1
votes

on i start io::socket::ssl tls conncetion

my example it is work with google and facebook but it is not work with sip tls server

that is sip tls server

I am having trouble skipping the certificate

#/usr/bin/perl
use IO::Socket::SSL;

start_connection("2.50.44.55:5061");

sub start_connection{
    my @parms = @_;
    my $host  = $parms[0];
 
    my $sock = IO::Socket::SSL->new(
        PeerAddr => $host,
        SSL_startHandshake => 0,
    ) or die $!;
    $sock->connect_SSL() or die $SSL_ERROR;
    print "Good Connection"
}

on i setart conncet i have this error

SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed at dd.pl line 14

1
Please visit the following web page. - Polar Bear
@PolarBear my example it is work with google and facebook but it is not work with sip tls server - Mohammed Ibrahim
Does your SIP server has valid SSL certificate? - Polar Bear
@PolarBear the server it is work with other c# program .. but not work with my perl socket program - Mohammed Ibrahim
Perl attempts to verify server SSL certificate and for some reason verification fails. If you have self signed certificate then you need to provide it to your perl script otherwise it can not use it. If you obtain the certificate from trusted CA then the problem should not manifest itself. - Polar Bear

1 Answers

2
votes

You are using a self-signed certificate here. IO::Socket::SSL by default checks that the certificate can be trusted and a self-signed certificate cannot be trusted unless explicitly known by the client. While you could simply disable certificate validation this would basically disable any meaningful security since some man in the middle attacker could impersonate the real server without the client noticing it.

The best way would probably to get a certificate signed by a publicly trusted CA, like Let's Encrypt. If you insist on using a self-signed certificate though you might specifically trust this certificate by using the SSL_fingerprint option.

To get the necessary certificate fingerprint:

 $ echo | openssl s_client -connect 2.50.44.55:5061 |\
    openssl x509 -noout -fingerprint
 ...
 SHA1 Fingerprint=CE:68:62:68:30:EA:F4:64:82:F5:5C:B7:FB:F4:DA:1B:77:88:9F:DD

Then to use this fingerprint with IO::Socket::SSL

my $sock = IO::Socket::SSL->new(
    PeerAddr => '2.50.44.55:5061',
    SSL_fingerprint => 'sha1$CE68626830EAF46482F55CB7FBF4DA1B77889FDD'
) or die $SSL_ERROR;