I have been experiencing the same exact issue as well. Hoping somebody can provide some input.
The maintainers of IO::Socket::SSL added the additional check in a recent version (1.79 maybe?).
The problem I believe is that the LWP::UserAgent doesn't even expose the configuraiton options for environment variables. To make it more complicated, the VMware VICommon.pm has two seperate locations where UserAgent is created (Vim::query_server_version & SoapClient::new). Both would have to be changed to effectively fix the issue.
Just out of curiousity, what version of IO::Socket::SSL are you using? Run the following to print out the version number.
perl -M'IO::Socket::SSL' -e 'print "$IO::Socket::SSL::VERSION\n"'
I haven't been able to try this since none of my environments are using one of the newest IO::Socket::SSL versions, but maybe try switching to Net::SSL as a work around? Alternatively, perhaps drop down to an older version of IO::Socket::SSL.
Try adding this to the end of your script, let me know if it works. This _should_ switch to Net::SSL. You may have to install Net::SSL.
BEGIN {
$ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = "Net::SSL";
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
}
I could only get that warning string if I explicity imported IO::Socket::SSL in my script. If I imported Net::SSL just after, it worked.
If the BEGIN { } block doesn't fix it as specified above, try import Net::SSL right after VMware::VIRuntime.
use VMware::VIRuntime;use Net::SSL;There's may be some preference (intended or not) for Net::SSL, or some other change in how LWP determine what SSL socket class to use.
Let me know if either option works. You may also need to install Net::SSL.
Thanks
Ok so then I searched these forums some more and found an answer to the LAG SOAP error and used someones solution to this:
VI_SERVER=10.10.10.1 VI_CREDSTORE=/etc/vicredentials.xml /usr/lib/vmware-vcli/apps/vm/vmcontrol.pl --operation reset --vmname testhost.test.local
virtual machine 'testhost.test.local' under host reset successfully
It then worked
Seriouslly a freaken pain:
* Downgrade to IO-Socket-SSL from 1.77
* Use these instructions next:
The IO::Socket::SSL update really shook things up and the modules that depend on it don't have the fall through options to modify the underlying ssl_opts built in. It's a bit of a mess 😕
To be fair, it's not really a VMware SDK issue, but I do think some enhancements could be added to support it better. It's a legitimate concern to stress the issue of blindly trusting certificates.
I suppose the proper solution would be to write a utility script to accept and build a certificate store that can be access with the CA ENV options that IO::Socket::SSL wants instead of SSL_verify_none.
I have gotten the same problem and now, I found out the cause for my environment.
1. https_proxy
My environment is befind a proxy, and "export https_proxy=..." seemed to be evil for vCLI.
If you are using proxy, try "unset https_proxy".
2. Perl_module version
As mentioned in http://search.cpan.org/~gaas/libwww-perl-6.04/lib/LWP/UserAgent.pm,
LWP will for secure protocol schemes ensure it connects to servers that have a valid certificate matching the expected hostname.
in newer version than libwww-perl-5.837. libwww-perl-5.837 and earlier releases have no problem.
So what I did is,
remove ~/.cpan files and reinstall libwww-perl for my env.
cpan> i /libwww-perl/
...
Hope this help you.
Hi,
It seems it was deprecated when LWP changed from 5.8x to 6.0. The culprit is LWP::UserAgent.
You can bypass the issue by downloading the SSL certificate from the vCenter and setting HTTPS_CA_FILE=MyCertFile.
Since there is -for now, I hope- what to disable the check enforcement on the LWP module, would it be possible to add the cert file as one of the standard parameters on the Perl SDK?
Cheers
César
export PERL_LWP_SSL_VERIFY_HOSTNAME=0
It's works.
Hi
Thank you SO mych, degdoo, your post sorted me after many hours of trawling through the Net!
I run Open SuSE 11.4 as a standalone server, trying to connect to my ESXi 5.0 server , and had endless trouble trying to run any vSphere SDK for Perl script ( like the connect.pl )
I installed vSphere SDK for Perl on a standalone server, with the aim to run the HealthCheck script on it.
I got these errors:
Server version unavailable at 'https://X.X.X.X:443/sdk/vimService.wsdl' at /usr/lib/perl5/5.12.3/VMware/VICommon.pm line 545, <STDIN> line 2.
I also set the environment variable:
export PERL_LWP_SSL_VERIFY_HOSTNAME=0
This resulted in the following error, plus a very long wait, and finally, another error:
------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I followed the instructions posted by "degdoo", installing "libwww-perl" as instructed.
This works 100% now, and I don't even have to set the environment variable as listed above!
Thanks again, this was very useful, and saved me a lot of time.
install GAAS/libwww-perl-5.837.tar.gz
Also, worked for me - Thanks
Chris
works for me!
Hey! I also have the same problem, but unfortunately degdoo advise didn't help....
Does anyone knows how to solve this issue?
Thanks
Thanks a lot degdoo.
I was having the same problem and your solution resolved the problem for me.
Thanks, your info made my day end with a smile!