Charlie Harvey

Having SOAP::Lite or LWP::UserAgent skip SSL certificate verification

Wow. This was a two pipe problem. I just upgraded perl on one of our servers. We use a lot of SOAP::Lite calls here, which used to be fine. But all of a sudden all my lovely scripts say: 500 Can't connect to our.server.com:443 (certificate verify failed) at /usr/bin/myscript.pl line 28

Now perl is actually doing the right thing here, because we're using a self signed cert. So the proper solution is to move all your certificates across. However, that is a pain for testing and h4x0ring, so I spent a "happy" hour bouncing around CPAN lookig for a solution.

As it turns out, you can set a single environment variable and have behaviour return to usual. Sweet. I found the answer in the LWP::UserAgent manual. So at the top of yer code: $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0

If you are doing this in a CGI context, you can have Apache set the variable thus: SetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0

So, now back to the actually useful work I should have been doing all along.


Comments

  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.