Crypt::SSLeay & client certificates

Mon, 05 Apr 2004 06:22:58 -0700 

Good day to everyone,

I need to scrape some data from an HTTPS site that requires client 
certificates for authentication. I am able to access the site with a 
certificate loaded in Netscape 7.1, so I exported the certificate (there 
are two actually, one for encrypting and one for signing, not sure if 
this matters) to PKCS12 and tried the following:

__BEGIN__
use strict;
use LWP::UserAgent;
# DEBUGGING SWITCH / LOW LEVEL SSL DIAGNOSTICS
$ENV{HTTPS_DEBUG} = 1;
# DEFAULT SSL VERSION
$ENV{HTTPS_VERSION} = '3';

# CLIENT PKCS12 CERT SUPPORT
$ENV{HTTPS_PKCS12_FILE}     = 'test.p12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'password';

my $ua = new LWP::UserAgent;
my $req = new HTTP::Request('GET', 'https://example.com');
my $res = $ua->request($req);
print $res->status_line."\n";
__END__

Here's the debug output I get:

__BEGIN__
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:certificate unknown
SSL_connect:failed in SSLv3 read finished A
500 read failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert 
certificate unknown | error:140940E5:SSL routines:SSL3_READ_BYTES:ssl 
handshake failure
__END__


I'm running on ActiveState 5.8 using Crypt::SSLeay from theoryx5. Could 
anyone tell me what I'm doing wrong?

-- 
Sean Evans

Reply via email to