[Spce-user] Can't connect to 127.0.0.1:1442 (certificate verify failed)

Alexander Griesser AGriesser at anexia-it.com
Mon Jun 6 07:02:37 EDT 2016 

> > Please check certificate for www_admin.http_system.sslcertfile AFAIK 
> > it claims on cert on port 1442
> 
> Yes, the intermediate was missing here - I just checked and fixed that now.
> @Matthias: Please check again.

1442 is now delivering the correct chain, wget and curl do not complain when trying to access the service on 1442 (but only, if I create a fake hostname which points to 127.0.0.1 and matches the name in the certificate, see below):

root at spce:~# curl https://<hostname>:1442
<!DOCTYPE html>
[...]

Without the chain, we had to use the insecure flag previously, so this is fixed now, but still, the fraud script is throwing the following error:

500 Can't connect to 127.0.0.1:1442 (certificate verify failed) Can't connect to 127.0.0.1:1442 (certificate verify failed)

The thing is, that since this service is trying to connect to 127.0.0.1:1442 and we're using an official wildcard certificate, the IP address 127.0.0.1 is not part of the certificate and looking at http.pm line 49, the following happens:

    unless ($sock) {
        # IO::Socket::INET leaves additional error messages in $@
        my $status = "Can't connect to $host:$port";
        if ($@ =~ /\bconnect: (.*)/ ||
            $@ =~ /\b(Bad hostname)\b/ ||
            $@ =~ /\b(certificate verify failed)\b/ ||
            $@ =~ /\b(Crypt-SSLeay can't verify hostnames)\b/
        ) {
            $status .= " ($1)";
        }
        die "$status\n\n$@";
    }

So this request will never work out since the hostname just does not match what's in the certificate - so we would need a way to have the script connect to a hostname instead of 127.0.0.1 - where can I change the destination IP/URL the script is using for this specific connection?

Best,

Alexander Griesser
Head of Systems Operations

ANEXIA Internetdienstleistungs GmbH

E-Mail: AGriesser at anexia-it.com 
Web: http://www.anexia-it.com 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

More information about the Spce-user mailing list