Hi,
I have a Perl script that fails on iPlanet web servers, but works on all the
others I have encountered. Below is the script and the outputs from a
failed fetch and a successful fetch.
Perhaps iPlanet is looking for a slightly different format in the cert and
key files? I'd appreciate any help you may be to offer.
Thanks,
John
------------------------------------
o PERL Script
#!/usr/bin/perl
use strict;
use LWP::UserAgent;
my $ua;
my $request;
my $response;
#$ENV{HTTPS_VERSION} = '3';
$ENV{HTTPS_DEBUG} = 8;
$ENV{HTTPS_CERT_FILE} = '/x/fwire/apl/dt_cl.crt';
$ENV{HTTPS_KEY_FILE} = '/x/fwire/apl/dt.key';
print "url is $url\n";
$ua = LWP::UserAgent->new();
$request = new HTTP::Request('GET', $url );
$response = $ua->request($request);
------------------------------------
o DEBUG output from URL that fails:
ieh1: perl df.pl
url is https://www.rmao.com/OASIS/CSU/data/LIST?LIST_NAME=LIST&FMT=DATA
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:certificate unknown
SSL_connect:failed in SSLv3 read finished A
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:certificate unknown
SSL_connect:failed in SSLv3 read finished A
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:SSLv2 read server hello A
SSL_connect:SSLv2 write client master key A
SSL_connect:SSLv2 client start encryption
SSL_connect:SSLv2 write client finished A
SSL_connect:SSLv2 read server verify A
SSL_connect:SSLv2 read server finished A
SSL_connect:SSLv2 write client certificate A
SSL_connect:error in SSLv2 read server finished A
===> response as string is:
500 (Internal Server Error) SSL negotiation failed: error:1406C0C8:SSL
routines:GET_SERVER_FINISHED:peer error
Client-Date: Mon, 22 Jul 2002 22:13:06 GMT
------------------------------------
o DEBUG output from URL that works:
ieh1: df.pl
url is https://vacar.jtsin.com/OASIS/DUK/data/LIST?LIST_NAME=LIST&FMT=DATA
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
===> response as string is:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Jul 2002 22:18:11 GMT
Server: Microsoft-IIS/4.0
Content-Type: text/x-oasis-csv
Client-Date: Mon, 22 Jul 2002 22:15:43 GMT
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=Digital Signature Trust Co./OU=TrustID
Server/CN=TrustID Server CA A5
Client-SSL-Cert-Subject: /C=US/O=ISO NEW ENGLAND/OU=ISO NEW
ENGLAND/CN=vacar.jtsin.com
Client-SSL-Cipher: RC4-MD5
Client-SSL-Warning: Peer certificate not verified
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
