perl Client-SSL-Warning:未验证对等证书 [英] perl Client-SSL-Warning: Peer certificate not verified
问题描述
我在使用perl screencraper时遇到了HTTPS网站的问题。
在调试中,我运行以下命令:
I am having trouble with a perl screenscraper to an HTTPS site. In debugging, I ran the following:
print $res->headers_as_string;
,在输出中,我有以下行:
and in the output, I have the following line:
Client-SSL-Warning: Peer certificate not verified
有没有方法我可以自动接受此证书,或者这不是问题?
Is there a way I can auto-accept this certificate, or is that not the problem?
#!/usr/bin/perl
use LWP::UserAgent;
use Crypt::SSLeay::CTX;
use Crypt::SSLeay::Conn;
use Crypt::SSLeay::X509;
use LWP::Simple qw(get);
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => 'https://vzw-cat.sun4.lightsurf.net/vzwcampaignadmin/');
my $res = $ua->request($req);
print $res->headers_as_string;
输出:
Cache-Control: no-cache
Connection: close
Date: Tue, 01 Jun 2010 19:28:08 GMT
Pragma: No-cache
Server: Apache
Content-Type: text/html
Expires: Wed, 31 Dec 1969 16:00:00 PST
Client-Date: Tue, 01 Jun 2010 19:28:09 GMT
Client-Peer: 64.152.68.114:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Client-SSL-Cert-Subject: /C=US/ST=Massachusetts/L=Boston/O=verizon wireless/OU=TERMS OF USE AT WWW.VERISIGN.COM/RPA (C)00/CN=PSMSADMIN.VZW.COM
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Client-Transfer-Encoding: chunked
Link: <css/vtext_style.css>; rel="stylesheet"; type="text/css"
Set-Cookie: JSESSIONID=DE6C99EA2F3DD1D4DF31456B94F16C90.vz3; Path=/vzwcampaignadmin; Secure
Title: Verizon Wireless - Campaign Administrator
更新:
我添加了
UPDATE: I added
$ENV{HTTPS_CA_FILE} = 'certs/PSMSADMIN.VZW.COM';
$ENV{HTTPS_CA_DIR} = 'certs/';
我也打开了调试:
$ENV{HTTPS_DEBUG} = 1;
这是我的输出:
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:error in SSLv2 read server hello B
content: 500 SSL negotiation failed: error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed
忽略失败,但问题是这是页面上现在唯一的事情,所以没有登录表单或任何东西。
I try to ignore the failure, but the problem is that that is the only thing on the page now, so no login form or anything.
推荐答案
正如我可以告诉,这只是一个警告。该网站上的证书与域不匹配,因此perl(正当地)抱怨它。如果您实际开启对等证书验证,如下所示:
As near as I can tell, this is only a warning. The certificate on that site does not match the domain, so perl is (rightfully) complaining about it. If you actually turn on peer certificate verification like so:
# CA cert peer verification
$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
$ENV{HTTPS_CA_DIR} = 'certs/';
您会得到这个作为输出:
You'll get this as your output:
Content-Type: text/plain
Client-Date: Tue, 01 Jun 2010 19:32:51 GMT
Client-Warning: Internal response
500 SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed
Content-Type: text/plain
Client-Date: Tue, 01 Jun 2010 19:32:51 GMT
Client-Warning: Internal response
有一个名为 get_peer_verify Net :: SSL (其中 Crypt :: SSLeay 提供)中返回c>需要对等验证。我相信,为了启用此功能,我们在2001年添加了 消息被隐藏。 2002年的补丁声称在同行时关闭警告
There is a method named get_peer_verify in Net::SSL (which Crypt::SSLeay provides) which returns whether or not peer verification is desired. I believe it was added in 2001 or so in order to enable this message to be hidden. This patch from 2002 claims to turn off the warning when peer verification is not desired, but I don't think it was ever applied.
简而言之,您可以忽略该警告,除非您的意思是进行验证,这种情况下,我要说添加根证书到您的 CA_DIR 和 CA_FILE 。但由于该证书的域与服务器的域不匹配,我甚至不确定这将有助于。
So in short, you can probably ignore the warning unless you mean to be doing verification, in which case I'd say add the root cert to your CA_DIR and CA_FILE. But since the cert's domain doesn't match the domain of the server, I'm not even sure that this will help.
这篇关于perl Client-SSL-Warning:未验证对等证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
