1. 技术文章
  2. 500 SSL negotiation failed with perl

500 SSL negotiation failed with perl

允我心安 提交于 2019-12-08 05:18:53

问题


I am trying to connect to webservice server with perl script from the client machine SunOS 5.10 without success.

I'm using ActivePerl 5.8.8, with some other installed librairies. I have also installed libssl0_9_8 with cacertificates dependencie.

Note the team in charge of webservice from server side said me that no certificates are managed from their side.

I have read lot of forums but I have no clear answer about this problem. I use the following in my script :

use SOAP::Lite;
use SOAP::Lite +trace => 'all';
$ENV{HTTPS_DEBUG} = 1;
my $server = $conf->param("Server");
my $url = "https://$server:443/services";
my $service = SOAP::Lite->proxy("$url/service") or die $logger->error("Error: WebService $!");

When I launch my script, it produces the following :

bash-3.2# ./GetTest.pl 
SOAP::Transport::new: ()
SOAP::Serializer::new: ()
SOAP::Deserializer::new: ()
SOAP::Parser::new: ()
SOAP::Lite::new: ()
SOAP::Transport::HTTP::Client::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Lite::call: ()
SOAP::Serializer::envelope: ()
SOAP::Serializer::envelope: getInterface SOAP::Data=HASH(0x1003e0c) SOAP::Data=HASH(0x1003b18) SOAP::Data=HASH(0x1003bd8) SOAP::Data=HASH(0x1003ce0)
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Transport::HTTP::Client::send_receive: HTTP::Request=HASH(0x100368c)
SOAP::Transport::HTTP::Client::send_receive: POST https://<SERVER>:443/axis2/services/Service HTTP/1.1
Accept: text/xml
Accept: multipart/*
Accept: application/soap
Content-Length: 875
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://...#getInterface"
...
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert write:fatal:handshake failure
SSL_connect:error in SSLv3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
SOAP::Transport::HTTP::Client::send_receive: HTTP::Response=HASH(0x77c3e8)
SOAP::Transport::HTTP::Client::send_receive: 500 SSL negotiation failed:
Content-Type: text/plain
Client-Date: Mon, 09 Mar 2015 10:27:04 GMT
Client-Warning: Internal response

500 SSL negotiation failed:
SOAP::Deserializer::deserialize: ()
SOAP::Parser::decode: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Transport::HTTP::Client::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Transport::DESTROY: ()
SOAP::Serializer::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Deserializer::DESTROY: ()
SOAP::Parser::DESTROY: ()
SOAP::Lite::DESTROY: ()

Note that some outputs have been hidden.

I'll be happy to provide you more information if you need to help me for resolution.

EDIT :

I have tested with openssl utility the connection to server and it seems work :

bash-3.2# openssl s_client -connect <server>:443 -tls1
CONNECTED(00000004)
depth=1 /C=FR/ST=Alpes-Maritimes/...
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
...
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAds...
-----END CERTIFICATE-----
...
---
No client certificate CA names sent
---
SSL handshake has read 1886 bytes and written 260 bytes
---
New, TLSv1/SSLv3, Cipher is ...
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ...
    Verify return code: 19 (self signed certificate in certificate chain)
---

We can see that I have to use TLSv1/SSLv3 to make it work. Note that I have tested this command with lower version and it doesn't work.

What can I do ? Upgrade ActivePerl to 5.20 to take into account new specific librairies with supported TLSv1 ? Or others ?

Thanks in advance,

来源:https://stackoverflow.com/questions/28940024/500-ssl-negotiation-failed-with-perl

标签
perl
ssl
soaplite
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!