ssl debugging

Elliott A. Johnson elliott at iparadigms.com
Tue Apr 1 19:41:12 UTC 2008 

Thanks hachi I've been able to gather more information with debug level 4.

With the intermediate and wildcard cert in the same file I get the following back from perlbal per connection:

 Got new conn: IO::Socket::INET=GLOB(0x88a6188) (192.168.51.71:35070) for reverse_proxy
  .. socket upgraded to SSL!

and nothing else.

Maxing out the debugging on openssl's s_client end:

  elliott at rad ~ $ openssl s_client -host static.host.com -port 443 -showcerts -debug -tlsextdebug -state -msg -pause
  CONNECTED(00000003)
  SSL_connect:before/connect initialization
  write to 0x80c49e8 [0x80c4a30] (142 bytes => 142 (0x8E))
  0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c... ..9..
  0010 - 38 00 00 35 00 00 88 00-00 87 00 00 84 00 00 16   8..5............
  0020 - 00 00 13 00 00 0a 07 00-c0 00 00 33 00 00 32 00   ...........3..2.
  0030 - 00 2f 00 00 45 00 00 44-00 00 41 00 00 07 05 00   ./..E..D..A.....
  0040 - 80 03 00 80 00 00 05 00-00 04 01 00 80 00 00 15   ................
  0050 - 00 00 12 00 00 09 06 00-40 00 00 14 00 00 11 00   ........ at .......
  0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 7d ee   ..............}.
  0070 - 44 6d 8b 7c be a7 27 5f-86 7e e6 17 ab 03 03 27   Dm.|..'_.~.....'
  0080 - 23 e1 8f b5 20 88 6d 1c-ff dc 5d ae 21 eb         #... .m...].!.
  >>> SSL 2.0 [length 008c], CLIENT-HELLO
      01 03 01 00 63 00 00 00 20 00 00 39 00 00 38 00
      00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00
      13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f
      00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03
      00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00
      12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08
      00 00 06 04 00 80 00 00 03 02 00 80 7d ee 44 6d
      8b 7c be a7 27 5f 86 7e e6 17 ab 03 03 27 23 e1
      8f b5 20 88 6d 1c ff dc 5d ae 21 eb
  SSL_connect:SSLv2/v3 write client hello A
  read from 0x80c49e8 [0x80c9f90] (7 bytes => -1 (0xFFFFFFFF))
  SSL_connect:error in SSLv2/v3 read server hello A
  write:errno=104

In looking at SocketSSL.pm I see the following at the head of the file:

  use Danga::Socket 1.44;
  use IO::Socket::SSL 0.98;

Should I be using those versions or will IO-Socket-SSL 1.13 work?


elliott

----- Original Message -----
From: "hachi" <hachi at kuiki.net>
To: "Elliott A. Johnson" <elliott at iparadigms.com>
Cc: perlbal at lists.danga.com, "bill" <bill at iparadigms.com>, "Christian Storm" <cstorm at iparadigms.com>
Sent: Tuesday, April 1, 2008 10:19:29 AM (GMT-0800) America/Los_Angeles
Subject: Re: ssl debugging

You can set PERLBAL_DEBUG in your environment before starting up perlbal 
to an integer where higher numbers are more verbose. I believe the 
highest debug value that exists right now is 4.

More information about the perlbal mailing list