I've been digging through the code of the libraries for LWP, etc., and discovered that Net::HTTPS contains the following code: if ($IO::Socket::SSL::VERSION){ $SSL_SOCKET_CLASS = "IO::Socket::SSL"; # it was already loaded } else { eval { require Net::SSL; }; # from Crypt-SSLeay if ($@) { my $olderrsv = $@; eval { require IO::Socket::SSL; }; if ($@) { $old_errsv =~ s/\s\([EMAIL PROTECTED] contains:.*\)/)/g; die $old_errsv . $@; } $SSL_SOCKET_CLASS = "IO::Socket::SSL"; } else { $SSL_SOCKET_CLASS = "Net::SSL"; } } It seems that it first tries to load the SSL module from Crypt::SSLeay first, and if that fails, it then tries to load IO::Socket::SSL, which, as far as I can tell, doesn't use HTTPS_CA_FILE (but may provide another mechanism for accomplishing the same thing). Could it be that perhaps loading mod_ssl is causing the load of Net::SSL to fail (symbol conflict?), resulting in it falling back to IO::Socket::SSL (which ignores HTTPS_CA_FILE)? Does IO::Socket::SSL provide a means for passing parameters via LWP::UserAgent (maybe through UserAgent's constructor or one of its other methods?)? It definitely seems to support verification of peer certificates in its interface, but it's unclear from the available documentation how one does that in conjunction with LWP::UserAgent, if that's even possible. If there is a way to do this, then an easy workaround seems to be to simply accomodate both configuration methods in my code. Rich Eggert Member of Technical Staff Proteus Technologies, LLC http://www.proteus-technologies.com
________________________________ From: [EMAIL PROTECTED] on behalf of Marko Asplund Sent: Mon 2/13/2006 2:13 PM To: openssl-users@openssl.org Subject: Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications? Richard Eggert wrote: > ... > My best guess at what's happening is that mod_ssl is preloading libssl > and configuring it according to its own requirements (and mod_ssl > doesn't care about the certificates of other servers), and when my code > runs (later) under mod_perl, the variables I'm sending it are being > completely ignored. Apache/mod_ssl server configuration should not interfere with your libwww-perl/OpenSSL client configuration in any way. try to do some printf debugging and print the relevant environment variable values to a log file. do the variables have the correct values when the script is being run? br. aspa ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
<<winmail.dat>>