REST::Client: how to ignore SSL certificates

perl

15,656

Solution 1

I got it working by adding below line:

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0;

Reference: https://splash.riverbed.com/docs/DOC-1602

Solution 2

I found that option did not completely address the issue in LWP 6.x. For me this worked:

# setup rest client                                                                                                             
my $client = REST::Client->new();                                                                                               

# don't verify SSL certs                                                                                                        
$client->getUseragent()->ssl_opts(verify_hostname => 0);                                                                        
$client->getUseragent()->ssl_opts(SSL_verify_mode => SSL_VERIFY_NONE);

15,656

slayedbylucifer

A hopelessly devoted father and a husband who does Linux plumbing for survival. The only other interest he has is listening to heavy/thrash metal and strumming his acoustic guitar.

Updated on May 26, 2022

Comments

slayedbylucifer almost 2 years
I am working with REST::Client and my code fails with SSL error.

Here is the code:
```
#!usr/bin/perl -w
use strict;
use REST::Client;

my $client = REST::Client->new();

$client->GET("https://something/api/sessions");
print $client->responseContent();
```
and here is the output:
```
WP::Protocol::https::Socket: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/local/share/perl/5.10.1/LWP/Protocol/http.pm line 51.
```
I know the problem. REST::Client is not able to ignore the SSL certificate.

I get the exact same error with curl when I do not use "-k" option:

here is curl command:
```
curl -i -H "Accept:application/*+xml;version=1.5" -u "username@system:password" -X post https://something/api/sessions
```
and here is curl output(Error):
```
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
```
However, if I add "-k" to the curl command, then it works just fine.

From curl's man page, here is the explanation of "-k":
```
(SSL)  This  option  explicitly  allows  curl to perform "insecure" SSL connections and transfers.
```
Question:

So, How do I make REST::Client ignore the SSL certificate? OR is there any other elegant way to work with? I gone through the REST::Client documentation on CPAN but it does not talk anything about this.

Thanks.
- ThanksForYourHelp almost 8 years
  
  For what it's worth it is far better to deploy a proper CA signed cert to the service (if possible) or, only if the cert is unique, specifically trust the individual cert.
Karlik_B almost 6 years

Works great. Only SSL_VERIFY_NONE needs to be encapsulated in single quotes to prevent strict compile failure.
chicks almost 5 years

Usuallly keys on the left side of => are implicitly quoted in Perl. I haven't had this trip up strictness which I usually have on. That's why the code sample includes the my.