Initial version
authorJ. Hendrix <gitweb@localhost>
Sun, 31 Jan 2016 17:44:23 +0000 (18:44 +0100)
committerJ. Hendrix <gitweb@localhost>
Sun, 31 Jan 2016 17:44:23 +0000 (18:44 +0100)
NOTES.txt [new file with mode: 0644]
perlHttps

diff --git a/NOTES.txt b/NOTES.txt
new file mode 100644 (file)
index 0000000..80d12a4
--- /dev/null
+++ b/NOTES.txt
@@ -0,0 +1,16 @@
+Symptom:
+       500 Can't connect to www.hackinfo.nl:443 (certificate verify failed)
+       LWP::Protocol::https::Socket: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm
+
+Cause:
+       The certificate store is not properly configured or doesn't have a matching certificate.
+
+Solution:
+       Either use the system certificate store:
+               $browser->ssl_opts( SSL_ca_path => "/etc/ssl/certs/" );
+       This is automatically updated from repositories when the system is patched and therefore has preference.
+
+       or use Mozilla::CA:
+               $browser->ssl_opts( SSL_ca_file => "./Mozilla-CA-20160104/lib/Mozilla/CA/cacert.pem" );
+       This needs to be downloaded from CPAN or GitHub:
+               git clone https://github.com/gisle/mozilla-ca.git
index 5d22d42..3e521f3 100755 (executable)
--- a/perlHttps
+++ b/perlHttps
@@ -18,8 +18,9 @@ $browser->ssl_opts( verify_hostname => 1 );
 #$browser->ssl_opts( SSL_ca_path => "/etc/ssl/certs/" );
 
 # This uses Mozilla::CA. Not automatically updated!
-# Download and untar: http://search.cpan.org/CPAN/authors/id/A/AB/ABH/Mozilla-CA-20160104.tar.gz
-$browser->ssl_opts( SSL_ca_file => "./Mozilla-CA-20160104/lib/Mozilla/CA/cacert.pem" );
+# Download from git:
+#   git clone https://github.com/gisle/mozilla-ca
+$browser->ssl_opts( SSL_ca_file => "./mozilla-ca/lib/Mozilla/CA/cacert.pem" );
 
 my $response = $browser->get( "$url" , 'Accept-Encoding' => $can_accept );
 if ( ! $response->is_success ) { warn "Can't get $url -- ", $response->status_line; }