Crypt::SSLeay Failing to Verify Server's Certificate

This section provides a tutorial example on how Crypt::SSLeay fails to verify HTTPS server's certificate using the HTTPS_CA_FILE environment variable, the CA certificate can not be found.

The test on https://login.yahoo.com finished nicely in the previous tutorial. It's time to play with another HTTPS server, www.paypal.com:

herong> Crypt_SSLeay_HTTPS_GET_with_CA.pl \
   https://www.google.com/accounts/ServiceLogin \
   > google.txt

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Failed to GET 'https://www.google.com': 500 SSL negotiation failed:
   at C:\herong\Crypt_SSLeay_HTTPS_GET_with_CA.pl line 12.

Can you see what's wrong here? Here is my guess:

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

 macOS Certificate Stores and Keychain Access

Perl Scripts Communicating with HTTPS Servers

 Installing Crypt::SSLeay 0.72 on Windows

 LWP Library Supports HTTPS

 LWP SSL verify_hostname Setting

 LWP SSL List of Root CA Certificates

 Crypt::SSLeay Test Perl Script

 HTTPS Request and Response Example

 Asking Crypt::SSLeay to Verify Server's Certificate

Crypt::SSLeay Failing to Verify Server's Certificate

 Multiple CA Certificates in a Single File

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Archived Tutorials

 References

 Full Version in PDF/EPUB