Hi -
I am working on a perl SSL wget type program, and I have a few questions
regarding certificate authentication. I am sorry if these are silly
questions; I have been trying to find documentation for quite some time and
cant seem to find anything. So my questions are, basically, how do I set up
something to verify a host's x509's issuer against a list of trusted
issuers? I would assume this is part of the set_verify callback, however
there is no doc's on how to use that function. I have been able to extract
from other peoples source that I need .pem certificate files, but what
exactly is a .pem? And how would I interface with them? I really just need
to compare the issuer fingerprint against a trusted issuers file, but I can
find nothing on how to extract that. And the callbacks do not seem to allow
you to either. Once again, I apologize for these very very newbie'ish
questions, but I can not find anything regarding this. To quote the perl
module doc's:
The corresponding Perl function should be something like this:
sub verify {
my ($ok, $subj_cert, $issuer_cert, $depth, $errorcode,
$arg, $chain) = @_;
print "Verifying certificate...\n";
...
return $ok;
}
It is used like this:
Net::SSLeay::set_verify ($ssl, Net::SSLeay::VERIFY_PEER, \&verify);
And that is the entire section on verification, and the most verbose
explaination I've seen yet. ;-)
So what do I do? Thanks for the help.
-Ian
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
