Gisle split out HTTPS support from libwww-perl into LWP::Protocol::https earlier this year when I wasn't paying attention. I needed HTTPS support for one of my Perl 5.14 applications and I wasn't reading the error message closely because I assumed it was business as usual with Crypt::SSLeay. Previously, I just installed that module and everything worked. Now I have to install LWP::Protocol::https to get everything to work. If I haven't done that, I get the error:
501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed) <URL:https://www.example.com>
That's not the end of the story though, because the fancy new stuff is a bit more strict with the SSL stuff. For libwww-perl-5.837 and earlier, hostname checking was off by default. Now it's on by default. I can't just connect to any HTTPS server. By default, LWP::UserAgent wants to verify the certificates and so on. That can be a problem if the Certificate Authority root certificate isn't around:
500 Can't connect to pause.perl.org:443 (certificate verify failed) Content-Type: text/plain Client-Date: Sun, 24 Jul 2011 11:18:59 GMT Client-Warning: Internal response Can't connect to pause.perl.org:443 (certificate verify failed) LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/local/perls/perl-5.14.1/lib/site_perl/5.14.1/LWP/Protocol/http.pm line 51.
Coincidentally, Phred just mentioned this in Google Chrome fails at pause.perl.org at the same time that I was updating some applications for the latest LWP.
I could get around the verification by setting the
PERL_LWP_SSL_VERIFY_HOSTNAMES environment to 0, or setting the SSL options before I connect. This is still documented in LWP::UserAgent, though, so if you are looking in LWP::Protocol::https, you'll miss it:
$ua = LWP::UserAgent->new( ... ); $ua->ssl_opts( verify_hostnames => 0 ); # not so nice
That's not really all that pleasing though. I should just get the root certificate for CACert.org, which PAUSE uses. Once I have that, I just have to tell the user-agent where it is:
$ua->ssl_opts( SSL_ca_file => '/path/to/root.crt' );
If you want to use the certificate authority root certificates that come with Mozilla, you can use Mozilla::CA, which comes with the certificates and a function to figure out where you installed them:
$ua->ssl_opts( SSL_ca_file => Mozilla::CA::SSL_ca_file() );