We Keep Coding

Mojo::UserAgent fails to verify certificate, where LWP::UserAgent succeeds

I have a simple perl script that uses LWP::UserAgent to connect to a secure site. It works fine. When I use Mojo::UserAgent, it fails to validate the certificate. This is reliable and repeatable. The basic Perl code is:
use strict;
use warnings;
use IO::Socket::SSL 1.980;
use LWP::UserAgent;
use Mojo::UserAgent;
$IO::Socket::SSL::DEBUG=3;
my $dst = "<DOMAIN>";
my $url = "<URL-AT-DOMAIN>";
my $A_OR_B = 1;
my $ua;
if ($A_OR_B) {
$ua = Mojo::UserAgent->new();
$ua->connect_timeout(20);
} else {
$ua = LWP::UserAgent->new();
}
my $resp = $ua->get($url);
if ($A_OR_B) {
print $resp->result->message;
print $resp;
} else {
print $resp->status_line."\n";
}
The output from the IO::Socket debugging is:
For the Mojo (failure):
DEBUG: .../IO/Socket/SSL.pm:3010: new ctx 48892560
DEBUG: .../IO/Socket/SSL.pm:1638: don't start handshake: IO::Socket::SSL=GLOB(0x2e957d8)
DEBUG: .../IO/Socket/SSL.pm:787: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:829: using SNI with hostname <DOMAIN>
DEBUG: .../IO/Socket/SSL.pm:864: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2911: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2864: ok=0 [3] /O=Digital Signature Trust Co./CN=DST Root CA X3/O=Digital Signature Trust Co./CN=DST Root CA X3
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:900: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:900: local error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:903: fatal SSL error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:3059: free ctx 48892560 open=
DEBUG: .../IO/Socket/SSL.pm:3063: free ctx 48892560 callback
DEBUG: .../IO/Socket/SSL.pm:3070: OK free ctx 48892560
SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
at /home/briefly/bad.pl line 26.
and the output for the LWP version (success), is:
DEBUG: .../IO/Socket/SSL.pm:3010: new ctx 41136976
DEBUG: .../IO/Socket/SSL.pm:762: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:764: socket connected
DEBUG: .../IO/Socket/SSL.pm:787: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:829: using SNI with hostname <DOMAIN>
DEBUG: .../IO/Socket/SSL.pm:864: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:880: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:917: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:937: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2911: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:917: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:937: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2864: ok=1 [2] /C=US/O=Internet Security Research Group/CN=ISRG Root X1/C=US/O=Internet Security Research Group/CN=ISRG Root X1
DEBUG: .../IO/Socket/SSL.pm:2864: ok=1 [1] /C=US/O=Internet Security Research Group/CN=ISRG Root X1/C=US/O=Let's Encrypt/CN=R3
DEBUG: .../IO/Socket/SSL.pm:2864: ok=1 [0] /C=US/O=Let's Encrypt/CN=R3/CN=tls.automattic.com
DEBUG: .../IO/Socket/SSL.pm:1840: scheme=www cert=41975232
DEBUG: .../IO/Socket/SSL.pm:1850: identity=< **VERY LONG LIST OF DOMAINS** >
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:917: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:937: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:952: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:3059: free ctx 41136976 open=
DEBUG: .../IO/Socket/SSL.pm:3063: free ctx 41136976 callback
DEBUG: .../IO/Socket/SSL.pm:3070: OK free ctx 41136976
200 OK
Does anyone have any insights?

I would suggest that LWP:UserAgent and Mojo::UserAgent use different trust stores. LWP::UserAgent will default to using Mozilla::CA while Mojo::UserAgent not. Try to enforce the use of Mozilla::CA with Mojo::UserAgent with
$ua->ca(Mozilla::CA::SSL_ca_file());

