I am running Debian Jessie. I have a script that was working perfectly a couple of weeks ago on a virtual machine but has now stopped working suddenly. I can't think of any perl module updates I made that would have broken this. And if I run the script from another Jessie server, it works fine.
Here is the relevant code:
use LWP::UserAgent;
my $browser = LWP::UserAgent->new;
my $url = 'https://api.vimeo.com/oauth/authorize/client';
my $response = $browser->post($url, { grant_type => 'client_credentials' }, 'Authorization' => ' basic ' . encode_base64('CLIENT_ID:CLIENT_SECRET') );
if ($response->code ne '200') {
logf("There was a problem with the server response from Vimeo while requesting an access token.\nServer response: " . $response->decoded_content);
}
The error thrown is coming from /usr/share/perl5/LWP/Protocol/http.pm line 49 and reads: Can't connect to api.vimeo.com:443
When I run the script with use IO::Socket::SSL qw(debug3); here's what I get for output:
DEBUG: .../IO/Socket/SSL.pm:2537: new ctx 56137248
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=59040416
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58950080
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=58950080
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61018848
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=59035200
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=59044736
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:1758: IO::Socket::IP configuration failed
DEBUG: .../IO/Socket/SSL.pm:2570: free ctx 56137248 open=56137248
DEBUG: .../IO/Socket/SSL.pm:2575: free ctx 56137248 callback
DEBUG: .../IO/Socket/SSL.pm:2582: OK free ctx 56137248
The the $browser user agent is able to successfully execute a get request https://facebook.com without issue. It just doesn't seem to work for Vimeo.
fatal SSL error: ... :OCSP_check_validity:status not yet valid
Vimeo uses OCSP stapling to ease revocation checks but attaches a OCSP response which your system considers as not yet valid. It might be that the time on your system is wrong so that it thinks that the timestamp in the response is in the future, whereas it is in the present.
And if I run the script from another Jessie server, it works fine.
If both servers run the same software then I guess that the problematic server has the wrong time.