CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
Accessing the ServerCN after connecting with Net::SSLeay

 



Carnivore
New User

Jun 28, 2010, 8:24 AM

Post #1 of 2 (527 views)
Accessing the ServerCN after connecting with Net::SSLeay Can't Post

I need to update an existing Perl application that uses Net::SSleay to send requests to a server. I need to be able to get the certificate after connecting so that I can verify that the ServerCN is correct.

My connection code looks like this:


Code
   sub _connectToHost   
{
my $self = shift;
unless (defined ($self->{_socket}))
{
$self->{_socket} = $self->_createSocket ($self->{_host},
$self->{_port});
croak 'unable to open the socket' unless defined ($self->{_socket});
$self->{_tunneler}->tunnelOut ($self->{_socket})
if (defined $self->{_tunneler}); unless (defined ($self->{_ssl}))
{
$self->{_ssl} = Net::SSLeay::new ($SSLContext)
or die_now ("Net::SSLeay::new: $!\n");
} Net::SSLeay::set_fd ($self->{_ssl}, fileno ($self->{_socket}));
Net::SSLeay::connect ($self->{_ssl})
or die_now ("failed SSL connect: $!\n");
die_if_ssl_error ("SSL error connecting to host: $!\n");
} confess ("unable to connect to $self->{_host}\n")
unless (defined ($self->{_socket}) and defined ($self->{_ssl})); return $self->{_ssl};
}



Any ideas? It's typically done using callbacks in Java and C#, but I don't know how it's handled in Perl.


(This post was edited by Carnivore on Jun 28, 2010, 10:07 AM)


Carnivore
New User

Jun 28, 2010, 12:24 PM

Post #2 of 2 (517 views)
Re: [Carnivore] Accessing the ServerCN after connecting with Net::SSLeay [In reply to] Can't Post

After some more digging, I found that I can tell the server to send me a certificate by using Net::SSLeay::set_verify. Here's the same code snippet as before, but with the set_verify use.


Code
   

sub _connectToHost
{
my $self = shift;

unless (defined ($self->{_socket}))
{
$self->{_socket} = $self->_createSocket ($self->{_host},
$self->{_port});
croak 'unable to open the socket' unless defined ($self->{_socket});
$self->{_tunneler}->tunnelOut ($self->{_socket})
if (defined $self->{_tunneler});

unless (defined ($self->{_ssl}))
{
$self->{_ssl} = Net::SSLeay::new ($SSLContext)
or die_now ("Net::SSLeay::new: $!\n");
}

Net::SSLeay::set_fd ($self->{_ssl}, fileno ($self->{_socket}));
Net::SSLeay::set_verify ($self->{_ssl}, Net::SSLeay::VERIFY_PEER, \&verify);
Net::SSLeay::connect ($self->{_ssl})
or die_now ("failed SSL connect: $!\n");
die_if_ssl_error ("SSL error connecting to server: $!\n");
}

confess ("unable to connect to $self->{_host}\n")
unless (defined ($self->{_socket}) and defined ($self->{_ssl}));

return $self->{_ssl};
}

sub verify
{
my ($ok, $subj_cert, $issuer_cert, $depth, $errorcode, $arg, $chain) = @_;
print "Verifying certificate...\n";

return $ok;
}



The problem is that I now get the following error:

Bareword "Net::SSLeay::VERIFY_PEER" not allowed while "strict subs" in use at C:/Perl/site/lib/MyApp/Utils/SocketDriver.pm line 287.

This does appear to be defined in the SSLeay.pm that's installed on my system. Why would I be getting this error?

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives