堆栈内存溢出
  简体   繁体   English

Net::SSLeay 在访问 pop.gmail.com 时出现“:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed”失败,正如许多其他人所见

[英]Net::SSLeay gets ":SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" failure when accessing pop.gmail.com, as seen by so many others

 原文  2020-04-02 02:32:26       perl/ sockets/ ssl

问题描述

I have a perl script which downloads email from pop.gmail.com:995 using the CPAN Mail::Box::POP3s package.我有一个 perl 脚本,它使用 CPAN Mail::Box::POP3s 包从 pop.gmail.com:995 下载电子邮件。 The source code to do this is:执行此操作的源代码是:

   my $pop = Mail::Box::POP3s->new(username => $recordsUser,
          password => $recordsPassword,
          server_name => $pop3Server);
   my($nrOfMsgs) = $pop->nrMessages;
   print "Received $nrOfMsgs\n";

On one Windows 10 system, this works perfectly.在一个 Windows 10 系统上,这可以完美运行。 But on another it fails, with the signature:但在另一个失败,签名:

DEBUG: .../IO/Socket/SSL.pm:1890: new ctx 76411024
DEBUG: .../IO/Socket/SSL.pm:393: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:395: socket connected
DEBUG: .../IO/Socket/SSL.pm:413: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:443: using SNI with hostname pop.gmail.com
DEBUG: .../IO/Socket/SSL.pm:479: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1359: SSL connect attempt failed with unknown error

DEBUG: .../IO/Socket/SSL.pm:485: fatal SSL error: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1924: free ctx 76411024 open=76411024
DEBUG: .../IO/Socket/SSL.pm:1932: OK free ctx 76411024
ERROR: Cannot connect to pop.gmail.com:995 for POP3: Bad file descriptor
ERROR: Cannot create POP3 client for inbox.
Can't call method "nrMessages" on an undefined value at ./emailToNotes.pl line 110.

Both the systems are running Windows10 Pro (uptodate as of 2019) with Active Perl 5.16.3.这两个系统都运行带有 Active Perl 5.16.3 的 Windows10 Pro(更新至 2019 年)。 On the system that works, I have: IO::Socket::SSL version 1.84 Net::SSLeay version 1.52 Openssl version 1.02 On the system that fails, I have: IO::Socket::SSL version 1.962 Net::SSLeay version 1.55 Openssl verson 1.1.1d Looking at all the previous mentions of this error syndrome on the web, I tried: - patching IO::Socket::SSL to set $can_client_sni to 0 - downloading the trusted CA chain from https://curl.haxx.se/ca/cacert.pem , and add it to Net::SSLeay with the call Net::SSLeay::X509_STORE_add_crl None of these solve the problem.在运行的系统上,我有: IO::Socket::SSL version 1.84 Net::SSLeay version 1.52 Openssl version 1.02 在出现故障的系统上,我有: IO::Socket::SSL version 1.962 Net::SSLeay version 1.55 Openssl 版本 1.1.1d 查看之前在网络上提到的所有此错误综合症,我尝试: - 修补 IO::Socket::SSL 以将 $can_client_sni 设置为 0 - 从https://curl下载受信任的 CA 链.haxx.se/ca/cacert.pem ,并通过调用 Net::SSLeay::X509_STORE_add_crl 将其添加到 Net::SSLeay 这些都不能解决问题。 The only difference in the Windows 10 of the two systems is that the working one had Windows 10 Pro installed in 2018, while the new system was just purchased 2 weeks ago.两个系统的Windows 10唯一不同的是,运行的系统在2018年安装了Windows 10 Pro,而新系统是在2周前才购买的。 I have been trying different solutions for 2 days now, and could surely use some help from experts such as Steffen Ullrich and others.我已经尝试了 2 天的不同解决方案,并且肯定可以使用 Steffen Ullrich 等专家的帮助。 Thanks in advance.提前致谢。

2 个解决方案

解决方案1
 2 已采纳  2020-04-02 05:24:06

First, notice that the software you are using are in parts quite old.首先,请注意您正在使用的软件部分已经很旧了。 The versions of IO::Socket::SSL and Net::SSleay are 7 years old and a lot of improvements where made in these years. IO::Socket::SSL 和 Net::SSleay 的版本已有 7 年的历史,并且在这些年中进行了很多改进。 Interestingly though your versions of OpenSSL seems to be much newer and you are also running Windows 10 which suggests a strange mix of recent and terribly old software.有趣的是,尽管您的 OpenSSL 版本似乎更新了很多,而且您还在运行 Windows 10,但这表明最近的软件和非常旧的软件混合在一起。

The version 1.84 of IO::Socket::SSL which you've used on one machine does not validate certificates by default, so it will work even if something is wrong with the certificates.您在一台机器上使用的 IO::Socket::SSL 版本 1.84 默认不验证证书,因此即使证书出现问题,它也能正常工作。 The version 1.962 used on the other machine insists on validating the certificate by default instead.另一台机器上使用的 1.962 版本坚持默认验证证书。 This means that both machines could actually have the same problem related to certificates but you'll notice it only on one machine.这意味着两台机器实际上可能有与证书相关的相同问题,但您只会在一台机器上注意到它。

Unfortunately Mail::POP3Client (which is unsupported since 7 years) does not have any way to set which trust store gets used but relies on a properly setup trust store on the system.不幸的是Mail::POP3Client (自 7 年来不受支持)无法设置使用哪个信任库,而是依赖于系统上正确设置的信任库。 Only such setup is typically not the case with OpenSSL (used by Perl) on Windows. Windows 上的 OpenSSL(由 Perl 使用)通常不是这样的设置。 Newer versions of IO::Socket::SSL will automatically pickup the trust store Mozilla::CA if it is installed but not the old versions you are using.较新版本的 IO::Socket::SSL 将自动选择信任存储Mozilla::CA如果它已安装但不是您正在使用的旧版本。

I suggest that you move away from this old software stack.我建议你远离这个旧的软件堆栈。 Use newer versions of IO::Socket::SSL and Net::SSLeay and also install Mozilla::CA as trust store.使用较新版本的 IO::Socket::SSL 和 Net::SSLeay,并将 Mozilla::CA 安装为信任存储。 I recommend to also use Net::POP3 instead of Mail::POP3Client, since the latter is long out of support and the first gives you also more control over certificate validation.我建议还使用 Net::POP3 而不是 Mail::POP3Client,因为后者早已不受支持,而第一个还可以让您更好地控制证书验证。 I'm not sure about the ActivePerl you are using but the free Strawberry Perl usually comes with a fairly recent software stack.我不确定您正在使用的 ActivePerl,但免费的 Strawberry Perl 通常带有相当新的软件堆栈。

解决方案2
 -1  2020-04-02 03:51:06

You can use either of following您可以使用以下任一

use strict;
use warnings;
use feature 'say';

use Mail::POP3Client;

my $mail;

$mail->{user}   = 'your_account@gmail.com';
$mail->{passwd} = 'your_password';
$mail->{host}   = 'pop.gmail.com';

my $pop = new Mail::POP3Client( 
                            USER     => $mail->{user},
                            PASSWORD => $mail->{passwd},
                            HOST     => $mail->{host},
                            USESSL   => 'true',
                            DEBUG    => 0
                           );

$pop->Connect() or die $pop->Message();

say 'Messages: ' . $pop->Count();

$pop->Close();

Or或者

use strict;
use warnings;
use feature 'say';

use Mail::POP3Client;
use IO::Socket::SSL;

$IO::Socket::SSL::DEBUG = 0;  # Level 0..3

my($mail,$ssl);

$mail->{user}   = 'your_account@gmail.com';
$mail->{passwd} = 'your_password';

$ssl->{host}    = 'pop.gmail.com';
$ssl->{port}    = 995;
$ssl->{proto}   = 'tcp';

my $socket = IO::Socket::SSL->new( 
                        PeerAddr => $ssl->{host},
                        PeerPort => $ssl->{port},
                        Proto    => $ssl->{proto}
                    ) || die "No socket!";

my $pop = Mail::POP3Client->new();

