Bootstrap

Perl (Scripting) - insecure SSL certificates with the LWP::UserAgent REST API module

by Jeremy Canfield | Updated: June 20 2024 | Perl (Scripting) articles

LWP::UserAgent can be used to issue a request to a URL and return the response, such as a GET or POST request. If the connection produces SSL failures and you trust the URL being requested, ssl_opts verify_hostname can be set to 0 (disabled).

For example, let's say a request to https://foo.example.com/api should return "Hello World", and Dumper can be used to display the response.

#!/usr/bin/perl
use strict;
use warning;
use LWP::UserAgent;
use Data::Dumper;

my $ua = LWP::UserAgent->new;
my $request = HTTP::Request->new(GET => "https://foo.example.com/api");
my $response = $ua->request($request);

print Dumper $response;

Let's say something like this is being returned. Notice in this example that the output contains "certificate verify failed".

$VAR1 = bless( {
                 '_rc' => 500,
                 '_msg' => 'Can\'t connect to foo.example.com:443 (certificate verify failed)',
                 '_headers' => bless( {
                                        'client-date' => 'Tue, 25 Jun 2024 04:26:08 GMT',
                                        'client-warning' => 'Internal response',
                                        'content-type' => 'text/plain',
                                        '::std_case' => {
                                                          'client-date' => 'Client-Date',
                                                          'client-warning' => 'Client-Warning'
                                                        }
                                      }, 'HTTP::Headers' ),
                 '_max_body_size' => undef,
                 '_content' => 'Can\'t connect to foo.example.com:443 (certificate verify failed)

SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/local/bin/perl5.38.2/lib/site_perl/5.38.2/LWP/Protocol/http.pm line 49.
',
                 '_request' => bless( {
                                        '_max_body_size' => undef,
                                        '_headers' => bless( {
                                                               '0' => 'xxx',
                                                               '::std_case' => {
                                                                                 '0' => '0'
                                                                               },
                                                               'user-agent' => 'libwww-perl/6.77',
                                                               'authorization' => 'Basic abc123'
                                                             }, 'HTTP::Headers' ),
                                        '_content' => '',
                                        '_method' => 'GET',
                                        '_uri' => bless( do{\(my $o = 'https://foo.example.com/api')}, 'URI::https' )
                                      }, 'HTTP::Request' )
               }, 'HTTP::Response' );

Sometimes, this can be resolved by telling LWP::UserAgent to not verify hostnames using ssl_opts( verify_hostname => 0 ) like this.

my $ua = LWP::UserAgent->new;
$ua->ssl_opts( verify_hostname => 0 );

Or like this.

my $ua = LWP::UserAgent->new(
  ssl_opts{ verify_hostname => 0 }
);

Or, if the issue persists, the following before my $ua = LWP::UserAgent->new(); may do the trick.

use IO::Socket::SSL;
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
IO::Socket::SSL::set_ctx_defaults(
  SSL_verifycn_scheme => 'www',
  SSL_verify_mode => 0,
);


my $ua = LWP::UserAgent->new();

Did you find this article helpful?

If so, consider buying me a coffee over at

Comments

November 07 2024 by gloaizaq

You're a life saver, I had a problem with SOAP::Lite and WSDL and the last part of your post helped me solve it. Thank you!

Did you find this article helpful?

Comments

Add a Comment