IO::Socket::SSL: SSL connect attempt failed

I do request to https://bank.gov.ua
my $ua = Mojo::UserAgent->new;
$ua->get("https://bank.gov.ua/NBUStatService/v1/statdirectory/exchange?valcode=EUR&date=$date_now&json");
And get error:
DEBUG: .../IO/Socket/SSL.pm:3010: new ctx 146452496
DEBUG: .../IO/Socket/SSL.pm:1638: don't start handshake: IO::Socket::SSL=GLOB(0xc955978)
DEBUG: .../IO/Socket/SSL.pm:787: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:829: using SNI with hostname bank.gov.ua
DEBUG: .../IO/Socket/SSL.pm:864: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:900: local error: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:903: fatal SSL error: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:3059: free ctx 146452496 open=
DEBUG: .../IO/Socket/SSL.pm:3063: free ctx 146452496 callback
DEBUG: .../IO/Socket/SSL.pm:3070: OK free ctx 146452496
I can do request with curl from this host to give url with no problem.
Does any know what problem is when I do this via IO::Socket::SSL (Mojo::UserAgent)?

This server is pretty strange:
the first request with openssl s_client -connect bank.gov.ua:443 fails with the server simply closing the connection: "SSL handshake has read 0 bytes and written 303 bytes"
the Mojo::UserAgent code fails too
doing a request with an explicit TLS 1.2 succeeds: openssl s_client -connect bank.gov.ua:443 -tls1_2
trying the first request again suddenly succeeds too
an the Mojo::UserAgent code now succeeds too
My only explanation is some firewall or load balancer which temporarily white lists an IP address in case it has seen a valid TLS ClientHello - and which considers TLS 1.3 not a valid one.

Unable to make SSL connecting with vimeo api URL

I am running Debian Jessie. I have a script that was working perfectly a couple of weeks ago on a virtual machine but has now stopped working suddenly. I can't think of any perl module updates I made that would have broken this. And if I run the script from another Jessie server, it works fine.
Here is the relevant code:
use LWP::UserAgent;
my $browser = LWP::UserAgent->new;
my $url = 'https://api.vimeo.com/oauth/authorize/client';
my $response = $browser->post($url, { grant_type => 'client_credentials' }, 'Authorization' => ' basic ' . encode_base64('CLIENT_ID:CLIENT_SECRET') );
if ($response->code ne '200') {
logf("There was a problem with the server response from Vimeo while requesting an access token.\nServer response: " . $response->decoded_content);
}
The error thrown is coming from /usr/share/perl5/LWP/Protocol/http.pm line 49 and reads: Can't connect to api.vimeo.com:443
When I run the script with use IO::Socket::SSL qw(debug3); here's what I get for output:
DEBUG: .../IO/Socket/SSL.pm:2537: new ctx 56137248
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=59040416
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58950080
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=58950080
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61018848
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=59035200
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:586: using SNI with hostname api.vimeo.com
DEBUG: .../IO/Socket/SSL.pm:621: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=58104432
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=59044736
DEBUG: .../IO/Socket/SSL.pm:2393: ok=1 cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1548: scheme=www cert=61025968
DEBUG: .../IO/Socket/SSL.pm:1558: identity=api.vimeo.com cn=*.vimeo.com alt=2 *.vimeo.com 2 vimeo.com
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:663: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:673: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:693: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2443: got stapled OCSP response
run basic verify at /usr/share/perl5/IO/Socket/SSL.pm line 2450.
found issuer in chain at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
got issuer at /usr/share/perl5/IO/Socket/SSL.pm line 2457.
DEBUG: .../IO/Socket/SSL.pm:653: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1769: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:659: fatal SSL error: SSL connect attempt failed error:2707307E:OCSP routines:OCSP_check_validity:status not yet valid
DEBUG: .../IO/Socket/SSL.pm:1758: IO::Socket::IP configuration failed
DEBUG: .../IO/Socket/SSL.pm:2570: free ctx 56137248 open=56137248
DEBUG: .../IO/Socket/SSL.pm:2575: free ctx 56137248 callback
DEBUG: .../IO/Socket/SSL.pm:2582: OK free ctx 56137248
The the $browser user agent is able to successfully execute a get request https://facebook.com without issue. It just doesn't seem to work for Vimeo.

fatal SSL error: ... :OCSP_check_validity:status not yet valid
Vimeo uses OCSP stapling to ease revocation checks but attaches a OCSP response which your system considers as not yet valid. It might be that the time on your system is wrong so that it thinks that the timestamp in the response is in the future, whereas it is in the present.
And if I run the script from another Jessie server, it works fine.
If both servers run the same software then I guess that the problematic server has the wrong time.

