Net::OpenID::Consumer failure: naive verify failed network

I was working on adding OpenID to a Mojolicious webapp on DotCloud—thanks to helpful sample code from Henry that Net::OpenID::Consumer-1.03—and hit a strange failure. The call to handle_server_response was failing in the error callback with a generic error code naive_verify_failed_network.

Going source diving, I learned slightly more about this particular error: “Could not contact provider to verify signature.” Details, man; I’m a fact finder! The good news is this particular error code is returned in a single place, at line 849:

return $self->_fail("naive_verify_failed_network")
    unless $res && $res->is_success;

Here $res is an HTTP::Response instance returned from the request method on LWPx::ParanoidAgent. HTTP::Response has another helpful method:


Returns a string containing a complete HTML document indicating what error occurred. This method should only be called when $r->is_error is TRUE.

So I first do a little plumbing for my Mojolicious::Lite prototype.

my $log = app->log;
$SIG{"__WARN__"} = sub {
  unshift @_, $log;
  goto $log->can("warn");

Grungy, yes, but it’s a quick adaptation of a nicer technique for debugging non-lite apps.

Just before return $self->_fail ..., I added

if ($res && $res->is_error) {
    warn $res->error_as_HTML;

After retrying the OpenID verification, my log contained

501 Attempt to reload LWPx/Protocol/ aborted

but running grep -rl Attempt\ to\ reload ~/perl5/lib produced no hits.

Same with Google.

Chopping the specific bits out of my query, leaving “Attempt to reload” aborted, the first hit was a perldiag entry.

Attempt to reload %s aborted.

(F) You tried to load a file with use or require that failed to compile once already. Perl will not try to compile this file again unless you delete its entry from %INC. See require in perlfunc and %INC in perlvar.

Okay, so let’s see why the module is unhappy:

$ perl -Iperl5 -MLWPx::Protocol::https_paranoid -de 0

Loading DB routines from version 1.33
Editor support available.

Enter h or `h h' for help, or `man perldebug' for more help.

Can't locate IO/Socket/ in @INC at ...

Hidden dependency! IO::Socket::SSL is good to have with Mojolicious, so I edited my Makefile.PL to include

requires "IO::Socket::SSL" => '1.43';

A sequence of perl Makefile.PL; make; dotcloud push ... gave me successful OpenID verification! As an extra goodie thanks to DotCloud, instead of a Cache::File instead, my code uses Redis in the cache parameter to Net::OpenID::Consumer’s constructor.