Thread IO::Socket::SSL verweigert sich (11 answers)
Opened by bianca at 2018-05-28 15:17

GwenDragon
 2018-05-28 09:36
#188464 #188464
User since
2005-01-17
14746 Artikel
Admin1
[Homepage]
user image
Hast du das Problem mit Crypt::LE oder benutzt du das nicht hier?
Ich weiß ja nicht was du gerade machst.

Mein Test:
Strawberry Perl 5.24.3.1 32bit
IO-Socket-SSL-2.056.tar.gz
Net-SSLeay-1.85.tar.gz

Code (perl): (dl )
1
2
3
4
5
6
7
8
9
10
11
12
#!/usr/bin/perl

use strict;
use warnings;
use 5.024;
use IO::Socket::SSL qw(debug4);
IO::Socket::SSL->new(
        PeerAddr=>"gwendragon.de",
        PeerPort=>443,
        Proto=>"TCP",
        SSL_hostname => 'gwendragon.de'
) or die $!;


Ergibt bei mir mit 5.24:
Code: (dl )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
T:\>perl a.pl
DEBUG: .../IO/Socket/SSL.pm:2823: new ctx 44833392
DEBUG: .../IO/Socket/SSL.pm:675: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:677: socket connected
DEBUG: .../IO/Socket/SSL.pm:700: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:733: using SNI with hostname gwendragon.de
DEBUG: .../IO/Socket/SSL.pm:768: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:802: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2724: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:2677: ok=1 [2] /O=Digital Signature Trust Co./CN=DST Root CA X3/O=Digital Signature Trust Co./CN=DST Root CA X3
DEBUG: .../IO/Socket/SSL.pm:2677: ok=1 [1] /O=Digital Signature Trust Co./CN=DST Root CA X3/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
DEBUG: .../IO/Socket/SSL.pm:2677: ok=1 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=gwendragon.de
DEBUG: .../IO/Socket/SSL.pm:1741: scheme=default cert=58652336
DEBUG: .../IO/Socket/SSL.pm:1751: identity=gwendragon.de cn=gwendragon.de alt=2 gwendragon.de 2 www.gwendragon.de
DEBUG: .../IO/Socket/SSL.pm:805: done Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:860: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:2845: free ctx 44833392 open=44833392
DEBUG: .../IO/Socket/SSL.pm:2849: free ctx 44833392 callback
DEBUG: .../IO/Socket/SSL.pm:2856: OK free ctx 44833392

Mit 5.20:
Code: (dl )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
PERL-5.20 T:\>perl a.pl
DEBUG: .../IO/Socket/SSL.pm:2823: new ctx 49435656
DEBUG: .../IO/Socket/SSL.pm:675: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:677: socket connected
DEBUG: .../IO/Socket/SSL.pm:700: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:733: using SNI with hostname gwendragon.de
DEBUG: .../IO/Socket/SSL.pm:768: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:802: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2724: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:2677: ok=1 [2] /O=Digital Signature Trust Co./CN=DST Root CA X3/O=Digital Signature Trust Co./CN=DST Root CA X3
DEBUG: .../IO/Socket/SSL.pm:2677: ok=1 [1] /O=Digital Signature Trust Co./CN=DST Root CA X3/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
DEBUG: .../IO/Socket/SSL.pm:2677: ok=1 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=gwendragon.de
DEBUG: .../IO/Socket/SSL.pm:1741: scheme=default cert=57711216
DEBUG: .../IO/Socket/SSL.pm:1751: identity=gwendragon.de cn=gwendragon.de alt=2 gwendragon.de 2 www.gwendragon.de
DEBUG: .../IO/Socket/SSL.pm:805: done Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:860: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:2845: free ctx 49435656 open=49435656
DEBUG: .../IO/Socket/SSL.pm:2849: free ctx 49435656 callback
DEBUG: .../IO/Socket/SSL.pm:2856: OK free ctx 49435656



Meine Idee (ohne Kaffee intus): Dein Server liefert nicht alle Zertifikate.
Stichwort: SSLCertificateChainFile
Hast du da diese drin (als PEM-Format)?
- DST Root CA X3
- Let's Encrypt Authority X3
Last edited: 2018-05-28 09:45:56 +0200 (CEST)

View full thread IO::Socket::SSL verweigert sich