Forums

Unexpected (and temporary) SSL error

Sort:
skelos
skelos
Show your flair!
Dec 2, 2017
0
#1

$ lwp-dump https://api.chess.com/pub/player/skelos

500 Can't verify SSL peers without knowing which Certificate Authorities to trust

Content-Type: text/plain

Client-Date: Sun, 03 Dec 2017 06:29:34 GMT

Client-Warning: Internal response

 

Can't verify SSL peers without knowing which Certificate Authorities to trust\n

This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE

envirionment variable or by installing the Mozilla::CA module.\n

To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME

envirionment variable to 0.  If you do this you can't be sure that you

communicate with the expected peer.\n

 

That error didn't repeat when I tried again. Mentioning it here, but I don't really know what happened behind the scenes for CAs when I installed a SSL module for perl, but it did report at the time recognising a number, so I assume the keys were shipped with the code.

Why https://api.chess.com would give an error and then immediately return to working I don't know.

bcurtis
bcurtis
Staff
Dec 7, 2017
0
#2

At that time, our datacenter came under a DDoS attack. It is possible that some regular communication channels for your perl library were disrupted. More likely is that it maintains an internal cache, and for some reason it was unable to validate the certificate in time, but subsequent requests hit the cache and were fine. I cannot think of other reasons. Please do let us know if you encounter anything like this again.

skelos
skelos
Show your flair!
Dec 7, 2017
0
#3

OK. No problem; I mentioned it in case it turned up as a semi-regular thing, but in the midst of a DDoS attack it's fantastic that the site stayed up.

I dislike DoS attackers almost as much as I hate email spammers. I've had to give up email; some people insist on an email address but due to the heavy filtering I must use my receiving any item of email is chancy.

Of course, paper mail is stolen from my mailbox semi-regularly, and while telcos are very good at SMS delivery I've had text messages not be delivered.

The only way to be sure I've received a message is if you ask me to reply, I do, and you receive my reply.

Life in the 21st century ain't all it was supposed to be. sad.png

(And yeah, I wrote one of the first spam filters and used to run enterprise class mail servers. Other than internal to an organisation -- and that only when there's no spam emitting malware on the internal network -- email is useless.)