使用perl进行500 SSL协商失败

时间:2015-03-09 10:43:13

标签: perl ssl soaplite

我正在尝试使用来自客户端计算机SunOS 5.10的perl脚本连接到webservice服务器,但没有成功。

我使用ActivePerl 5.8.8,以及其他一些已安装的库。 我还安装了带有cacertificates dependencie的libssl0_9_8。

请注意,负责服务器端Web服务的团队告诉我,他们没有管理任何证书。

我已阅读了很多论坛,但我对这个问题没有明确的答案。 我在我的脚本中使用以下内容:

use SOAP::Lite;
use SOAP::Lite +trace => 'all';
$ENV{HTTPS_DEBUG} = 1;
my $server = $conf->param("Server");
my $url = "https://$server:443/services";
my $service = SOAP::Lite->proxy("$url/service") or die $logger->error("Error: WebService $!");

当我启动脚本时,会产生以下内容:

bash-3.2# ./GetTest.pl 
SOAP::Transport::new: ()
SOAP::Serializer::new: ()
SOAP::Deserializer::new: ()
SOAP::Parser::new: ()
SOAP::Lite::new: ()
SOAP::Transport::HTTP::Client::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Lite::call: ()
SOAP::Serializer::envelope: ()
SOAP::Serializer::envelope: getInterface SOAP::Data=HASH(0x1003e0c) SOAP::Data=HASH(0x1003b18) SOAP::Data=HASH(0x1003bd8) SOAP::Data=HASH(0x1003ce0)
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Transport::HTTP::Client::send_receive: HTTP::Request=HASH(0x100368c)
SOAP::Transport::HTTP::Client::send_receive: POST https://<SERVER>:443/axis2/services/Service HTTP/1.1
Accept: text/xml
Accept: multipart/*
Accept: application/soap
Content-Length: 875
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://...#getInterface"
...
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert write:fatal:handshake failure
SSL_connect:error in SSLv3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
SOAP::Transport::HTTP::Client::send_receive: HTTP::Response=HASH(0x77c3e8)
SOAP::Transport::HTTP::Client::send_receive: 500 SSL negotiation failed:
Content-Type: text/plain
Client-Date: Mon, 09 Mar 2015 10:27:04 GMT
Client-Warning: Internal response

500 SSL negotiation failed:
SOAP::Deserializer::deserialize: ()
SOAP::Parser::decode: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Transport::HTTP::Client::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Transport::DESTROY: ()
SOAP::Serializer::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Deserializer::DESTROY: ()
SOAP::Parser::DESTROY: ()
SOAP::Lite::DESTROY: ()

请注意,某些输出已被隐藏。

如果您需要帮我解决问题,我很乐意为您提供更多信息。

编辑:

我已经使用openssl实用程序测试了与服务器的连接,看起来很有效:

bash-3.2# openssl s_client -connect <server>:443 -tls1
CONNECTED(00000004)
depth=1 /C=FR/ST=Alpes-Maritimes/...
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
...
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAds...
-----END CERTIFICATE-----
...
---
No client certificate CA names sent
---
SSL handshake has read 1886 bytes and written 260 bytes
---
New, TLSv1/SSLv3, Cipher is ...
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ...
    Verify return code: 19 (self signed certificate in certificate chain)
---

我们可以看到我必须使用TLSv1 / SSLv3来使其工作。 请注意,我已使用较低版本测试了此命令,但它无法正常工作。

我该怎么办? 将ActivePerl升级到5.20以考虑支持TLSv1的新特定库? 还是其他人?

提前致谢,

0 个答案:

没有答案