Read from socket problem

Marek_Vancik · September 20, 2018, 1:13pm

I am running RT 4.4.2 on Apache/2.4.25. I want to make a GET request to server from my custom page inside RT. Here is the relevant part of code:

#!/usr/bin/perl

use strict;
use warnings;
use IO::Socket::SSL 'debug3';
use LWP::UserAgent;
use LWP::ConsoleLogger::Everywhere ();
use JSON;

BEGIN {
    $ENV{HTTPS_DEBUG} = 1; 
    $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = 'IO::Socket::SSL'; # force LWP::UserAgent to use Net::SSL in case that IO::Socket::SSL is installed too
}

sub log_list
{
    my $par = shift;
    my $list = shift;

    my $query = "https://server.com/script.cgi?action=aaa&par=" . $par . "&";
    my $ua = LWP::UserAgent->new();

    $ua->ssl_opts(
        SSL_cert_file   => '/path/to/cert',
        SSL_key_file    => '/path/to/key',
        SSL_version     => 'TLSv1_2',
        verify_hostname => 0,       
    );

    my $res = $ua->get($query);

    if($res->is_success)
    {
        my $json = $res->decoded_content;
        my $decoded_json = decode_json($json);
        push (@$list, @{$decoded_json->{'result'} });
    }
    else
    {
        die $res->status_line;
    }
}

my %list;

log_list('value', \%list);

print %list;

When I run this as a separate script from the command line I get the correct result. But when I put it in a Perl module and call it from HTML page in RT I get following error in logs:

DEBUG: …/IO/Socket/SSL.pm:862: ssl handshake done
DEBUG: …/IO/Socket/SSL.pm:1106: SSL read error
DEBUG: …/IO/Socket/SSL.pm:1106: local error: SSL read error error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

And this is in response (probably created on local machine):

Status read failed: at /usr/local/share/perl/5.24.1/Net/HTTP/Methods.pm line 282

It fails when reading from the socket.

I tried this with another SSL Socket implementation - Net::SSL It works for a few hours but then errors start appearing with increasing frequency until it does not work at all. I get the same error in response. It starts to work again when I restart the apache service . Therefore I think there might be some race condition when reading from the socket and it has little to do with the handshake (from the script the handshake works all the time).

I am stuck here. What can cause this and how can I get more information about this problem?

GreenJimll · September 21, 2018, 7:44am

Do you have SELinux turned on (enforcing) on the server? The reason I ask is that I’ve been bitten by that stopping scripts running in a web server from starting new network connections (LDAP lookups in RT for example).