use client certs to Connect/verify to secured webservers using SSLeay in perl

Thu, 10 Jan 2002 06:02:38 -0800 

Hi,

I am using Activestate Perl ( 5.006001).
I have openssl 0.9.6b (not properly installed, but files copied as directed in the 
installation readme for win32 environment -  and openssl works).
I have installed Crypt::SSLeay 0.17.1  using PPM .

I need to write a code to connect to a secure web server having a server cert, and 
presenting a client certificate. 
I also need to verify the client & server certs, and their purposes, and check that 
the client cert pvt key and cert matches, and check the CA cert too.

Using Crypt SSLeay, I can connect to the web server using the secured port, but cannot 
do lot of functions like : use client cert, verify keys and certs, verifiy the domain 
name against peer cert common name. etc. 

My question is can I use Crypt::SSLeay for those (maybe I am aware of how to use 
Crypt::SSLeay!!)  ; or should I use Net::SSLeay or any other module? Where can I find 
all functions/methods that crypt or Net SSLeay have? 

Below is a sample code of mine. 

I would appreciate a reply from the group.

Thanks

Pramila Rani
Engineer, Professional Services
Comtrust
Tel : +971 2 6349222

use Net::SSL;
....
....
sub ssl_connect {
    my ($msg, $ipaddr, $port, $certfile, $keyfile, $cacertfile) = @_;
 
  #  $ENV{HTTPS_CERT_FILE} = $certfile;
  #  $ENV{HTTPS_KEY_FILE} = $keyfile;
  #  $ENV{HTTPS_CA_FILE} = $cacertfile;
    $ENV{HTTPS_VERSION} = '3';
 
   eval "use LWP::Debug qw(+)";

    my $opt_debug = "1";
    my $ssl_peer_verify = "1";

    my $sock = Net::SSL->new(
                             PeerAddr => $ipaddr,
                             PeerPort => $port,
                             SSL_Debug => $opt_debug,
                             Timeout => 30,
                             );

    $sock || ($@ ||= "no Net::SSL connection established");
    my $error = $@;
    $error && die("Can't connect to $ipaddr :$port; $error; $!");

    print "Peer cert is : ". $sock->get_peer_certificate->subject_name . " \n";
    print "Peer cert no is : ". $sock->get_peer_certificate->issuer_name . " \n";
    print "Peer cipher is :" . $sock->get_cipher . " \n";

    $sock->print($msg);

    $out = '';
    my $receivedbuffer = '';
    while ($sock->read($receivedbuffer, 1024)) {
        $out .= $receivedbuffer;
    }
    return ($out);
}
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to