LWP:UserAgent 500错误 [英] 500 error with LWP:UserAgent
问题描述
解决了! 谢谢我的每一次帮助:)
Solved ! thanks for every help i had :)
找到了http://stackoverflow.com/questions/8026524/how-do-i-force-lwp-to-use-cryptssleay-for-https-requests
并用
use Net::SSL (); # From Crypt-SSLeay
BEGIN {
$Net::HTTPS::SSL_SOCKET_CLASS = "Net::SSL"; # Force use of Net::SSL
$ENV{HTTPS_PROXY} = 'http://10.0.3.1:3128';
}
我尝试了千种不同的方法来连接到URL
}
I tried a thousand different ways to connect to the URL
https://sis-t.redsys.es:25443/sis/entradaXMLEntidad/
,我似乎无法获得500错误以外的其他信息.
and i seem unable to get something else than a 500 error.
我尝试过的最新代码是
require LWP::UserAgent;
## Code added according to Sinan Ünür s comment
use Net::SSLeay;
$Net::SSLeay::trace = 2;
## End of code added
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0});
$ua->agent("Mozilla/8.0");
$ua->timeout(10);
my $url = 'https://sis-t.redsys.es:25443/sis/entradaXMLEntidad/'
my $req = HTTP::Request->new( GET => $url);
$req->header( 'Accept' => 'text/html' );
# send request
my $res = $ua->request($req);
# check the outcome
if ( $res->is_success ) {
print $res->decoded_content;
} else {
print "Error: " . $res->status_line . "\n";
}
我尝试了有无
$ua->proxy('https', 'http://myproxy');
我尝试了POST和GET(从最后开始,我将不得不使用POST访问该URL).
I tried POST and GET (since in the end, I am going to have to access that URL with POST).
当然,我确保可以从常规浏览器获取此页面.我确保我的代码始终能够以
Of course I made sure I was able to get this page from a regular browser. I made sure my code always was able to connect to other pages with the form of
https + example.com:example-port + /path/to/another/page.
如果有人可以帮助我发现我在做错什么,我将很感激.
If anyone can help me to find what I am doing wrong, I'd be thankful.
编辑 为SinanÜnür的注释添加的代码产生了以下错误
EDIT the added code for Sinan Ünür's comment produced the following error
DEBUG: .../IO/Socket/SSL.pm:449: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:451: socket connected
DEBUG: .../IO/Socket/SSL.pm:469: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:504: using SNI with hostname sis-t.redsys.es
DEBUG: .../IO/Socket/SSL.pm:527: set socket to non-blocking to enforce timeout=10
DEBUG: .../IO/Socket/SSL.pm:550: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:560: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:570: handshake failed because socket did not became ready
Error: 500 Can't connect to sis-t.redsys.es:25443
输出是相同的,结合了我为ua创建而想到的不同组合(带有/不带验证/SSL_version/...
the output was the same combining different mixes I thought of for the ua creation (with/out verification/SSL_version/...
my $ua = LWP::UserAgent->new; #(ssl_opts => { verify_hostname => 1, SSL_version => 'TLSv1' });
由于这也是在此处发现的: http://www.perlmonks.org/?node_id=1106004
Since this was also spotted here : http://www.perlmonks.org/?node_id=1106004
代码
#!/usr/bin/perl -w
use strict;
use Net::SSLeay;
$Net::SSLeay::trace = 2;
require LWP::UserAgent;
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0, SSL_version => 'TLSv1:!TLSv11:!TLSv12:!SSLv2:!SSLv3'});
$ua->agent("Mozilla/8.0");
$ua->timeout(10);
my $req = HTTP::Request->new( GET => "https://sis-t.redsys.es:25443/sis/entradaXMLEntidad/");
$req->header( 'Accept' => 'text/html' );
# send request
my $res = $ua->request($req);
# check the outcome
if ( $res->is_success ) {
print $res->decoded_content;
} else {
print "Error: " . $res->status_line . "\n";
}
在具有以下功能的机器上可以正常工作 Perl 5.14.2 LWP:User :: Agent 6.04 IO :: Socket :: SSL 1.76 Net :: SSLeay 1.48
works fine on a machine with perl 5.14.2 LWP:User::Agent 6.04 IO::Socket::SSL 1.76 Net::SSLeay 1.48
但不是我的 Perl 5.14.2 LWP:User :: Agent 6.06 IO :: Socket :: SSL 1.955 净:: SSLeay 1.55 而且我似乎找不到更多的区别...
but not on mine with perl 5.14.2 LWP:User::Agent 6.06 IO::Socket::SSL 1.955 Net::SSLeay 1.55 and I seem unable to find more differences...