$pop->User($mail->{user});
$pop->Pass($mail->{passwd});
$pop->Socket($socket);

$pop->Connect() or die $pop->Message();

say 'Messages: ' . $pop->Count();

$pop->Close();

A code with use of Net::POP3 module使用 Net::POP3 模块的代码

use strict;
use warnings;
use feature 'say';

use Net::POP3;
use Data::Dumper;

my $mail;

$mail->{host}   = 'pop.gmail.com';
$mail->{userid} = 'your_account@gmail.com';
$mail->{passwd} = 'your_password';

my $pop = Net::POP3->new($mail->{host}, SSL => 1, Timeout => 60);

if ($pop->login($mail->{userid}, $mail->{passwd}) > 0) {
  my $msgnums = $pop->list; # hashref of msgnum => size
  say 'Messages: ' . scalar keys %$msgnums;
}

$pop->quit;

Tested with following modules使用以下模块进行测试

cpan -D Mail::POP3Client
Loading internal logger. Log::Log4perl recommended for better logging
CPAN: CPAN::SQLite loaded ok (v0.217)
Database was generated on Thu, 02 Apr 2020 02:48:07 GMT
Mail::POP3Client
-------------------------------------------------------------------------
        CPAN: Module::CoreList loaded ok (v5.20200314)
(no description)
        S/SD/SDOWD/Mail-POP3Client-2.19.tar.gz
        C:\bin\Portable\strawberry-perl\perl\site\lib\Mail\POP3Client.pm
        Installed: 2.19
        CPAN:      2.19  up to date
        Sean Dowd (SDOWD)
        pop3client-USEMYCPANADDRESSFORHELP@dowds.net


cpan -D IO::Socket::SSL
Loading internal logger. Log::Log4perl recommended for better logging
CPAN: CPAN::SQLite loaded ok (v0.217)
Database was generated on Thu, 02 Apr 2020 02:48:07 GMT
IO::Socket::SSL
-------------------------------------------------------------------------
        (no description)
        S/SU/SULLR/IO-Socket-SSL-2.068.tar.gz
        C:\bin\Portable\strawberry-perl\perl\vendor\lib\IO\Socket\SSL.pm
        Installed: 2.067
        CPAN:      2.068  Not up to date
        Steffen Ullrich (SULLR)
        Steffen_Ullrich@genua.de


cpan -D Net::POP3
Loading internal logger. Log::Log4perl recommended for better logging
CPAN: CPAN::SQLite loaded ok (v0.217)
Database was generated on Fri, 03 Apr 2020 03:27:32 GMT
Net::POP3
-------------------------------------------------------------------------
        CPAN: Module::CoreList loaded ok (v5.20200314)
(no description)
        S/SH/SHAY/libnet-3.11.tar.gz
        C:\bin\Portable\strawberry-perl\perl\lib\Net\POP3.pm
        Installed: 3.11
        CPAN:      3.11  up to date
        Steve Hay (SHAY)
        shay@cpan.org

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 perl ssl证书在cacert证书上验证失败 - perl ssl certificate verify failed on cacert certificate PERL Get_Server_Certificate证书验证失败错误 - PERL Get_Server_Certificate certificate verify failed error 使用Perl的Net :: SSLeay获取整个证书 - Get entire certificate using Perl's Net::SSLeay 证书验证失败 perl - Certificate verify failed perl 使用paypal.com的Perl,LWP“证书验证失败” - Perl, LWP “certificate verify failed” with paypal.com LWP HTTPS GET上的连接失败或“证书验证失败” - failed connect or “certificate verify failed” on LWP HTTPS GET Perl SSLeay证书和密钥作为字符串 - Perl SSLeay certificate and key as string Mojo::UserAgent 证书验证失败 - Mojo::UserAgent certificate verify failed perl 500证书验证失败 - perl 500 certificate verify failed Web :: Scraper模块的“证书验证失败” - “certificate verify failure” with Web::Scraper module
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM