Today, I've obtained Crypt::SSLeay module version 0.32. And, it looks
like very promising to the problem that has given me so much headache.
Our iPlanet proxy server is so picky that it would not recognize
VeriSign's issued CA as a valid CA. So, my script which relies on LWP
will fail to connect due to lack of acceptable CA to the proxy. I have
been looking for a solution that lwp handle CA just like normal web
browser would. Then, just ignore the CA error.
One of our proxy admin recognized this problem and wrote a java script
that can work with this problem. Even though I have not tested, it
basically hold the certicate in 'cacers' directory instead of reling on
CA certification part to the proxy server. Now, I think perl can do the
same stuff. Then, I have found the newer version of Crypt::SSLeay,
0.32, will handle this problem. Correct me if I am wrong.
Now, I have new problem that I didn't have before. First, the
environment values for userid and passwd are not read and passed to the
proxy. The other problem is that it seems CA repository information is
not also read. Looks like I'm missing some components here. if I use
"proxy_authorization_basic("********", "********");", proxy
authentication goes through. But, it will bomb out at CA verification
part giving me error like below.
-----------------------------------------------------------------------------
The requested item could not be loaded by the proxy.
The certificate issuer for this server is not recognized by
Netscape. ....
Netscape refuses to connect to this server
------------------------------------------------------------------------------
Looks like the CA handling is not done by the script(module) at all.
What's missing here? Please, guide me to the right direction and make
me beat java. ;-)
Thanks in advance.
Namsuk Kim
Following is the part of the code.
-------------------------------------------------------------------------------------
# PROXY SUPPORT
$ENV{HTTPS_PROXY} = 'http://proxy:8080';
# PROXY_BASIC_AUTH
$ENV{HTTPS_PROXY_USERNAME} = '*******';
$ENV{HTTPS_PROXY_PASSWORD} = '*******';
# DEFAULT SSL VERSION
$ENV{HTTPS_VERSION} = '3';
# CLIENT CERT SUPPORT
$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
# CA CERT PEER VERIFICATION
$ENV{HTTPS_CA_FILE} = 'certs/ca.crt';
$ENV{HTTPS_CA_DIR} = 'certs/';
$ua->env_proxy();
my $req = new HTTP::Request('GET', 'https://www.optisvalue.com/');
#$req->proxy_authorization_basic("********", "********");
$req->authorization_basic('share', 'share');
print $ua->request($req)->as_string;
-------------------------------------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
