Loading ...
Sorry, an error occurred while loading the content.

6586"Peer certificate not verified" errors

Expand Messages
  • Karl Boyken
    Jul 11, 2011
      We use SOAP::Lite to connect to a service on campus.  The service is moving from Thawte to InCommon for certificates; InCommon uses Comodo.  The new server certificate is 2048-bit.  Our code works with the old certificate, but not the new one.  We're using SOAPLite 0.710.08 with Perl 5.8.8 on RedHat Linux Enterprise Client 5.6.  We've also tried SOAPLite 0.712 with Perl 5.14.0 on Red Hat Enterprise Linux Server 6.1 and we get the same error.  Others on campus have also had errors with Perl 5.8.9 on RedHat 5.4 with SOAPLite v 0.710.10.  .NET and Python implementations work.


      "openssl s_client -showcerts" shows a 3-certificate chain on the server:

      CN=dnawebtesting.iowa.uiowa.edu
      CN=COMODO High-Assurance Secure Server CA
      CN=AddTrust External CA Root


      Here is the SSL output from a query:

      Client-SSL-Cert-Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
      Client-SSL-Cert-Subject: /C=US/postalCode=52242/ST=IA/L=Iowa City/streetAddress=16 Lindquist Center/streetAddress=The University of Iowa/streetAddress=ITS Enterprise Infrastructure Windows Services Group/O=University of Iowa/OU=ITS-EI-WSG/OU=PlatinumSSL/CN=dnawebtesting.iowa.uiowa.edu
      Client-SSL-Cipher: RC4-SHA
      Client-SSL-Warning: Peer certificate not verified


      Thisis the output received:

      <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Server did not recognize the value of HTTP Header SOAPAction: https://dnawebtesting.iowa.uiowa.edu/DNAData/MetaPeople/GetData.</faultstring><detail /></soap:Fault></soap:Body></soap:Envelope>


      When I turn on debugging for Crypt::SSLeay (via the HTTPS_DEBUG environtment variable), I get this:

      SSL_connect:before/connect initialization
      SSL_connect:SSLv2/v3 write client hello A
      SSL_connect:SSLv3 read server hello A
      SSL_connect:SSLv3 read server certificate A
      SSL_connect:SSLv3 read server done A
      SSL_connect:SSLv3 write client key exchange A
      SSL_connect:SSLv3 write change cipher spec A
      SSL_connect:SSLv3 write finished A
      SSL_connect:SSLv3 flush data
      SSL_connect:SSLv3 read finished A


      This is the same Crypt::SSLeay output I get when I turn on debugging against the production server.

      Any help would be much appreciated.  I'm under some pressure to abandon Perl and use Python.  Thanks!

      Karl Boyken

      -- 
      Karl Boyken, system administrator karl-boyken@...
      303A MLH, Dept. of Comp. Sci. http://www.cs.uiowa.edu/~boyken/
      The U. of Iowa, Iowa City, IA  52242   319-335-2730 (voice) 319-335-3668 (fax)
    • Show all 5 messages in this topic