Loading ...
Sorry, an error occurred while loading the content.

6619Re: Failing to connect with webservice when using SSL with ClientAuth

Expand Messages
  • noorarshad
    Jun 7, 2012
    • 0 Attachment
      Thanks to Mark Allen on the LWP mailing list, the answer can be found here:

      http://www.mail-archive.com/libwww@.../msg06964.html

      (In case that link doesn't work for any reason, the brief answer is: I had to include "use Net::SSL;" in my Perl program to make it work. Apparently, the newer LWP module uses the IO::Socket::SSL module instead of the older Net::SSL, which ignores the environment variables in the program pointing to my digital certificates. By forcing the program to use Net::SSL, it picks up the variables and works fine).

      Arshad

      --- In soaplite@yahoogroups.com, "noorarshad" <arshad@...> wrote:
      >
      > Hi,
      >
      > I'm new to SOAPLite and am struggling to solve this problem; hopefully, someone more knowledgeable can help me get past this.
      >
      > Using this small program, I'm trying to establish an SSL Client-Authenticated session to request a web-service:
      >
      > --------------------
      > #!perl -w
      >
      > use SOAP::Lite +trace;
      >
      > $ENV{HTTPS_CA_FILE} = "certs/my-ca.pem";
      > $ENV{HTTPS_CERT_FILE} = "certs/client-cert.pem";
      > $ENV{HTTPS_KEY_FILE} = "certs/client-pvkey.pem";
      > $ENV{HTTPS_CERT_PASS} = "ejbca";
      > $ENV{HTTPS_DEBUG} = 1;
      >
      > print SOAP::Lite
      > -> uri('http://ws.protocol.core.ejbca.org')
      > -> proxy('https://atlas.mysite.com:8443/ejbca/ejbcaws/ejbcaws')
      > -> getAvailableCAs()
      > -> result;
      > --------------------
      >
      > It consistently fails. The error in the trace is summarized below:
      >
      > ***************
      > Client-Warning: Internal response
      >
      > Can't connect to atlas.mysite.com:8443
      >
      > LWP::Protocol::https::Socket: SSL connect attempt failed because of handshake problems error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate at /home/anoor/perl/lib/perl5/LWP/Protocol/http.pm line 51.
      > ***************
      >
      > More data-points:
      >
      > - I'm using all current versions of the required modules;
      >
      > - There is no proxy involved;
      >
      > - openssl s_client works perfectly with the certs/keys/CA files
      > shown in the perl program; I am able to connect and request a
      > page from the site;
      >
      > - The net-ssl-test script from the Crypt-SSLeay-0.58 module is also
      > able to connect with the above-mentioned certs/key;
      >
      > - The web-service is definitely working because I am able to verify
      > that the service returns a response when tested with SOAPUI;
      >
      > - The client, server and CA certificates are all using the
      > RSAwithSHA256 algorithm for the CA's signature (not sure if this
      > is relevant; from what I understand SOAPLite ultimately relies on
      > the OpenSSL library for the crypto work, so it ought to work given
      > that s_client does.
      >
      > What am I missing here? Thanks, in advance, for your suggestions.
      >
      > Arshad
      >
    • Show all 2 messages in this topic