Re: cookies with SSL POST

Mon, 10 Jul 2000 12:11:46 -0700 


I have been able to do SSL posts with cookies using Red Hat secure
server (basically apache with ssl) as a proxy.  I never have tried to
explicitly create a post request, rather just use the HTML::Form
interface to construct the requests.  Here's some setup code :


$HTTP_PROXY='http://192.168.20.42';
$HTTPS_PROXY='http://192.168.20.42';

...

  # Create the user agent object - pretend to be netscape, use global proxies
  $self->{'ua'} = MyAgent->new;
  $self->{'ua'}->agent("Mozilla/4.6 [en] (X11; I; Linux 2.2.5 i686)");
  $self->{'ua'}->proxy('http',$HTTP_PROXY);
  $self->{'ua'}->proxy('https',$HTTPS_PROXY);

  # Create cookie jar
  $self->{'cookies'} = HTTP::Cookies->new;
  $self->{'ua'}->cookie_jar($self->{'cookies'});


In addition, I found that to mimic the behavior of web browsers on
sites that do multiple redirects, I had to enable redirects for the
POST method __AND__ when this occurrs, change the request method to
GET.  (It took a lot of headaches to figure that one out ;) Here's
some more code :


# We need to subclass LWP::UserAgent in order to allow redirects on POSTS
# and fix some other problems.  In other words, to make it behave like a
# 'real' web browser
@MyAgent::ISA = qw(LWP::UserAgent);
sub MyAgent::redirect_ok {
  my ($self,$request)=@_;

  # *****************************************************
  # IMPORTANT:
  #
  # POSTs that get redirected __MUST__ change the request
  # method to GET!!!!
  # *****************************************************
  if ($request->method eq "POST") {
    $request->method("GET");
  }
  return 1;
}


Note that the HTTPS_PROXY variable is using "http://192.168.20.42",
not "https://192.168.20.42".  To make this work, I had to create a
test certificate for apache.

I am using libwww-perl-5.48, Crypt-SSLeay-0.16, and OpenSSL 0.9.2b,
and secureweb-3.0-1

Hope that helps.


Benjamin Franks writes:
 > There was talk some a few weeks back about locking down on a solution for SSL 
 >Posting with LWP.  One of the messages showed code for using NET::SSL to do the https 
 >post, but indicated that the HTTP::Cookies functionality is lost with this method.  
 >Has anyone been able to securely post with LWP, or use NET::SSL with HTTP::Cookies?
 > 
 > Thanks,
 > Benjamin
 > 
 > 
 > __________________________________________________________________
 > Get your own free England E-mail address at http://www.england.com

-- 
--------------------------------------------------------------
Fair Winds,     Software Engineer and WWW developer
Chris Dunn      MRM, inc.

Email: [EMAIL PROTECTED]
Phone: (919) 544-6500  Ext 228
Pager: (919) 506-0819

http://www.mrmnc.com
--------------------------------------------------------------

Reply via email to