- $ cmd='use LWP::UserAgent;
print length(LWP::UserAgent->new->get
("https://www.facebook.com/
->decoded_content), "\n";'
$ /usr/bin/perl -e "$cmd"
158
$ /opt/local/bin/perl -e "$cmd"
20937
The error in the former case is this pack of lies:
- Can't connect to www.facebook.com:443 (Host is down)
LWP::Protocol:: https::Socket: connect: Host is down at /Library/
I'm guessing
export PERL_LWP_SSL_VERIFY_HOSTNAME=0doesn't have anything to do with this, but on my 10.9.2 box I have to set this to get the command to work. (when I run the Perl w/o the length() wrapping it, I get a warning about SSL and CAs that directs me to this command. After setting it, everything works. I haven't done much CPAN on this box, so it's just the system packages as far as I know).
If that is the case (and I think it is), then this might be helpful too: http://search.cpan.org/~gaas/LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm
Install the Mozilla::CA module. This is a change of default (towards requiring certificate verification) that caught a lot of people unaware.
$ /usr/bin/perl -e 'use LWP::UserAgent; print LWP::UserAgent->new->get ("https://www.facebook.com/media/set/?set=a.243839749129060.1073741851.158694774310225") ->decoded_content'
Can't verify SSL peers without knowing which Certificate Authorities to trust
This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
envirionment variable or by installing the Mozilla::CA module.
To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
envirionment variable to 0. If you do this you can't be sure that you
communicate with the expected peer.
What was unclear about that?
Apart from repeatedly spelling environment wrong, I mean.
The error message I was getting is exactly what I pasted: it made no mention of Mozilla::CA or any of those variables.
But some combination of installing Mozilla::CA and *re*installing LWP::Protocol::https seems to have fixed it.
Ugh.
Wait, no, that didn't fix it.
The problem is now intermittent. WTF.
The problem being intermittent is a special kind of hell. Have you tested this against a webserver with an SSL certificate that you know is good and valid and stable? I would hate for you to be spending your time debugging a fuckup on facebook's side of the fence.
Odd. Mine is plain 10.9.2 (Perl 5.16.2) and I never touch CPAN (or Perl).
In this case, it is now an improvement that they're verifying hostnames. SSL is pretty much useless without it. You just need a reasonable collection of certs and everything should work fine.
I have similar problems with ikiwiki right now and, oh joy, Mozilla::CA is not in debian (and it seems it won't be).
http://ikiwiki.info/bugs/openid_login_fails_wirth_Could_not_determine_ID_provider_from_URL/