On 5/25/2015 12:31 PM, Lawrence Statton
wrote:
I sent this to the list, but it seems to have gotten clogged in
the tubes ... here's another copy
-------- Forwarded Message --------
Subject: Re: LWP/Protocol Errors
Date: Mon, 25 May 2015 12:13:11 -0500
From: Lawrence Statton <lawre...@cluon.com>
To: beginners@perl.org
On 05/25/2015 12:02 PM, Mike Blezien wrote:
Hello,
I recently setup a Paypal IPN script which worked fine for some
time now
but now all of a sudden I keep getting these error message:
*
**Can't connect to www.paypal.com:443 (certificate verify
failed)**
**LWP::Protocol::https::Socket: SSL connect attempt failed with
unknown
error error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
at
/usr/local/share/perl5/LWP/Protocol/http.pm line 41.
*I use same IPN script on other servers without any issues
except one.
Is it possible that port 443 is being block or not open due a
firewall
on the server?
Any suggestion would be appreciated.
--
While it is *POSSIBLE* that a blocked port is causing your grief,
that
is not the most likely explanation.
Has it *NEVER* worked on this server, or worked until recently?
Your
email was vague on this point.
The exact error is telling you that the OpenSSL library (which is
ultimately where LWP gets its SSL support) cannot verify the
origin of
the certificate chain that Paypal is offering.
Compare the contents of /etc/ssl/certs (the exact directory will
vary
based on which Linux distribution you are using, but it will be
something similar) on a 'working' server with the 'not-working'
server.
openssl s_client will allow you to attempt a connection and turn
on
substantial diagnostics to see the certificate that is being
offered by
the server, and (most importantly) the issuer for that certificate
and
the issuer's hash -- which will lead you to find the correct CA
cert you
need to add.
(Alternatively, if your problem *is* a blocked port, you will get
enough
diagnostic from s_client to show you that it can't even GET the
server's
cert -- but the error message makes me 99% certain that you are
already
past that point in the SSL handshake)
After further investigation running the following command from
the shell prompt:
openssl s_client -host paypal.com -port 443
I get these results:
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and
written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
This is first time using this paypal script on this server and has
not worked yet. I've used similar script on other servers without
issues or other problems. Is this a port issue or something
else?
thanks,
Mike
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
|
