perl 客户端 SSL 警告:对等证书未验证
我在使用 Perl 屏幕抓取程序访问 HTTPS 站点时遇到问题。 在调试中,我运行了以下命令:
print $res->headers_as_string;
在输出中,我有以下行:
Client-SSL-Warning: Peer certificate not verified
有没有办法可以自动接受此证书,或者这不是问题?
#!/usr/bin/perl
use LWP::UserAgent;
use Crypt::SSLeay::CTX;
use Crypt::SSLeay::Conn;
use Crypt::SSLeay::X509;
use LWP::Simple qw(get);
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => 'https://vzw-cat.sun4.lightsurf.net/vzwcampaignadmin/');
my $res = $ua->request($req);
print $res->headers_as_string;
输出:
Cache-Control: no-cache
Connection: close
Date: Tue, 01 Jun 2010 19:28:08 GMT
Pragma: No-cache
Server: Apache
Content-Type: text/html
Expires: Wed, 31 Dec 1969 16:00:00 PST
Client-Date: Tue, 01 Jun 2010 19:28:09 GMT
Client-Peer: 64.152.68.114:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Client-SSL-Cert-Subject: /C=US/ST=Massachusetts/L=Boston/O=verizon wireless/OU=TERMS OF USE AT WWW.VERISIGN.COM/RPA (C)00/CN=PSMSADMIN.VZW.COM
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Client-Transfer-Encoding: chunked
Link: <css/vtext_style.css>; rel="stylesheet"; type="text/css"
Set-Cookie: JSESSIONID=DE6C99EA2F3DD1D4DF31456B94F16C90.vz3; Path=/vzwcampaignadmin; Secure
Title: Verizon Wireless - Campaign Administrator
更新: 我
$ENV{HTTPS_CA_FILE} = 'certs/PSMSADMIN.VZW.COM';
$ENV{HTTPS_CA_DIR} = 'certs/';
按照下面的建议添加了。我还打开了调试:
$ENV{HTTPS_DEBUG} = 1;
这是我的输出:
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:error in SSLv2 read server hello B
content: 500 SSL negotiation failed: error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed
我尝试忽略失败,但问题是这是页面上现在唯一的东西,所以没有登录表单或任何东西。
I am having trouble with a perl screenscraper to an HTTPS site.
In debugging, I ran the following:
print $res->headers_as_string;
and in the output, I have the following line:
Client-SSL-Warning: Peer certificate not verified
Is there a way I can auto-accept this certificate, or is that not the problem?
#!/usr/bin/perl
use LWP::UserAgent;
use Crypt::SSLeay::CTX;
use Crypt::SSLeay::Conn;
use Crypt::SSLeay::X509;
use LWP::Simple qw(get);
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => 'https://vzw-cat.sun4.lightsurf.net/vzwcampaignadmin/');
my $res = $ua->request($req);
print $res->headers_as_string;
output:
Cache-Control: no-cache
Connection: close
Date: Tue, 01 Jun 2010 19:28:08 GMT
Pragma: No-cache
Server: Apache
Content-Type: text/html
Expires: Wed, 31 Dec 1969 16:00:00 PST
Client-Date: Tue, 01 Jun 2010 19:28:09 GMT
Client-Peer: 64.152.68.114:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Client-SSL-Cert-Subject: /C=US/ST=Massachusetts/L=Boston/O=verizon wireless/OU=TERMS OF USE AT WWW.VERISIGN.COM/RPA (C)00/CN=PSMSADMIN.VZW.COM
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Client-Transfer-Encoding: chunked
Link: <css/vtext_style.css>; rel="stylesheet"; type="text/css"
Set-Cookie: JSESSIONID=DE6C99EA2F3DD1D4DF31456B94F16C90.vz3; Path=/vzwcampaignadmin; Secure
Title: Verizon Wireless - Campaign Administrator
UPDATE:
I added
$ENV{HTTPS_CA_FILE} = 'certs/PSMSADMIN.VZW.COM';
$ENV{HTTPS_CA_DIR} = 'certs/';
as suggested below. I also turned on debugging:
$ENV{HTTPS_DEBUG} = 1;
Here is my output:
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:error in SSLv2 read server hello B
content: 500 SSL negotiation failed: error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed
I try to ignore the failure, but the problem is that that is the only thing on the page now, so no login form or anything.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
据我所知,这只是一个警告。该站点上的证书与域不匹配,因此 perl (理所当然地)抱怨它。如果您实际上像这样打开对等证书验证:
您将得到以下输出:
有一个名为
Net::SSL中的get_peer_verify(其中Crypt::SSLeay< /code> 提供),它返回是否需要对等验证。我相信它是在 2001 年左右添加的,以便启用此功能要隐藏的消息。 2002 年的此补丁声称在对等时关闭警告验证不是所希望的,但我认为它从未被应用过。简而言之,您可能可以忽略该警告,除非您打算进行验证,在这种情况下,我会说将根证书添加到您的
CA_DIR和CA_FILE中。但由于证书的域与服务器的域不匹配,我什至不确定这是否有帮助。As near as I can tell, this is only a warning. The certificate on that site does not match the domain, so perl is (rightfully) complaining about it. If you actually turn on peer certificate verification like so:
You'll get this as your output:
There is a method named
get_peer_verifyinNet::SSL(whichCrypt::SSLeayprovides) which returns whether or not peer verification is desired. I believe it was added in 2001 or so in order to enable this message to be hidden. This patch from 2002 claims to turn off the warning when peer verification is not desired, but I don't think it was ever applied.So in short, you can probably ignore the warning unless you mean to be doing verification, in which case I'd say add the root cert to your
CA_DIRandCA_FILE. But since the cert's domain doesn't match the domain of the server, I'm not even sure that this will help.