On Sat, Jan 03, 2004, Bob Mariotti wrote: > Please excuse my ignorance on this list. I write only because I've > researched for several weeks now without success. > > I have created a perl program that does successfully access a remote > secured server using https. I can retrieve pages and send request > successfully. > > What remains is the need to verify the remote server's SSL certificate. > Within my perl program using LWP I can see the cert perameters in the > headers returned but I cannot find the expiration date. I know that > this must be a common routing but I'm stumped. > > Research leads me to believe that I must execute openssl with a > sub-command such as -verify or -x509, etc. > > Can someone PLEASE point me in the right direction to obtain the cert's > full parameters? >
If you supply the appropriate locations of you trusted certificates (whatever LWP equivalent of -CAfile and -CApath) and set the connection to verify the server certificate then this is all automatic: including signature validation, expiry date checking and a whole load of extension checks. Its not a good idea to try to do this manually... The only remaining check to do is that the server certificate host name is valid: that is it matches the host you think you're connecting to. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
