I am trying to connect to webservice server with perl script from the client machine SunOS 5.10 without success.
I'm using ActivePerl 5.8.8, with some other installed librairies. I have also installed libssl0_9_8 with cacertificates dependencie.
Note the team in charge of webservice from server side said me that no certificates are managed from their side.
I have read lot of forums but I have no clear answer about this problem. I use the following in my script :
use SOAP::Lite; use SOAP::Lite +trace => 'all'; $ENV{HTTPS_DEBUG} = 1; my $server = $conf->param("Server"); my $url = "https://$server:443/services"; my $service = SOAP::Lite->proxy("$url/service") or die $logger->error("Error: WebService $!"); When I launch my script, it produces the following :
bash-3.2# ./GetTest.pl SOAP::Transport::new: () SOAP::Serializer::new: () SOAP::Deserializer::new: () SOAP::Parser::new: () SOAP::Lite::new: () SOAP::Transport::HTTP::Client::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Lite::call: () SOAP::Serializer::envelope: () SOAP::Serializer::envelope: getInterface SOAP::Data=HASH(0x1003e0c) SOAP::Data=HASH(0x1003b18) SOAP::Data=HASH(0x1003bd8) SOAP::Data=HASH(0x1003ce0) SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Data::new: () SOAP::Transport::HTTP::Client::send_receive: HTTP::Request=HASH(0x100368c) SOAP::Transport::HTTP::Client::send_receive: POST https://<SERVER>:443/axis2/services/Service HTTP/1.1 Accept: text/xml Accept: multipart/* Accept: application/soap Content-Length: 875 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://...#getInterface" ... SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL3 alert write:fatal:handshake failure SSL_connect:error in SSLv3 read server hello A SSL_connect:before/connect initialization SSL_connect:SSLv2 write client hello A SSL_connect:failed in SSLv2 read server hello A SOAP::Transport::HTTP::Client::send_receive: HTTP::Response=HASH(0x77c3e8) SOAP::Transport::HTTP::Client::send_receive: 500 SSL negotiation failed: Content-Type: text/plain Client-Date: Mon, 09 Mar 2015 10:27:04 GMT Client-Warning: Internal response 500 SSL negotiation failed: SOAP::Deserializer::deserialize: () SOAP::Parser::decode: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Transport::HTTP::Client::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Transport::DESTROY: () SOAP::Serializer::DESTROY: () SOAP::Data::DESTROY: () SOAP::Data::DESTROY: () SOAP::Deserializer::DESTROY: () SOAP::Parser::DESTROY: () SOAP::Lite::DESTROY: () Note that some outputs have been hidden.
I'll be happy to provide you more information if you need to help me for resolution.
EDIT :
I have tested with openssl utility the connection to server and it seems work :
bash-3.2# openssl s_client -connect <server>:443 -tls1 CONNECTED(00000004) depth=1 /C=FR/ST=Alpes-Maritimes/... verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain ... --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAds... -----END CERTIFICATE----- ... --- No client certificate CA names sent --- SSL handshake has read 1886 bytes and written 260 bytes --- New, TLSv1/SSLv3, Cipher is ... Server public key is 1024 bit Secure Renegotiation IS NOT supported SSL-Session: Protocol : TLSv1 Cipher : ... Verify return code: 19 (self signed certificate in certificate chain) --- We can see that I have to use TLSv1/SSLv3 to make it work. Note that I have tested this command with lower version and it doesn't work.
What can I do ? Upgrade ActivePerl to 5.20 to take into account new specific librairies with supported TLSv1 ? Or others ?
Thanks in advance,