X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-0.4 required=5.0 tests=AWL,BAYES_00,KHOP_THREADED,RP_MATCHES_RCVD,TW_BW
X-Spam-Check-By:	sourceware.org
MIME-Version:	1.0
In-Reply-To:	<CAHiT=DHizS2pnUfe=YpmN+VqQEG-jS-UMPWCvPEj=7KF8zPSCA@mail.gmail.com>
References:	<CAKChYSqz8PXYhF3azLRVe=BcAQOC1ZnwzjLAxn7EWw-qKn398w AT mail DOT gmail DOT com> <CAHiT=DEB8MNOX_y8_AJZdRrdO0xnsXwBebuDzt3gue+hj52S_A AT mail DOT gmail DOT com> <CAHiT=DHizS2pnUfe=YpmN+VqQEG-jS-UMPWCvPEj=7KF8zPSCA AT mail DOT gmail DOT com>
From:	=?ISO-8859-1?Q?Bj=F6rn_Kautler?= <Bjoern AT kautler DOT net>
Date:	Tue, 6 Nov 2012 11:57:32 +0100
Message-ID:	<CAKChYSq4P9vMUKgJ2CoPdrsWzy99PgNcF4whsBDDGVkB-H+uXA@mail.gmail.com>
Subject:	Re: Problem with HTTPS in LWP module in Perl
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id qA6AwEtA029291

Hi,

I think you have hit exactly the same problem than me as far as i can
tell from your output, though I didn't use lwp-request but
LWP::UserAgent, but I tried with lwp-request and it is the same. Let
me explain inline in your mail what I think happened during your
tries.

2012/11/1 Reini Urban <rurban AT x-ray DOT at>:
> On Thu, Nov 1, 2012 at 1:22 PM, Reini Urban wrote:
>> On Thu, Nov 1, 2012 at 1:05 PM, Björn Kautler  wrote:
>>> I'm having a problem with https requests to
>>> "https://www.geocaching.com" in perl.
>>> Nothing was done at all, then I found out I need to install
>>> LWP::Protocol:https which I did with "cpan LWP::Protocol:https".
>>> Now according to Wireshark at least SSL communication is started.
>>> But after the "Client Hello" it just hangs until a timeout happens,
>>> waiting for the "Server Hello".
>>> With other HTTPS pages like "https://www.google.com" it works fine.
>>> The exact same Perl script works fine under Ubuntu.
>>> The https request to the same page works fine with curl under cygwin.
>>> If I change the SSL socket class to Net::SSL instead of
>>> IO::Socket::SSL, it also hangs after the "Client Hello", but then
>>> retries with SSLv3 instead of TLSv1 according to Wireshark and this at
>>> least works a bit better though not completely.
>>> So I guess something is weird in the Cygwin port of IO::Socket::SSL. :-/
>>
>> Probably, but I cannot reproduce it.
>> If it is, you need to file a rt.cpan.org ticket for this,
>> with some wireshark loggings and the exact request.
>>
>> $ lwp-request https://www.geocaching.com/
>> 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not
>> installed)
>> $ cpan LWP::Protocol::https
>> ... (built and installed SULLR/IO-Socket-SSL-1.77.tar.gz,
>> GAAS/LWP-Protocol-https-6.03.tar.gz)
>>   /usr/bin/make install  -- OK
>>
>> $ lwp-request -USed https://www.geocaching.com/
>> GET https://www.geocaching.com/
>> User-Agent: lwp-request/6.03 libwww-perl/6.04
>>
>> 500 Can't connect to www.geocaching.com:443
>> Content-Type: text/plain
>> Client-Date: Thu, 01 Nov 2012 18:21:07 GMT
>> Client-Warning: Internal response

How long did this need from executing until error message?
I think this is the exact place where the error happens, also for you.
At least the output seems like that to me.

>> From debian:
>> $ lwp-request -USed https://www.geocaching.com/
>> GET https://www.geocaching.com/
>> User-Agent: lwp-request/5.834 libwww-perl/6.04
>>
>> GET https://www.geocaching.com/ --> 500 Can't connect to www.geocaching.com:443
>> Content-Type: text/plain
>> Client-Date: Thu, 01 Nov 2012 18:18:49 GMT
>> Client-Warning: Internal response
>>
>> $ lwp-request -USed https://www.google.com/
>> -> 200 OK
>
> I got a bit more information from some other version:
>
> $ perl5.14.3 -S lwp-request -USed https://www.geocaching.com/
> GET https://www.geocaching.com/
> User-Agent: lwp-request/5.834 libwww-perl/6.04
>
> GET https://www.geocaching.com/ --> 500 Can't connect to
> www.geocaching.com:443 (Crypt-SSLeay can't verify hostnames)
> Content-Type: text/plain
> Client-Date: Thu, 01 Nov 2012 18:22:57 GMT
> Client-Warning: Internal response
>
> So I think it's on the application level, not the library. This is
> with Crypt::SSLeay 0.64.
> My Cygwin has 0.60, and debian had 0.58.
>
> See http://stackoverflow.com/questions/12116244/https-proxy-and-lwpuseragent
> how to utilize PERL_LWP_SSL_VERIFY_HOSTNAME=0

I don't think this is more information but another case.
There are two SSL Socket classes that you can set.
If you use Net::SSL like "PERL_NET_HTTPS_SSL_SOCKET_CLASS='Net::SSL'
lwp-request -USed https://www.geocaching.com" you get teh error 500
with "Crypt-SSLeay can't verify hostnames". If you use IO::Socket::SSL
like "PERL_NET_HTTPS_SSL_SOCKET_CLASS='IO::Socket::SSL' lwp-request
-USed https://www.geocaching.com" which seems to be the default on all
systems I tried on, you don't get the error with hostname
verification, but the timeout.
If I use Net::SSL as socket class and switch off hostname verification
with "PERL_LWP_SSL_VERIFY_HOSTNAME=0", I'm getting the very same
timeout I get with the other socket class, just that after the timeout
the library tries again with an SSLv3 client hello instead of an TLSv1
client hello and succeds.
But using curl shows that it should work with the TLSv1 client hello right away.
Just like I described in my original message already. :-)

Cheers
Björn

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -