Visit Our UNIX and Linux User Community


Failed SSL Connection Attempt


 
Thread Tools Search this Thread
Top Forums Programming Failed SSL Connection Attempt
# 1  
Old 09-24-2014
Failed SSL Connection Attempt

The below error message I started seeing using Ubuntu 14.04 and was wondering if the forum has seen it because I cant seem much on the net for this:

Code:
perl -e 'use IO::Socket::SSL qw(debug3);IO::Socket::SSL->new(PeerAddr=>"10.0.0.100",PeerPort=> 443,Proto=>"TCP") or die $!'
DEBUG: .../IO/Socket/SSL.pm:1914: new ctx 14374608
DEBUG: .../IO/Socket/SSL.pm:402: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:404: socket connected
DEBUG: .../IO/Socket/SSL.pm:422: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:455: not using SNI because hostname is unknown
DEBUG: .../IO/Socket/SSL.pm:491: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1388: SSL connect attempt failed with unknown error

DEBUG: .../IO/Socket/SSL.pm:497: fatal SSL error: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1948: free ctx 14374608 open=14374608
DEBUG: .../IO/Socket/SSL.pm:1956: OK free ctx 14374608
IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed	...propagated at -e line 1.

?

---------- Post updated 09-24-14 at 10:04 AM ---------- Previous update was 09-23-14 at 04:23 PM ----------

I did some reading and it appears to be IO:Socket::SSL versions 1.56 or higher that has SNI Support where the client sends the hostname it want to connect, used if you have multiple SSL servers behind the same IP.

Before:

Code:
 perl -e 'use IO::Socket::SSL qw(debug3);IO::Socket::SSL->new(PeerAddr=>"10.0.0.100",PeerPort=>
443,Proto=>"TCP",SSL_hostname => '10.0.0.100') or die $!'
DEBUG: .../IO/Socket/SSL.pm:1914: new ctx 17252256
DEBUG: .../IO/Socket/SSL.pm:402: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:404: socket connected
DEBUG: .../IO/Socket/SSL.pm:422: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:452: using SNI with hostname d
DEBUG: .../IO/Socket/SSL.pm:491: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1388: SSL connect attempt failed with unknown error

DEBUG: .../IO/Socket/SSL.pm:497: fatal SSL error: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1948: free ctx 17252256 open=17252256
DEBUG: .../IO/Socket/SSL.pm:1956: OK free ctx 17252256
IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed    ...propagated at -e line 1.

After with SNI disabled:

Code:
 perl -e 'use IO::Socket::SSL qw(debug3);IO::Socket::SSL->new(SSL_hostname => '',PeerAddr=>"10.0.0.100",PeerPort=> 443,Proto=>"TCP") or die $!'
DEBUG: .../IO/Socket/SSL.pm:1914: new ctx 16772768
DEBUG: .../IO/Socket/SSL.pm:1948: free ctx 16772768 open=16772768
DEBUG: .../IO/Socket/SSL.pm:1956: OK free ctx 16772768

I read from here:

https://rt.cpan.org/Public/Bug/Display.html?id=86684
# 2  
Old 09-24-2014
Well, thanks for keeping us informed !
Smilie

Previous Thread | Next Thread
Test Your Knowledge in Computers #548
Difficulty: Medium
The assignment operator is not a unary operator.
True or False?

10 More Discussions You Might Find Interesting

1. Proxy Server

Httpd proxy on AIX: failed to connect SSL

Hi, I am trying to migrate a quite old proxy server with Apache httpd, running on AIX The scenario is that my server accepts connections on http and proxies them to an SSL backend. This is done in a ProxyPass statement, as follows: ProxyPass /myservice/my-ws... (1 Reply)
Discussion started by: trifo75
1 Replies

2. Shell Programming and Scripting

Tcl / expect need to attempt telnet if failed ssh

Morning and Happy New Year to all. I am in a situation where I need to connect to a list of devices that are using either telnet or ssh. I want to try to telnet, if I receive any of the following I want to attempt ssh : "Connection refused" "Connection timed out" timeout expiration ... (3 Replies)
Discussion started by: popeye
3 Replies

3. Forum Support Area for Unregistered Users & Account Problems

Further to my query re: failed attempt to change email address on existing account

Neo Thanks for your reply to my original post, entitled "Problem changing the email address associated with my unix.com account". I am unable to reply to you in that thread, as I am unable to log-on to unix.com! From what you said about purging dormant accounts, it is likely that my account... (1 Reply)
Discussion started by: irb
1 Replies

4. Red Hat

Proxy tunneling failed: ForbiddenUnable to establish SSL connection.

Tryied both ways curl and wget wget --no-check-certificate https://mysitet.it:61617 --2017-05-05 17:29:02-- https://mysitet.it:61617/ Connecting to myproxy:8080... connected. Proxy tunneling failed: ForbiddenUnable to establish SSL connection. curl https://mysite.it:61617 curl: (56)... (3 Replies)
Discussion started by: charli1
3 Replies

5. Solaris

Internet connection failed on solaris 10

Hi, i am new bie on solaris ,i just installed it on vmware. i tryed to connect to the internet from solaris but it failed. during the installation i ignore the DHCP and i assign a fixed ip address to the host. is that has an impact on internet access ? and if so how to add another interface... (3 Replies)
Discussion started by: Mirsol
3 Replies

6. UNIX for Dummies Questions & Answers

Decreasing SSL connection timeout

hi people, i need help about timeout duration of ssl while connecting to another server in network. this is what i try bash-3.00# time ssh root@10.10.10.10 "date" ssh: connect to host 10.10.10.10 port 22: Connection timed out real 3m10.215s user 0m0.007s sys 0m0.011sthere is no... (2 Replies)
Discussion started by: sdkbjk
2 Replies

7. AIX

unix host actively refused the connection attempt

Dear all, I am faced with an error "UX ER087-0" failling to connect to the server. Any ideas of what might be causing the error? Many thanks (17 Replies)
Discussion started by: captain.scorpio
17 Replies

8. Solaris

Please help me.. connection failed between OpenSSH-3.8.1 to Sun SSH-1.1

hi All, We tried to establish a connection from OpenSSH3.8.1 running on Windows Box to SunSSH-1.1 running on Solaris 10. Please see the debug statements. C:\Documents and Settings\sadmin\.ssh>ssh sadmin@10.4.3.8 -v -v -v OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading... (2 Replies)
Discussion started by: venusunil
2 Replies

9. Solaris

Solaris10 on vmware - Internet connection failed

Installed Sun Solaris 10 (5/09) on vmware 6.0 but system is not connecting to internet. when I check "ipconfig /all" I do not get any DNS Suffix name -- neither for vmnet1 and vmnet8 nor for local ethernet IP. Default gateways are 192.168.1.1 and 192.168.1.2 1. Created /etc/resolv.conf domain... (1 Reply)
Discussion started by: johnjerry
1 Replies

10. Solaris

ssh connection failed.

When i was connecting the Solaris system by sftp . i got the following error. "Warning: child process (/usr/local/bin/ssh2) exited with code 74." Could any one help, how to fix it ? (1 Reply)
Discussion started by: nag.mi2000
1 Replies

Featured Tech Videos