使用Web :: Scraper模块“证书验证失败”

时间:2017-01-26 03:55:17

标签: perl https

我在证书验证问题中有以下结果:

 use URI;
 use Web::Scraper
 my $res = $scraper->scrape( URI->new('https://example.com') );

等待大约2分钟后,我收到以下错误:

  

GET https://example.com失败:500无法连接到example.com:443   (证书验证失败)

根据评论中的建议,我跑了openssl s_client -connect olms.dol-esa.gov:443。它立即将以下内容输出到终端,然后挂起约2分钟:

CONNECTED(00000003)
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=olms.dol-esa.gov/O=DEPARTMENT OF LABOR/L=Washington/ST=District of Columbia/C=US
   i:/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52
 1 s:/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52
   i:/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
 2 s:/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
 3 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
<SNIP>
-----END CERTIFICATE-----
subject=/CN=olms.dol-esa.gov/O=DEPARTMENT OF LABOR/L=Washington/ST=District of Columbia/C=US
issuer=/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52
---
No client certificate CA names sent
---
SSL handshake has read 6233 bytes and written 615 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DES-CBC3-SHA
    Session-ID: 3E5B2FBD819EF7880143C874181B7D67D3B1A0CE7C319B35F276E1CE8D9B9A18
    Session-ID-ctx: 
    Master-Key: BE8A24B0350C48FCC3ECFA21AE896BF09F8978C481F3BE01E1E9B904A0BFB87098914DB6CD592BBC7634142A4B5C43FB
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1486034348
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

等了大约两分钟后,输出如下:

read:errno=0

1 个答案:

答案 0 :(得分:1)

Web::Scraper使用LWP::UserAgent。除非您关闭该功能,否则更多现代版本会尝试验证主机名。还有其他事情可能会发生,但这个问题的细节很少。

LWP::UserAgent的一个构造函数参数是:

LWP::UserAgent->new( 
    ssl_opts => { verify_hostname => 0 }
    ...;
    }

您可以构建自己的用户代理对象并将其提供给Web::Scraper

my $scraper = Web::Scraper->new(...);
$scraper->user_agent( $your_own_lwp_useragent_object );

另见“Perl LWP::Simple HTTPS error”的答案。如需更多帮助,我们需要相关模块的版本详细信息和您的openssl详细信息。

相关问题
最新问题