I wanted to build an awesome place for people to discuss module specific issues, but I don't have any more time for this, and there are much better places to discuss Perl-related issues. I'd recommend asking your question on Stack Overflow or on Perl Monks.
If you are looking for a Perl tutorial or Perl-related news, I hope these links will serve you well.
IO-Socket-SSL
Posted on 2007-06-21 07:54:58-07 by jebe86
Client cert validation fails
Hi all, probably this is stupid, but I can not "force" io::Socket::SSL to verify the client side of the connection. I know certificate s are valid, because I checked hme with openss s_server... and openss s_client, and also with a simple https server. When I try to acces the client certificates on the server, I get this: Undefined SSL objecterror:00000000:lib(0):func(0):reason(0) What am I donig wrong ? Thanks for any help ! Here are the scripts:
CLIENT use IO::Socket; use IO::Handle; use IO::Socket::SSL(debug2); ##to use crypto transfer require File::Basename; require File::Spec; if(!($sock = IO::Socket::SSL->new( PeerAddr => 'localhost', PeerPort => '9502', Proto => 'tcp', SSL_use_cert =>'1', SSL_verify_mode => '0x02', SSL_key_file => 'client-new-key.pem', SSL_cert_file => 'client-new-cert.pem', SSL_ca_file => 'CAperDT-cacert.pem' ))) { print "ERROR: unable to create socket: '$!'.\n"; exit(2); } print "connect ($sock).\n" if ($IO::Socket::SSL::DEBUG); # check server cert. my ($peer_cert, $subject_name, $issuer_name, $cipher); if( ref($sock) eq "IO::Socket::SSL") { if(($peer_cert = $sock->get_peer_certificate)) { $subject_name = $peer_cert->subject_name; $issuer_name = $peer_cert->issuer_name; $cipher = $sock->get_cipher(); } print "cipher: $cipher.\n"; print "server cert:\n". "\t '$subject_name' \n\t '$issuer_name'.\n\n"; } $stringa = "hello"; $sock->syswrite($stringa,length($stringa)); $sock->sysread($buf, 32768); $stringa = "exit"; $sock->syswrite($stringa,length($stringa)); exit(0); SERVER use File::Spec; #use strict; use IO::Socket::SSL; $Local_Host = 'localhost'; my ($sock, $s, $v_mode); if($ARGV[0] eq "DEBUG") { $IO::Socket::SSL::DEBUG = 4; } if(!($sock = IO::Socket::SSL->new( Listen => 5, LocalAddr => $Local_Host, LocalPort => 9502, Proto => 'tcp', Reuse => 1, SSL_verify_mode => 0x02, SSL_key_file => 'server-new-key.pem', SSL_cert_file => 'server-new-cert.pem', SSL_ca_file => 'CAperDT-cacert.pem', SSL_use_cert => '1', SSL_error_trap=>&culo, # SSL_ca_path => '' )) ) { print STDERR "unable to create socket: $!.\n"; exit(0); } print STDERR "socket created: $sock.\n"; open(PIDDU,">Server_DT_bbftp.pid"); PIDDU->autoflush(1); print PIDDU $$; print "PID $$\n"; close(PIDDU); while (1) { print STDERR "waiting for next connection.\n"; while(($s = $sock->accept())) { if( ! $s ) { print STDERR "SUO ERRORE error: '$!'.\n"; next; } my ($peer_cert, $subject_name, $issuer_name, $date, $str); $remote_site=$s->peerhost(); print "remote $remote_site\n"; print MAIN_LOG scalar(localtime(time()))," connection from $remote_site\n"; if (ref($sock) eq "IO::Socket::SSL") { if(($peer_cert = $sock->get_peer_certificate)) { $subject_name = $peer_cert->subject_name; $issuer_name = $peer_cert->issuer_name; $cipher = $sock->get_cipher(); } print "cipher: $cipher.\n"; print "server cert:\n". "\t '$subject_name' \n\t '$issuer_nam +e'.\n\n"; } else { print "in err $peer_cert\n"; print errstr($sock),"$SSL_ERROR AHHAHAHHAHH\n"; } while (1) { my $buf =""; $s->sysread($buf,32768); print "Read: $buf\n"; # Exit if ($buf =~ /quit|exit/i) { $s->close(); last; } } # Error else { print "Error in input\n"; $s->close(); last; } } } } $sock->close();
Direct Responses: 5498 | Write a response