我在Win7上使用Perl脚本(使用HTTP :: Proxy 0.303,Net :: SSLeay 1.66和IO :: Socket :: SSL 2.012模块)和OpenSSL并收到错误:
failure during X509V3_EXT_conf_nid() for nid=177 6896:error:2208B08F:X509 V3 routines:V2I_AUTHORITY_INFO_ACCESS:invalid syntax:v3_info.c:1 1: failure during X509V3_EXT_conf_nid() for nid=89 6896:error:22082086:X509 V3 routines:R2I_CERTPOL:invalid policy identifier:v3_cpols.c:160: section:,name:Policy,value:1.3.6.1.4.1.11129.2.5.1
这是Perl,还是OpenSSL,还是证书错误?
网址:www.google.hr:443
输出来自:
openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | openssl x509 -text -noout
是:
Loading 'screen' into random state - done
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:f4:e4:88:96:4e:ef:db
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Apr 22 13:46:42 2015 GMT
Not After : Jul 21 00:00:00 2015 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:07:f5:b5:1c:4f:d9:03:c3:6f:07:fa:0e:ae:
0e:96:37:8c:ca:ea:f7:6d:f6:ea:93:a6:4d:ca:01:
0c:d0:fd:ed:aa:c3:2e:56:a1:ec:0d:98:98:31:f5:
13:cb:22:e1:d1:79:31:fe:3a:b8:7c:bc:5d:63:93:
6e:eb:0b:cf:4f:9e:cf:6b:46:c1:3f:15:58:e9:69:
e7:cd:1e:2d:ed:ad:51:5b:0c:77:15:76:b5:3a:25:
6d:17:8e:c1:b5:fb:06:cb:f2:e4:94:bc:33:22:7b:
2e:19:36:a5:1f:a2:95:f7:30:9e:8b:1e:91:6b:e4:
58:2b:45:6d:51:b1:e9:93:b3:f0:5f:5e:30:b8:32:
80:5d:c2:7b:7a:c6:89:63:87:e2:87:cf:27:32:f0:
e8:26:09:55:cf:38:db:9b:c9:42:94:79:8f:d4:8b:
d3:da:5f:41:96:87:97:44:e6:e1:7b:da:31:bc:35:
53:ec:eb:b2:bb:aa:97:e6:ad:d5:52:18:7b:d1:c4:
7d:cf:03:00:3d:d1:e2:a5:6a:47:a5:a8:24:9f:72:
b6:57:0f:ca:bb:12:c3:01:42:f4:50:6d:b1:5e:ba:
1f:d3:7b:17:62:5f:ef:21:03:53:d7:34:c1:14:44:
ae:72:d8:40:73:e6:30:1b:2e:eb:8b:6d:03:cd:fc:
3a:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:www.google.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
A0:01:08:F5:54:1F:91:E6:20:3D:67:2B:20:80:45:F1:83:EA:11:17
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha1WithRSAEncryption
65:56:21:57:c6:67:5d:33:a2:7a:71:58:14:04:75:b0:f6:7b:
12:a0:96:da:4a:ec:07:13:70:5f:a3:da:eb:83:35:7c:d0:c6:
b3:78:36:8c:fe:d7:55:48:20:80:e2:30:ff:f2:3c:89:af:78:
e5:e3:0b:5a:cc:7f:5f:92:7e:e8:05:4c:58:10:2d:b6:5f:2e:
bc:b7:19:ca:32:ee:4b:37:37:be:78:c6:d2:b3:b3:0a:4a:a7:
0f:77:56:5d:52:6f:b7:c5:cb:27:49:cd:db:9a:f9:bf:02:e3:
9d:e1:63:ee:78:c8:58:76:be:1c:ab:05:21:b7:ec:85:48:1a:
84:a7:ce:7a:26:3c:6c:60:39:57:eb:58:7d:8b:b2:aa:d8:40:
0f:c4:0f:bd:1a:f4:f6:73:98:fd:ba:95:17:99:46:15:9c:ba:
f1:e3:18:d7:2e:a6:db:6a:19:6c:29:df:9f:c2:f6:59:ed:b1:
52:bb:21:52:f3:3b:39:1d:17:cb:d6:4b:96:d6:2e:fd:70:7a:
6e:36:a4:26:cc:2f:83:ac:51:76:a2:e2:62:ee:e0:91:fc:0e:
98:7d:ad:83:17:ae:e8:c8:76:4a:5e:ea:20:57:09:28:f9:c7:
d5:7b:dd:6f:f9:a0:10:57:29:6d:93:30:1c:67:2f:f1:6b:2a:
48:f1:61:63
答案 0 :(得分:1)
将IO :: Socket :: SSL更新为版本2.014后,一切正常。