推荐答案
(基于我来自
... sis-t.redsys.es:25443
... sis-t.redsys.es:25443
此服务器存在一些严重问题.您使用(1.76)的IO :: Socket :: SSL版本的默认密码设置为"ALL:!LOW".如果将此密码集与TLS1.0或更高版本一起使用,则连接只会挂起.您可以使用s_client进行验证:
This server has some serious issues. The default cipher set for the version of IO::Socket::SSL you use (1.76) is "ALL:!LOW". If this cipher set is used together with TLS1.0 or higher the connection simply hangs. You can verify this with s_client:
$ openssl s_client -cipher 'ALL:!LOW' -connect sis-t.redsys.es:25443 -servername sis-t.redsys.es
CONNECTED(00000004)
... and there it hangs ...
这种问题通常与服务器前的较旧的F5负载平衡器有关,它仅丢弃大于255字节的ClientHello数据包.如果您不希望在s_client调用中添加servername选项,那么该请求将成功执行,因为该数据包现在小于255字节.从1.962版本开始(大约一年前),IO :: Socket :: SSL将使用更小(更安全)的密码集来解决此类问题.
This kind of problem is often seen in connection with older F5 load balancers in front of the server, which simply drop ClientHello packets greater than 255 bytes. If you would not add the servername option in the s_client call the request would magically succeed, because the packet is now smaller than 255 byte. Since version 1.962 (about a year ago) IO::Socket::SSL will use a smaller (and more secure) cipher set to work around such problems.
Crypt :: SSLeay而是使用默认的OpenSSL密码集,这使数据包在这种情况下仅248个字节,因此足够小.这就是为什么它可以与Crypt :: SSLeay一起使用的原因.但是请注意,Crypt :: SSLeay不会根据服务器证书对主机名进行任何验证,因此容易受到中间人攻击.
Crypt::SSLeay instead uses the default cipher set of OpenSSL, which makes the packet in this case just 248 bytes and thus small enough. That's why it works with Crypt::SSLeay. But please note, that Crypt::SSLeay does not make any verification of the hostname against the servers certificate and is thus open to man-in-the-middle attacks.
对于当前版本的IO :: Socket :: SSL,应该修复该问题,即您不需要任何特殊设置,并且可以启用验证等.因此,最新代码可以在我的IO机器上正常工作: :Socket :: SSL 2.002.
With current versions of IO::Socket::SSL the problem should be fixed, that is you should not need any special settings and you can leave verification enabled etc. Your latest code works thus without problems on my machine with IO::Socket::SSL 2.002.
但是,由于您使用的是代理服务器,因此您也应该使用最新版本的LWP :: UserAgent和LWP :: Protocol :: https,因为仅对IO :: Socket :: SSL后端提供了适当的代理支持6.06(如果您使用Debian或类似Ubuntu的衍生产品,可能已经在6.04中了).看起来您在使用LWP :: UserAgent 6.06时,没有显示LWP :: Protocol :: https的版本.此单独的模块也必须是6.06版,才能具有有效的代理支持.
But, since you are using a proxy you should use the latest versions of LWP::UserAgent and LWP::Protocol::https too, because proper proxy support with IO::Socket::SSL backend was only added to version 6.06 (it might be in 6.04 already if you use Debian or a spinoff like Ubuntu). While it looks like you are using LWP::UserAgent 6.06 you do not show the version of LWP::Protocol::https. This separate module must be version 6.06 too to have working proxy support.
这篇关于LWP:UserAgent 500错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