Problems with assembly OSM

Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u2 x86_64 GNU/Linux
basil#debian:/$ sudo renderd -f -c /usr/local/etc/renderd.conf
[sudo] password for basil:
renderd[8219]: Rendering daemon started
renderd[8219]: Initiating reqyest_queue
renderd[8219]: Parsing section renderd
renderd[8219]: Parsing render section 0
renderd[8219]: Parsing section mapnik
renderd[8219]: Parsing section default
renderd[8219]: config renderd: unix socketname=/var/run/renderd/renderd.sock
renderd[8219]: config renderd: num_threads=4
renderd[8219]: config renderd: num_slaves=0
renderd[8219]: config renderd: tile_dir=/var/lib/mod_tile
renderd[8219]: config renderd: stats_file=/var/run/renderd/renderd.stats
renderd[8219]: config mapnik: plugins_dir=/usr/local/lib/mapnik/input
renderd[8219]: config mapnik: font_dir=/usr/share/fonts/truetype/ttf-dejavu
renderd[8219]: config mapnik: font_dir_recurse=1
renderd[8219]: config renderd(0): Active
renderd[8219]: config renderd(0): unix socketname=/var/run/renderd/renderd.sock
renderd[8219]: config renderd(0): num_threads=4
renderd[8219]: config renderd(0): tile_dir=/var/lib/mod_tile
renderd[8219]: config renderd(0): stats_file=/var/run/renderd/renderd.stats
renderd[8219]: config map 0: name(default) file(/home/basil/src/mapnik-style/osm.xml) uri(/osm_tiles/) htcp() host(localhost)
renderd[8219]: Initialising unix server socket on /var/run/renderd/renderd.sock
renderd[8219]: Created server socket 4
renderd[8219]: Renderd is using mapnik version 2.0.3
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-BoldOblique.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono-Oblique.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerifCondensed-Italic.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono-Bold.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansCondensed-Bold.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansCondensed.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerifCondensed-Bold.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerif-BoldItalic.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerifCondensed.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Bold.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono-BoldOblique.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerif-Italic.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-ExtraLight.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Oblique.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansCondensed-Oblique.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerif-Bold.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerifCondensed-BoldItalic.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansCondensed-BoldOblique.ttf
renderd[8219]: DEBUG: Loading font: /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerif.ttf
Running in foreground mode...
renderd[8219]: Starting stats thread
debug: init_storage_backend: initialising file storage backend at: /var/lib/mod_tile
renderd[8219]: Loading parameterization function for
debug: init_storage_backend: initialising file storage backend at: /var/lib/mod_tile
renderd[8219]: Loading parameterization function for
debug: init_storage_backend: initialising file storage backend at: /var/lib/mod_tile
renderd[8219]: Loading parameterization function for
debug: init_storage_backend: initialising file storage backend at: /var/lib/mod_tile
renderd[8219]: Loading parameterization function for
Postgis Plugin: SRID warning, using srid=-1
Postgis Plugin: SRID warning, using srid=-1
Postgis Plugin: SRID warning, using srid=-1
renderd[8219]: An error occurred while loading the map layer 'default': :
ERROR: syntax error at or near "6.9357733912442328e-310"
LINE 1: SELECT * FROM 6.9357733912442328e-310 LIMIT 0
^
Full sql was: 'SELECT * FROM 6.9357733912442328e-310 LIMIT 0'
(encountered during parsing of layer 'landcover' in map '/home/basil/src/mapnik-style/osm.xml')
renderd[8219]: An error occurred while loading the map layer 'defaul`enter code here`t': :
ERROR: syntax error at or near "6.9357767068626562e-310"
LINE 1: SELECT * FROM 6.9357767068626562e-310 LIMIT 0
^
Full sql was: 'SELECT * FROM 6.9357767068626562e-310 LIMIT 0'
(encountered during parsing of layer 'landcover' in map '/home/basil/src/mapnik-style/osm.xml')
Postgis Plugin: SRID warning, using srid=-1
renderd[8219]: An error occurred while loading the map layer 'default': :
ERROR: syntax error at or near "6.9357833380995029e-310"
LINE 1: SELECT * FROM 6.9357833380995029e-310 LIMIT 0
^
Full sql was: 'SELECT * FROM 6.9357833380995029e-310 LIMIT 0'
(encountered during parsing of layer 'landcover' in map '/home/basil/src/mapnik-style/osm.xml')
renderd[8219]: An error occurred while loading the map layer 'default': :
ERROR: syntax error at or near "6.9357800224810796e-310"
LINE 1: SELECT * FROM 6.9357800224810796e-310 LIMIT 0
^
Full sql was: 'SELECT * FROM 6.9357800224810796e-310 LIMIT 0'
(encountered during parsing of layer 'landcover' in map '/home/basil/src/mapnik-style/osm.xml')
================
what could it be?
renderd[8219]: An error occurred while loading the map layer 'default': :
ERROR: syntax error at or near "6.9357733912442328e-310"
LINE 1: SELECT * FROM 6.9357733912442328e-310 LIMIT 0
can not quite build this system
what could be the problem?
Thanks for the help

