StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow can I get LWP to validate SSL server certificates?
primarykey
Id
74358
data
AcceptedAnswerId
5329129
AnswerCount
8
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2008-09-16T16:41:49.597
FavoriteCount
18
LastActivityDate
2018-06-14T17:50:31.747
LastEditDate
2017-05-23T10:29:36.727
LastEditorUserId
-1
OwnerUserId
8355
ParentId
0
PostTypeId
1
Score
44
ViewCount
77606
LastEditorDisplayName
cjm
text
Body
How can I get <a href="http://search.cpan.org/perldoc?LWP" rel="nofollow noreferrer">LWP</a> to verify that the certificate of the server I'm connecting to is signed by a trusted authority and issued to the correct host? As far as I can tell, it doesn't even check that the certificate claims to be for the hostname I'm connecting to. That seems like a major security hole (especially with the recent DNS vulnerabilities). Update: It turns out what I really wanted was <code>HTTPS_CA_DIR</code>, because I don't have a ca-bundle.crt. But <code>HTTPS_CA_DIR=/usr/share/ca-certificates/</code> did the trick. I'm marking the answer as accepted anyway, because it was close enough. Update 2: It turns out that <code>HTTPS_CA_DIR</code> and <code>HTTPS_CA_FILE</code> only apply if you're using Net::SSL as the underlying SSL library. But LWP also works with IO::Socket::SSL, which will ignore those environment variables and happily talk to any server, no matter what certificate it presents. Is there a more general solution? Update 3: Unfortunately, the solution still isn't complete. Neither Net::SSL nor IO::Socket::SSL is checking the host name against the certificate. This means that someone can get a legitimate certificate for some domain, and then impersonate any other domain without LWP complaining. Update 4: <a href="http://search.cpan.org/dist/libwww-perl/" rel="nofollow noreferrer">LWP 6.00</a> finally solves the problem. See <a href="https://stackoverflow.com/questions/74358/how-can-i-get-lwp-to-validate-ssl-server-certificates#5329129">my answer</a> for details.
Tags
<perl><ssl><https><lwp>
Title
How can I get LWP to validate SSL server certificates?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. UScjm
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHow can I get LWP to validate SSL server certificates?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POHow can I get LWP to validate SSL server certificates?
 UserUserId
 USjeff
 VoteTypeVoteTypeId
 VTFavorite
3. VO
 singulars
 PostPostId
 POHow can I get LWP to validate SSL server certificates?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.