[Xml-compile] wsdl->call() fails over htts transport with "certificate verify failed"
Darija Tadin-Đurović
68darki at gmail.com
Wed Feb 25 21:53:01 GMT 2015
Hello, list!
Guess I need help, as I have no ideas that I haven't tried already.
0. Abstract
SOAP over https client. Somehow ssl options passed to LWP::UserAgent are
lost when an XML::Compile::Transport::SOAPHTTP is told to make use of it
('it' being the user agent), resulting in ssl failing to verify server's
certificate. :-( For the impatient: you can almost safely skip
odd-numbered paragraphs.
1. Prologue
Well, I need to deal with a SOAP service... There's this
Croatian official site for tax (PDV / IVA / VAT / MWSt / ...)
accounting, relating to invoices/receipts for cash transactions. The
official site has a test site double (thank heaven!), to enable
developers to test their applications before being let loose.
What I'm trying to do as my first step, is to ping the test site with
the simplest of operations, EchoRequest (as the name suggests, it
results in a very similar EchoReply, the purpose being to test (mostly)
transport connectivity and lower level application connectivity. (What
is not used in EchoRequest is X509 signing.)
2. Problem. Prerequisites
$wsdl->call fails with 'Can't connect to SERVER:PORT (certificate verify
failed)'
- Transport layer: HTTPS (SSL v3, minimum AES_256 encription) Test
site has a self-signed X509 server certificate.
- Client creation standard: WS-I
- Application proto: SOAP/HTTPS (SOAP 1.1)
(Test site is down for maintenance on workdays 4-5 p.m. GMT +1.)
3. Details:
The same ssl connection works flawlessly in two similar cases:
1. analyze-ssl.pl
2. initiated through a $ua = LWP::UserAgent->new
(tested by POSTing a hand-written soap message )
What defies my logic is the Can't connect result, when I try to use this
same $ua to create $transport =
XML::Compile::Transport::SOAPHTTP->new( user_agent => $ua, ...
What really happens is that the ca_file option somehow gets ignored, so
the default CA file is consulted, which is no good because this test
site is using a self-signed certificate...
I'm on an old OpenSuse (12.2) and I hope I checked all the relevant perl
modules for updates. I'm running perl (v5.16.0) built for
x86_64-linux-thread-multi.
4. Relevant part of code:
# my $wsdl = ...
my $ua = LWP::UserAgent->new;
$ua->ssl_opts(verify_hostname => 1, SSL_ca_file => $finaTestCA);
my $transport = XML::Compile::Transport::SOAPHTTP->new
(
user_agent => $ua #, more options...
);
my $send = $transport->compileClient();
my $call = $wsdl->compileClient
( operation => 'echo'
, transport => $send);
my $operation = $wsdl->operation(operation => 'echo');
$wsdl->compileCall($operation);
my ($out, $trace) = $wsdl->call('echo', _ => 'Hi there!');
5. Plea:
Please, help me! What am I missing here? :-(
6. Additional info:
I uploaded a collection of files to a Dropbox folder:
https://www.dropbox.com/sh/3vwm7ud6kx8ux2f/AABnRUdeMYWYgvJHZb8JUzUTa?dl=0
justEcho : the sorry perl script
3 files the script loads:
democacert.pem
FiskalizacijaSchema.xsd
FiskalizacijaService.wsdl
Debug output of 1 run of justEcho:
justEcho.stderr.log
justEcho.stdout.log
A part of a wireshark trace:
2xSSL_1stOIK-2ndNOT.pcapng (SOAP server is at 185.20.28.208,
obviously. Use Analyze / Decode As : SSL ).
Well, I guess I covered it all... thank you for your patience.
Suggestions are welcome, while a solution to my problem is, thank you
very much, _very_ welcome ;-)
Regards,
Darki
--
Age is an issue of mind over matter. If you don't mind, it doesn't
matter.
More information about the Xml-compile
mailing list