Ignore SSL certificates in LWP

Ever since release 6.00, Perl’s LWP validates the server’s SSL certificate on HTTPS requests. By default, LWP will use the certificate bundle provided by Mozilla::CA to verify the server certificate. This is detailed in the changelog for 6.00.

There are two way of reverting to the old behaviour (ignore server certificate):

Setting an environment variable, ie:


Passing an option to the LWP::UserAgent object asking for certificate validation to be ignored, ie:

    use LWP::UserAgent;
    use IO::Socket::SSL qw();

    my $ua = LWP::UserAgent->new(
        ssl_opts => {
            SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE,
            verify_hostname => 0,
#            SSL_hostname => '',# Set SSL_hostname if you do want to verify the hostname
                                # (ie, when using SNI https://en.wikipedia.org/wiki/Server_Name_Indication)

The SSL_hostname option is only required if you intend to fake the “Host” HTTP header ( so that it doesn’t mismatch with a similar header sent in the SSL handshake, see Server Name Indication ).

Ignore SSL certificates in LWP

Using tcpdump to capture network traffic on the command line

Looking at low level network traffic is often useful to diagnose application/system problems.

This is easy to do in modern browsers using devtools network capture widgets and extensions such as postman, but sometimes you need to diagnose traffic between servers in a live application, as opposed to being able to do the requests yourself from your browser. In these cases, tcpdump shines.

This article will cover how to use tcpdump to diagnose non-encrypted traffic. For encrypted traffic, ssldump can be used provided you have access to the private key used to encrypt the traffic.

To listen for traffic and write to stdout, the snippet is:

tcpdump -i any -s 65535 -n -A expression
  • -i The interface id to listen on ( run tcpdump -D to get a list of available interfaces, or just use the keyword “any” to listen in all network interfaces )
  • -n Don’t convert host addresses to names (avoid dns resolution, makes things faster)
  • -A Print packets in ASCII, excluding link level headers. Use -X for both hex and ASCII printout.
  • -s By default tcpdump only captures the first 68 bytes of each packet. This option allows you specify how much of each packet to capture. The maximum IP packet size is 65535.

See man pcap-filter for a full description of ‘expression’

Examples include:

tcpdump -i 11 -n -A -s 65535 port 80
tcpdump -i 11 -n -A -s 65535 dst host

Other useful flags:

  • -w write packets to a file which can later be replayed
  • -r read packets written with -w


tcpdump -i any -n -A -s 65535 -w network_traffic.capture
tcpdump -n -r network_traffic.capture -A port 80

The examples above will get you started, but for more detail, check the man pages and cheat sheet:

Happy sniffing!

Using tcpdump to capture network traffic on the command line

winetricks fails when installing vcrun2010

You run
winetricks vcrun2010

But get the message:

Using native,builtin override for following DLLs: msvcr100
Executing early_wine regedit c:winetrickstmpoverride-dll.reg
Executing wget -O msxml3.msi -nd -c –read-timeout=300 –retry-connrefused –header Accept-Encoding: gzip,deflate http://download.microsoft.com/download/8/8/8/888f34b7-4f54-4f06-8dac-fa29b19f33dd/msxml3.msi
–2011-03-12 23:10:19– http://download.microsoft.com/download/8/8/8/888f34b7-4f54-4f06-8dac-fa29b19f33dd/msxml3.msi
Resolving download.microsoft.com…,
Connecting to download.microsoft.com||:80… connected.
HTTP request sent, awaiting response… 404 Not Found
2011-03-12 23:10:20 ERROR 404: Not Found.

Note: command ‘wget -O msxml3.msi -nd -c –read-timeout=300 –retry-connrefused –header Accept-Encoding: gzip,deflate http://download.microsoft.com/download/8/8/8/888f34b7-4f54-4f06-8dac-fa29b19f33dd/msxml3.msi’ returned status 8. Aborting.
vcrun2010 failed

The VC2010 runtime redistributable setup needs to load msxml3. winetricks tries to download it from a location in the microsoft.com website where it is no longer available. Instead, search the web for the file “msxml3.msi” and edit winetricks to point to it, eg:

vi winetricks

Find the load_msxml3 function, and replace the download location:


w_download msxml3 http://download.microsoft.com/download/8/8/8/888f34b7-4f54-4f06-8dac-fa29b19f33dd/msxml3.msi d4c2178dfb807e1a0267fce0fd06b8d51106d913


w_download msxml3 ftp://ftp.uni-rostock.de/pub/tools/microsoft/XML/US/msxml3.msi

winetricks fails when installing vcrun2010