无法使用 perl IO::Socket::SSL 完成与 gateway.push.apple.com 的 SSL 握手

Posted 2023-02-23

【中文标题】无法使用 perl IO::Socket::SSL 完成与 gateway.push.apple.com 的 SSL 握手

【英文标题】：Cannot complete SSL handshake with gateway.push.apple.com using perl IO::Socket::SSL

【发布时间】：2016-04-04 08:14:03

【问题描述】：

我对这类事情很陌生，不知道我做错了什么。

在 Mojolicious 应用程序中，我正在努力连接到 Apple Push Notification SSL Socket。我想向应用发送推送通知。

调试信息：

DEBUG: .../IO/Socket/SSL.pm:2700: new ctx 138351632
DEBUG: .../IO/Socket/SSL.pm:612: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:614: socket connected
DEBUG: .../IO/Socket/SSL.pm:636: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:669: using SNI with hostname gateway.push.apple.com
DEBUG: .../IO/Socket/SSL.pm:704: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:736: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2601: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:2554: ok=0 [1] /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification     Authority (2048)/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
DEBUG: .../IO/Socket/SSL.pm:739: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:742: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:742: local error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:745: fatal SSL error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: ...5.18/IO/Socket.pm:48: ignoring less severe local error 'IO::Socket::IP configuration failed', keep 'SSL connect attempt failed error:14090086:SSL     routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
DEBUG: .../IO/Socket/SSL.pm:2733: free ctx 138351632 open=138351632
DEBUG: .../IO/Socket/SSL.pm:2738: free ctx 138351632 callback
DEBUG: .../IO/Socket/SSL.pm:2745: OK free ctx 138351632

代码片段位：

use IO::Socket::SSL qw(debug3);

my $cl = IO::Socket::SSL->new(
  PeerHost => 'gateway.push.apple.com',
  # PeerHost => 'gateway.sandbox.push.apple.com',
  PeerPort => '2195',
  SSL_verify_mode => SSL_VERIFY_PEER,
  SSL_ca_file => '/var/www/foo/bar/cert/ck.pem',
);

我不知道去哪里或从这里做什么？

【问题讨论】：

服务器端的 ssl 证书有问题。检查 ssl 证书是否有效？

我的猜测是/var/www/foo/bar/cert/ck.pem 不包含签署您从服务器获得的证书的 CA。但是不知道这个文件的内容就很难分辨。

除此之外，我认为该服务需要一个客户端证书，您需要使用 SSL_cert_file 和 SSL_key_file 指定该证书。

我明白了：我使用了错误的密码！我能够实现更简单的 perl 模块 Net::APNS。

【参考方案1】：

我想通了：我使用了错误的密码！我能够实现更简单的 perl 模块 Net::APNS

use Net::APNS;

my %settings = (
  cert   => "$Cert_file",
  key    => "$Cert_key_file",
  passwd => "$passphrase",
);

if(my $Notifier = Net::APNS->new->notify(\%settings)) 
  $Notifier->write(
    devicetoken => "$device_token",
    message     => "$message",
    sound       => 'default',
    badge       => 1
  );

  return 1 if defined($Notifier) and ref($Notifier) eq "Net::APNS::Notification";

感谢您的所有意见！