I think it's on the application level, not the library. This is
> with Crypt::SSLeay 0.64.
> My Cygwin has 0.60, and debian had 0.58.
>
> See http://stackoverflow.com/questions/12116244/https-proxy-and-lwpuseragent
> how to utilize PERL_LWP_SSL_VERIFY_HOSTNAME=0

I don't think this is more information but another case.
There are two SSL Socket classes that you can set.
If you use Net::SSL like "PERL_NET_HTTPS_SSL_SOCKET_CLASS='Net::SSL'
lwp-request -USed https://www.geocaching.com"; you get teh error 500
with "Crypt-SSLeay can't verify hostnames". If you use IO::Socket::SSL
like "PERL_NET_HTTPS_SSL_SOCKET_CLASS='IO::Socket::SSL' lwp-request
-USed https://www.geocaching.com"; which seems to be the default on all
systems I tried on, you don't get the error with hostname
verification, but the timeout.
If I use Net::SSL as socket class and switch off hostname verification
with "PERL_LWP_SSL_VERIFY_HOSTNAME=0", I'm getting the very same
timeout I get with the other socket class, just that after the timeout
the library tries again with an SSLv3 client hello instead of an TLSv1
client hello and succeds.
But using curl shows that it should work with the TLSv1 client hello right away.
Just like I described in my original message already. :-)

Cheers
Björn

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]