com.sun.btrace.VerifierException: Unsafe mode, requested by the script, not allowed

ubuntu 13.10
btrace 1.2.4
i have edit -Dcom.sun.btrace.unsafe=true param and assigned #BTrace( unsafe = true )
but when i run btrace script, it throw a exception:
btrace 1625 ProductRPCNewBtrace.java
DEBUG: btrace debug mode is set
DEBUG: btrace unsafe mode is set
DEBUG: assuming default port 2020
DEBUG: assuming default classpath '.'
DEBUG: compiling ProductRPCNewBtrace.java
DEBUG: compiled ProductRPCNewBtrace.java
DEBUG: attaching to 1625
DEBUG: checking port availability: 2020
DEBUG: attached to 1625
DEBUG: loading /export/servers/btrace/build/btrace-agent.jar
DEBUG: agent args:
port=2020,debug=true,unsafe=true,systemClassPath=/export/servers/jdk1.6.0_25/lib/tools.jar,probeDescPath=.
DEBUG: loaded /export/servers/btrace/build/btrace-agent.jar
DEBUG: registering shutdown hook
DEBUG: registering signal handler for SIGINT
DEBUG: submitting the BTrace program
DEBUG: opening socket to 2020
DEBUG: sending instrument command
DEBUG: entering into command loop
DEBUG: received com.sun.btrace.comm.ErrorCommand#3c24c4a3
com.sun.btrace.VerifierException: Unsafe mode, requested by the script, not allowed
at com.sun.btrace.runtime.Verifier.reportError(Verifier.java:385)
at com.sun.btrace.runtime.Verifier.reportError(Verifier.java:376)
at com.sun.btrace.runtime.Verifier$1.visit(Verifier.java:141)
at com.sun.btrace.org.objectweb.asm.ClassReader.a(Unknown Source)
at com.sun.btrace.org.objectweb.asm.ClassReader.a(Unknown Source)
at com.sun.btrace.org.objectweb.asm.ClassReader.accept(Unknown Source)
at com.sun.btrace.org.objectweb.asm.ClassReader.accept(Unknown Source)
at com.sun.btrace.runtime.InstrumentUtils.accept(InstrumentUtils.java:66)
at com.sun.btrace.runtime.InstrumentUtils.accept(InstrumentUtils.java:62)
at com.sun.btrace.agent.Client.verify(Client.java:397)
at com.sun.btrace.agent.Client.loadClass(Client.java:224)
at com.sun.btrace.agent.RemoteClient.(RemoteClient.java:59)
at com.sun.btrace.agent.Main.startServer(Main.java:379)
at com.sun.btrace.agent.Main.access$000(Main.java:65)
at com.sun.btrace.agent.Main$3.run(Main.java:166)
at java.lang.Thread.run(Thread.java:662)
DEBUG: received com.sun.btrace.comm.ExitCommand#11e9c82e
i open the debug mode, and we can see that i have open the unsafe mode.but why still not support unsafe mode??

i fixed it after restarting the application.
and i have proved it by changing -Dcom.sun.btrace.unsafe=false,and still can run in the unsafe mode. and then restart the application, run the same btrace script again,the same exception thrown.