小贝子编程

"certificate verify failure" 与网络::刮板模块



我在证书验证问题中遇到以下结果:

 use URI;
 use Web::Scraper
 my $res = $scraper->scrape( URI->new('https://example.com') );

等待大约 2 分钟后,我收到以下错误:

获取 https://example.com 失败:500 无法连接到 example.com:443 (证书验证失败)

根据评论中的建议,我运行了openssl s_client -connect olms.dol-esa.gov:443.它立即将以下内容输出到终端,然后挂起约2分钟:

CONNECTED(00000003)
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=olms.dol-esa.gov/O=DEPARTMENT OF LABOR/L=Washington/ST=District of Columbia/C=US
   i:/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52
 1 s:/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52
   i:/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
 2 s:/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
 3 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
<SNIP>
-----END CERTIFICATE-----
subject=/CN=olms.dol-esa.gov/O=DEPARTMENT OF LABOR/L=Washington/ST=District of Columbia/C=US
issuer=/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52
---
No client certificate CA names sent
---
SSL handshake has read 6233 bytes and written 615 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DES-CBC3-SHA
    Session-ID: 3E5B2FBD819EF7880143C874181B7D67D3B1A0CE7C319B35F276E1CE8D9B9A18
    Session-ID-ctx: 
    Master-Key: BE8A24B0350C48FCC3ECFA21AE896BF09F8978C481F3BE01E1E9B904A0BFB87098914DB6CD592BBC7634142A4B5C43FB
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1486034348
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

等待大约两分钟后,输出以下内容:

read:errno=0

Web::Scraper 使用 LWP::UserAgent。该版本的更现代版本会尝试验证主机名,除非您关闭该功能。可能还有其他事情正在发生,但这个问题的细节很少。

LWP::UserAgent 的构造函数参数之一是:

LWP::UserAgent->new( 
    ssl_opts => { verify_hostname => 0 }
    ...;
    }

您可以构建自己的用户代理对象并将其提供给Web::Scraper:

my $scraper = Web::Scraper->new(...);
$scraper->user_agent( $your_own_lwp_useragent_object );

另请参阅"Perl LWP::Simple HTTPS error"中的答案。如需更多帮助,我们需要相关模块的版本详细信息和您的 openssl 详细信息。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium