Perl：无法使用SSL访问Web服务 [英] Perl: Cannot Access Web Service with SSL

问题描述

这是我的第一个Perl脚本。我已经使用CPAN安装了SOAP :: Lite，而且看起来还不错。

This is my first Perl script. I have installed SOAP::Lite using CPAN and it seems to have gone okay.

我正在尝试访问简单的HelloWorld .NET Web服务。我收到的错误似乎与Perl或SOAP :: Lite无法验证SSL证书有关。

I'm trying to access a simple HelloWorld .NET web service. I'm getting an error that seems to be related to Perl or SOAP::Lite not being able to verify the SSL certificate.

尽管看起来好像在返回代码500，我创建了一个Java客户端，它能够很好地调用Web方法，所以我认为问题不在Web服务端。

Although it looks like it's returning a code of 500, I created a Java client that was able to call the web method just fine, so I don't think the problem is on the web service end.

有人可以向我指出正确的方向吗？

#!/usr/bin/perl

use SOAP::Lite 'trace', 'debug';

$api_ns = "https://www.mydomain.com/edgedev/";
$api_url = "https://www.mydomain.com/edgedev/ws.asmx";
$action = "HelloWorld";

my $soap = SOAP::Lite
                -> readable(1)
                -> ns($api_ns, 'tns')
                -> proxy($api_url)
                -> on_action(sub { return "\"$action\""});

print $soap->HelloWorld()->result;

结果

Result

<soap:Envelope 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" 
    xmlns:tns="https://www.mydomain.com/edgedev/" 
    xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
    soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 
    xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <tns:HelloWorld xsi:nil="true" />
      </soap:Body>
</soap:Envelope>
SOAP::Transport::HTTP::Client::send_receive: 500 Can't connect to www.mydomain.com:443 (certificate verify failed)
Content-Type: text/plain
Client-Date: Tue, 12 Feb 2013 16:40:28 GMT
Client-Warning: Internal response

Can't connect to www.mydomain.com:443 (certificate verify failed)

You can disable hostname check by setting environment variable PERL_LWP_SSL_VERIFY_HOSTNAME=0

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/lib/perl5/vendor_perl/5.10.0/LWP/Protocol/http.pm line 57.
500 Can't connect to www.mydomain.com:443 (certificate verify failed) at ./soaptest.pl line 15

推荐答案

这里是如何安全地执行此操作，即不禁用SSL主机名检查。

Here is how to make this work securely, i.e. without disabling SSL hostname checking.

如果您正在使用带有CA签名证书的公共系统，则需要去poi nt LWP到您的发行版的根证书集合。在基于Debian的系统（Ubuntu等）下，该文件保存在 / etc / ssl / certs / 下。

If you're talking to a public system with a CA-signed certificate, you need to point LWP to your distribution's root certificate collection. Under a Debian-based system (Ubuntu, etc.), this is kept under /etc/ssl/certs/.

BEGIN {
    $ENV{HTTPS_CA_DIR} = '/etc/ssl/certs'
}

如果您正在使用自签名证书与自己的服务器通信，则可以在客户端上保存该证书的副本，并将脚本指向该特定服务器文件。

If you are talking to your own server with a self-signed certificate, you can save a copy of that certificate on the client, and point your script to that particular file.

BEGIN {
    $ENV{HTTPS_CA_FILE} = '/path/to/my/server-certificate.crt'
}

您可以改为在运行脚本之前在环境中进行设置（例如从外壳程序导出它们），也可以将设置直接应用于UserAgent对象。请参阅 LWP :: UserAgent文档更多细节;搜索 ssl_opts 。

You could instead set these in the environment before running your script (e.g. export them from your shell), or you could apply the settings directly to your UserAgent object. See the LWP::UserAgent documentation for more details; search for ssl_opts.

这篇关于Perl：无法使用SSL访问Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！