X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0	tests=AWL,BAYES_00,KHOP_THREADED,RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
In-Reply-To: <op.wnc5gmd1ofd6j1@nebbiolo>
References: <CAKChYSqz8PXYhF3azLRVe=BcAQOC1ZnwzjLAxn7EWw-qKn398w AT mail DOT gmail DOT com> <87vcdiznho DOT fsf AT Rainer DOT invalid> <op DOT wnc5gmd1ofd6j1 AT nebbiolo>
From: =?ISO-8859-1?Q?Bj=F6rn_Kautler?= <Bjoern AT Kautler DOT net>
Date: Wed, 7 Nov 2012 00:02:07 +0100
Message-ID: <CAKChYSo=1FGTRZVvxi73duqoxPdzMFsXvca5=LX5241TwyU5sQ@mail.gmail.com>
Subject: Re: Problem with HTTPS in LWP module in Perl
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=ISO-8859-1
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id qA6N2nWr015719

2012/11/6 Helmut Karlowski <helmut DOT karlowski AT ish DOT de>:
> Achim Gratz, 06.11.2012 17:48:19:
>
>
>> This has nothing to do with Cygwin, the same error happens on Linux:
>>
>> $ perl -e 'use LWP::Simple;' -e '($r=get("https://www.geocaching.com")) or
>> print "$!\n$@\n";print "$r\n";'
>> Connection reset by peer
>> Can't connect to www.geocaching.com:443
>
>
> Just got this in lynx (after waiting real long):
>
> Geocaching.com will be going offline temporarily for maintenance on Tuesday,
> November 6, 2012 at approximately 6pm PST
>
> Maybe that's the reason?

I don't think so, I'm having this for days and from Cygwin yes, but
Ubuntu and Debian no, so I don't think this is caused by the server.

> links still timeouts while lynx says after some
> minutes:
>
> unable to get local issuer certificate - Continue?
>
> when I agree it worked before but now issues:
>
> Suche nach www.geocaching.com
> HTTPS-Verbindung zu www.geocaching.com wird aufgebaut.
> Verbindung erneut versuchen, ohne TLS.
> Suche nach www.geocaching.com
> HTTPS-Verbindung zu www.geocaching.com wird aufgebaut.
> SSL callback:unable to get local issuer certificate, preverify_ok=0,
> ssl_okay=0
> SSL callback:certificate not trusted, preverify_ok=0, ssl_okay=1
> SSL callback:certificate not trusted, preverify_ok=1, ssl_okay=1
> SSL callback:certificate not trusted, preverify_ok=1, ssl_okay=1
> Obacht: Unable to make secure connection to remote host.
>
> lynx: Unzugängliche Startdatei https://www.geocaching.com/
>
> lynx exits here.
>
> (sorry for german).
>
> Also the other urls I cannot connect to with links work with lynx after
> answering the above certificate-question and a long time of waiting.
>

lynx behaves similar to LWP with Net::SSL as socket class and hostname
verification off.
It sends a TLSv1 Client Hello.
Then times out waiting for the Server Hello.
Then sends again an SSLv3 Client Hello and kind of succeeds.
So it shows the same behaviour for the TLSv1 case which should work as
curl shows.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple