MSA 1040: Perl XML API via HTTPS login problem

ehsianturi · ‎08-17-2016

I am using HPE MSA 1040, and trying to configure the storage server MSA 1040 via CLI by using a Perl script. I took the Perl code from HPE MSA 1040/2040 CLI Reference Guide page 17, which I have a problem of SSL login:

use LWP::UserAgent;
use Digest::MD5 qw(md5_hex);
use XML::LibXML;
use IO::Socket::SSL qw(debug3);

my $md5_data = "manage_!manage";
my $md5_hash = md5_hex( $md5_data );

# Create a user agent for sending https requests and generate a request object.

$user_agent = LWP::UserAgent->new( );
$url = 'https://msa1040_ip_address/api/login/' . $md5_hash;
# Create a user agent for sending https requests and generate a request object.
$request = HTTP::Request->new( GET => $url );

# Send the request object to the system. The response will be returned.
$response = $user_agent->request($request);

I couldn't establish an SSL connection, as can be seen from the debug messages:

DEBUG: .../IO/Socket/SSL.pm:2755: new ctx 48462496
DEBUG: .../IO/Socket/SSL.pm:624: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:626: socket connected
DEBUG: .../IO/Socket/SSL.pm:648: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:684: not using SNI because hostname is unknown
DEBUG: .../IO/Socket/SSL.pm:716: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:737: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:750: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:753: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:763: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:773: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:793: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:750: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2656: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:2609: ok=0 [0] /C=US/ST=CO/O=HP/OU=MSA-Storage/CN=172.22.1.190/C=US/ST=CO/O=HP/OU=MSA-Storage/CN=172.22.1.190
DEBUG: .../IO/Socket/SSL.pm:753: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:756: SSL connect attempt failed

DEBUG: .../IO/Socket/SSL.pm:756: local error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:759: fatal SSL error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: ...18.2/Net/HTTPS.pm:69: ignoring less severe local error 'IO::Socket::IP configuration failed', keep 'SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
DEBUG: .../IO/Socket/SSL.pm:2777: free ctx 48462496 open=48462496
DEBUG: .../IO/Socket/SSL.pm:2782: free ctx 48462496 callback
DEBUG: .../IO/Socket/SSL.pm:2789: OK free ctx 48462496

Note the error:
SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

What did I do wrong here? It's the code that I took from the example provided by HPE, and yet it doesn't work. I am using Perl v5.18.2 (from a Debian Trusty).

ehsianturi · ‎08-19-2016

OK I think my problem is that the Perl library cannot find the authentication certificate. I have tried to specify the certificate, but still it doesn't work.

Since my Perl script will be used in the preparation/configuration phase, I don't really care about the communication security, and I bypass the host verification as a workaround.

So what I need is just one line:

$user_agent = LWP::UserAgent->new( );

$user_agent->ssl_opts(verify_hostname => 0); # BYPASS HOSTNAME VERIFICATION!

$url = 'https://msa1040_ip_address/api/login/' . $md5_hash;
$request = HTTP::Request->new( GET => $url );
$response = $user_agent->request($request);

... and BOOM! It works.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

MSA 1040: Perl XML API via HTTPS login problem

MSA 1040: Perl XML API via HTTPS login problem

Re: MSA 1040: Perl XML API via HTTPS login problem