Problems with scripts (like CSF Firewall) that cannot access remote files via HTTPS (Perl SSL issue)

netizen · July 31, 2016, 8:36am

Can someone please help me with this?

I am having a problem which I can’t find the cause.

I am using Centos 6 with virtualmin, + Authentic Theme + CSF firewall.
Everything was working normally up to the day that Authentic Theme stopped being able to be updated.
In my efforts to troubleshoot why I reinstalled perl-Net-SSLeay and I believe also perl-IO-Socket-SSL however this proved not to be the problem as the quickfix was elsewhere ( https://github.com/authentic-theme/authentic-theme/issues/491#issuecomment-235872348 )
Although the theme update problem was fixed, I started having another problem. CSF LFD deamon is not able to download remote files with IPs when accessing them with httpS
The error was similar to this:

Unable to retrieve blocklist OPENBL - Unable to download: Can’t connect to www.openbl.org:443 (Network is unreachable)

I uninstalled perl-Net-SSLeay and perl-IO-Socket-SSL and then reinstalled only perl-IO-Socket-SSL. The error was now different:

Unable to retrieve blocklist OPENBL - Unable to download: Can’t connect to www.openbl.org:443 (Crypt-SSLeay can’t verify hostnames)

Googling the problem prompted me to install perl-IO-Socket-SSL as well. Doing this however brings me back to the same problem with “Network is unreachable” error.

Any idea what’s going on here?

Ilia · July 31, 2016, 9:20am

The same is happening when using, let’s say Gray Theme, right?

netizen · July 31, 2016, 12:15pm

Yes. I tried just now the Virtualmin Framed Theme and it does the same.
I don’t think it is a matter of theme anyway. I am just asking general help how to solve it.

netizen · July 31, 2016, 12:21pm

FYI blocklists that are NOT on httpS locations are being downloaded fine.
Only the SSL ones produce the issue.

netizen · August 1, 2016, 4:31pm

anyone?

netizen · August 5, 2016, 7:17am

I asked the question on Centos Forums and they suggested that the CP (Virtualmin) might have special configuration in place that might not be compatible with stock versions. Is this case?
Any idea what to do about this issue?

My related installed software is as follows:

Installed Packages
Name : perl-Net-SSLeay
Arch : x86_64
Version : 1.35
Release : 10.el6
Size : 593 k
Repo : installed
From repo : base

–
Installed Packages
Name : perl-IO-Socket-SSL
Arch : noarch
Version : 1.31
Release : 3.el6
Size : 146 k
Repo : installed
From repo : base

–

Thank you

Joe · August 7, 2016, 8:58pm

Nah, they’re wrong (and I told’em so).

It sounded like from your centos post that you’d installed some stuff from other sources (maybe cpan?), which might be the culprit here. I’m not sure how to guide you on fixing things, as I’ve never seen/used CSF. I would guess you’re on the right track poking at the relevant Perl modules. Reverting back to what was working before is probably the smart first step; getting rid of the stuff installed manually and going back to just using the yum-provided packages is where I’d start, anyway.