Scripts broke after upgrading LWP “certificate verify failed”

前端 未结 4 940
一整个雨季
一整个雨季 2021-01-07 20:11

I have a lot of scripts, most of them based around WWW::Mechanize that scrape data off of misc hardware that is accessible via HTTPs. After upgrading most of my

4条回答
  •  星月不相逢
    2021-01-07 20:17

    Say I want to tell you something, and I don't want anyone else to know it. We'd arrange a password, and I'd use it to encrypt the message, then I'd send you the message.

    What if I didn't make sure the person to whom I gave the password and encrypted message was you? Then any number of people could simply impersonate you and the encryption would be for naught. That was the state of LWP's HTTPS support until recently.

    Now, LWP actually checks to whom it's talking unless you ask LWP to behave as it once did. You can do that using:

    my $ua = LWP::UserAgent->new(
       ssl_opts => { verify_hostname => 0 },
    );
    

    If you want to affect all LWP::UserAgent instances in your script without specifying the option all over the place, you can add the following to your script

    $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
    

    Or you can launch your script as follows:

    PERL_LWP_SSL_VERIFY_HOSTNAME=0 script.pl
    

    Finally, if you want LWP to always be unsafe, you can add the following to your login script:

    export PERL_LWP_SSL_VERIFY_HOSTNAME=0
    

    However, I recommend none of the above. The far better option would be to provide the certificate for the host to which you are communicating. (This is the equivalent of adding an exception in Firefox, if you know what I mean.) See the documentation for $ua->ssl_opts.

提交回复
热议问题