IO::Socket::SSL 似乎忽略了 SSL_VERIFY_NONE
IO::Socket::SSL seems to be ignoring SSL_VERIFY_NONE
IO::Socket::SSL 似乎忽略了 SSL_VERIFY_NONE;这是在 OSX 10.14.1 with perl 5.18.2 和 CentOS 6.10 with perl 5.10.1:
#!/usr/bin/perl
#
# sslt
#
# Test ssl connections to self-signed sites
#
use strict;
use warnings;
use IO::Socket::SSL qw( SSL_VERIFY_NONE );
use LWP::UserAgent;
my $url = 'https://internal_site:18443/rest/v1';
my $method = 'GET';
my $ua = LWP::UserAgent->new;
$ua->agent('sslt/0.1');
$ua->ssl_opts(SSL_verify_mode => SSL_VERIFY_NONE);
# Create a request
my $req = HTTP::Request->new($method => $url);
print STDERR "Raw request ($method): $url\n";
# Send request to the user agent and get a response back
my $res = $ua->request($req);
print STDERR "Raw response: ", $res->message, " (", $res->code, ")\n";
exit 0;
结果:
$ sslt
Raw request (GET): https://internal_site:18443/rest/v1
Raw response: Can't connect to internal_site:18443 (certificate verify failed) (500)
这不是 IO::Socket::SSL 忽略 SSL_verify_mode 而是 LWP 覆盖它。来自 LWP::Protocol::https:
sub _extra_sock_opts
{
my $self = shift;
my %ssl_opts = %{$self->{ua}{ssl_opts} || {}};
if (delete $ssl_opts{verify_hostname}) {
$ssl_opts{SSL_verify_mode} ||= 1; <<<<<<<<<<<<<<<<<<<<
$ssl_opts{SSL_verifycn_scheme} = 'www';
}
因此,您必须将 verify_hostname 设置为 0 才能真正禁用验证。另见票 LWP::Protocol::https discards 0 value for SSL_VERIFY_mode.
IO::Socket::SSL 似乎忽略了 SSL_VERIFY_NONE;这是在 OSX 10.14.1 with perl 5.18.2 和 CentOS 6.10 with perl 5.10.1:
#!/usr/bin/perl
#
# sslt
#
# Test ssl connections to self-signed sites
#
use strict;
use warnings;
use IO::Socket::SSL qw( SSL_VERIFY_NONE );
use LWP::UserAgent;
my $url = 'https://internal_site:18443/rest/v1';
my $method = 'GET';
my $ua = LWP::UserAgent->new;
$ua->agent('sslt/0.1');
$ua->ssl_opts(SSL_verify_mode => SSL_VERIFY_NONE);
# Create a request
my $req = HTTP::Request->new($method => $url);
print STDERR "Raw request ($method): $url\n";
# Send request to the user agent and get a response back
my $res = $ua->request($req);
print STDERR "Raw response: ", $res->message, " (", $res->code, ")\n";
exit 0;
结果:
$ sslt
Raw request (GET): https://internal_site:18443/rest/v1
Raw response: Can't connect to internal_site:18443 (certificate verify failed) (500)
这不是 IO::Socket::SSL 忽略 SSL_verify_mode 而是 LWP 覆盖它。来自 LWP::Protocol::https:
sub _extra_sock_opts
{
my $self = shift;
my %ssl_opts = %{$self->{ua}{ssl_opts} || {}};
if (delete $ssl_opts{verify_hostname}) {
$ssl_opts{SSL_verify_mode} ||= 1; <<<<<<<<<<<<<<<<<<<<
$ssl_opts{SSL_verifycn_scheme} = 'www';
}
因此,您必须将 verify_hostname 设置为 0 才能真正禁用验证。另见票 LWP::Protocol::https discards 0 value for SSL_VERIFY_mode.