: invalid security certificate

James E Keenan Thu, 02 Apr 2020 11:12:45 -0700

On 4/2/20 1:23 PM, Slaven Rezic wrote:

Hi James,
I can confirm that the certificate is marked as invalid in my firefox,and also if calling the URL with lwp-request. However, myTest::Reporter-based report sender still works. It's just workingbecause Test::Reporter::Transport::Metabase is using HTTP::Tiny, andHTTP::Tiny does not do certificate validation by default (see theverify_SSL option). Works:
perl5.31.10 -MData::Dumper -MHTTP::Tiny -e 'warnDumper(HTTP::Tiny->new->get("https://metabase.cpantesters.org/api/v1/";))'

With this (albeit with perl-5.30.0 and after installing IO::Socket::SSLand Net::SSLeay), I got a 404:


#####

$ perl -MData::Dumper -MHTTP::Tiny -e 'warnDumper(HTTP::Tiny->new->get("https://metabase.cpantesters.org/api/v1/";))'

$VAR1 = {
          'protocol' => 'HTTP/1.1',
          'status' => '404',
          'url' => 'https://metabase.cpantesters.org/api/v1/',
          'content' => '<!DOCTYPE html>
...
',
          'reason' => 'Not Found',
          'success' => '',
          'headers' => {
                         'via' => [
                                    '1.1 varnish',
                                    '1.1 varnish'
                                  ],
                         'age' => '0',
                         'content-length' => '20240',
                         'x-cache-hits' => '0, 0',
                         'x-cache' => 'MISS, MISS',

'x-served-by' => 'cache-lcy19261-LCY,cache-bos4650-BOS',

                         'date' => 'Thu, 02 Apr 2020 18:02:37 GMT',
                         'connection' => 'keep-alive',
                         'server' => 'Mojolicious (Perl)',
                         'x-timer' => 'S1585850556.546659,VS0,VE2416',
                         'accept-ranges' => 'bytes',
                         'content-type' => 'text/html;charset=UTF-8'
                       }
        };
#####

Fails:
perl5.31.10 -MData::Dumper -MHTTP::Tiny -e 'warnDumper(HTTP::Tiny->new(verify_SSL=>1)->get("https://metabase.cpantesters.org/api/v1/";))'


With this, I got a 599:

#####

$ perl -MData::Dumper -MHTTP::Tiny -e 'warnDumper(HTTP::Tiny->new(verify_SSL=>1)->get("https://metabase.cpantesters.org/api/v1/";))'

$VAR1 = {
          'headers' => {
                         'content-length' => 81,
                         'content-type' => 'text/plain'
                       },

'content' => 'SSL connection failed formetabase.cpantesters.org: hostname verification failed

',
          'reason' => 'Internal Exception',
          'status' => 599,
          'url' => 'https://metabase.cpantesters.org/api/v1/',
          'success' => ''
        };
#####


Regards,
      Slaven


Thank you very much.
Jim Keenan

James E Keenan < jkee...@pobox.com <mailto:jkee...@pobox.com>> hat am2. April 2020 um 14:29 geschrieben:
Today I had occasion to call a program which uses
App::cpanminus::reporter. I have run programs with that module hundreds
of times before. The program failed with this output in the debugger.

#####
error loading Test::Reporter::Transport::Metabase. Please install the
missing module or choose a different transport mechanism.

at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm
line 21.
CPAN::Testers::Common::Client::Config::__ANON__[/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm:21]("\x{a}errorloading Test::Reporter::Transport::Metabase. Please in"...) called at/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pmline 87CPAN::Testers::Common::Client::Config::mywarn(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8),"\x{a}error loading Test::Reporter::Transport::Metabase. Pleasein"...) called at/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pmline 647CPAN::Testers::Common::Client::Config::_validate_transport(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8),"transport", "Metabase uri https://metabase.cpantesters.org/api/v1/id_file"...) called at error loadingTest::Reporter::Transport::Metabase. Please install the missing moduleor choose a different transport mechanism.
at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm
line 21.
CPAN::Testers::Common::Client::Config::__ANON__[/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm:21]("\x{a}errorloading Test::Reporter::Transport::Metabase. Please in"...) called at/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pmline 87CPAN::Testers::Common::Client::Config::mywarn(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8),"\x{a}error loading Test::Reporter::Transport::Metabase. Pleasein"...) called at/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pmline 647CPAN::Testers::Common::Client::Config::_validate_transport(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8),"transport", "Metabase uri https://metabase.cpantesters.org/api/v1/id_file"...) called at/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pmline 448CPAN::Testers::Common::Client::Config::_get_config_options(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8),HASH(0x806c7d5b8)) called at/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pmline 41CPAN::Testers::Common::Client::Config::read(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8))called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pmline 171App::cpanminus::reporter::_check_cpantesters_config_data(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900))called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pmline 219App::cpanminus::reporter::run(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900))called at cpanm-reporter.pl line 23
line 448
CPAN::Testers::Common::Client::Config::_get_config_options(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8),HASH(0x806c7d5b8)) called at/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pmline 41CPAN::Testers::Common::Client::Config::read(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8))called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pmline 171App::cpanminus::reporter::_check_cpantesters_config_data(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900))called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pmline 219App::cpanminus::reporter::run(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900))called at cpanm-reporter.pl line 23
#####

All the relevant modules are up to date on the machine where the program
was run.

I examined
/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm. I
zeroed in on the call to the internal method '_validate_transport'. I
entered this URL into my browser:

https://metabase.cpantesters.org/api/v1/

I got the standard Firefox "Warning: Potential Security Risk Ahead"
screen. When I clicked "Learn more...", I got:

#####
Websites prove their identity via certificates. Firefox does not trust
this site because it uses a certificate that is not valid for
metabase.cpantesters.org. The certificate is only valid for
c.sni.fastly.net.

Error code: SSL_ERROR_BAD_CERT_DOMAIN
#####

(Hat-tip to BingOS.)

How can we fix this or how can I work-around it?

Thank you very much.
Jim Keenan

Re: https://metabase.cpantesters.org/api/v1/: invalid security certificate

Reply via email to