Perl: Cannot Access Web Service with SSL

后端 未结 8 693
礼貌的吻别
礼貌的吻别 2021-01-21 12:28

This is my first Perl script. I have installed SOAP::Lite using CPAN and it seems to have gone okay.

I\'m trying to access a simple HelloWorld .NET web service. I\'m get

相关标签:
8条回答
  • 2021-01-21 12:38

    Just found this thread, and everything was very useful to me, thanks!

    I wanted to added my "solution", which is a variation on the previous ones, in case it helps someone else.

    Adding

    $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
    

    is definitely key. However, this causes a big warning to come out of IO::Socket::SLL:

    *******************************************************************
     Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
     is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
     together with SSL_ca_file|SSL_ca_path for verification.
     If you really don't want to verify the certificate and keep the
     connection open to Man-In-The-Middle attacks please set
     SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
    *******************************************************************
    

    The way to get rid of that warning was to add these lines:

    use IO::Socket::SSL;
    IO::Socket::SSL::set_defaults(SSL_verify_mode => "SSL_VERIFY_NONE");
    

    In addition to the original $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}, that should work no matter what client you're using (LWP::UserAgent, RPC::XML::Client, SOAP::Lite, etc.).

    Hope that helps someone else!

    0 讨论(0)
  • 2021-01-21 12:39

    $soap->{_transport}->{_proxy}->{ssl_opts}->{verify_hostname} = 0;

    0 讨论(0)
  • 2021-01-21 12:41

    Here is how to make this work securely, i.e. without disabling SSL hostname checking.

    If you're talking to a public system with a CA-signed certificate, you need to point LWP to your distribution's root certificate collection. Under a Debian-based system (Ubuntu, etc.), this is kept under /etc/ssl/certs/.

    BEGIN {
        $ENV{HTTPS_CA_DIR} = '/etc/ssl/certs'
    }
    

    If you are talking to your own server with a self-signed certificate, you can save a copy of that certificate on the client, and point your script to that particular file.

    BEGIN {
        $ENV{HTTPS_CA_FILE} = '/path/to/my/server-certificate.crt'
    }
    

    You could instead set these in the environment before running your script (e.g. export them from your shell), or you could apply the settings directly to your UserAgent object. See the LWP::UserAgent documentation for more details; search for ssl_opts.

    0 讨论(0)
  • 2021-01-21 12:42

    Boy did this work for me! I threw this into stubmaker.pl and my script which uses the stubmaker.pl output.

    IO::Socket::SSL::set_defaults(SSL_verify_mode => "SSL_VERIFY_NONE");
    use SOAP::Lite +trace => qw( debug );
    
    $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0; 
    
    0 讨论(0)
  • 2021-01-21 12:42

    You need to tell LWP to not do hostname checking. For me this only worked using an environment variable, not by setting an option in SOAP::Lite objects:

    $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0;
    
    0 讨论(0)
  • 2021-01-21 12:43

    Or add in your code before calling SOAP method:

    $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
    
    0 讨论(0)
提交回复
热议问题