Re: Crypt::SSLeay

Lutz Jaenicke Fri, 06 Apr 2001 03:31:56 -0700
On Thu, Apr 05, 2001 at 04:51:26PM -0700, Marcus Carey wrote:
> It does not matter which server I connect to I still get the warning.

Ok, I just downloaded libwww-perl and found the offending message in it, but
see below.

> Date: Thu, 05 Apr 2001 23:21:19 GMT
> Accept-Ranges: bytes
> Server: Apache/1.3.6 (Unix) mod_perl/1.20 mod_ssl/2.3.5 OpenSSL/0.9.3a
> DAV/0.9.8
> Content-Length: 5847
> Content-Type: text/html
> ETag: "2f71e-16d7-38b2f62a"
> Last-Modified: Tue, 22 Feb 2000 20:48:42 GMT
> Client-Date: Thu, 05 Apr 2001 23:24:58 GMT
> Client-Peer: 129.132.7.153:443

> Client-SSL-Cert-Issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte
> Consulting cc/OU=Certification Services Division/CN=Thawte Server
> [EMAIL PROTECTED]
> Client-SSL-Cert-Subject: /C=DE/ST=Bavaria/L=Munich/O=Ralf S.
> Engelschall/OU=Security Services Division/CN=www.engelschall.com
> Client-SSL-Cipher: EDH-RSA-DES-CBC3-SHA
> Client-SSL-Warning: Peer certificate not verified

These headers are not sent from the server but added on the fly by LWP.
They are created by lib/LWP/Protocol/https.pm:
...
    $res->header("Client-SSL-Cipher" => $sock->get_cipher);
    my $cert = $sock->get_peer_certificate;
    if ($cert) {
        $res->header("Client-SSL-Cert-Subject" => $cert->subject_name);
        $res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name);
    }
    $res->header("Client-SSL-Warning" => "Peer certificate not verified");

So as you can see, the "not verified" warning is added unconditionally.
In order to get this to run, SSL_get_verify_result() needs to be evaluated.
In order to get this running, the SSL_CTX_load_verify_locations()
functionality is neeed, which is (also?) missing from Crypt::SSLeay.

Therefore, your program as of now _cannot_ work, since the fundamental
functionality is missing.

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: Crypt::SSLeay

Reply via email to
