Loading ...
Sorry, an error occurred while loading the content.

1910Re: [soaplite] SOAP and SSL Client Certificates

Expand Messages
  • Byrne Reese
    Oct 9, 2002
    • 0 Attachment
      Totally agree. There should *at least* be a mention in the userguide, or
      a reference to the CryptSSLeay documentation on the subject. And yes,
      the environment variables are the way to.

      Obviously. Doh!

      There is a caveat to this: you can only use one client cert per process.
      Once the SSL library initializes itself, you can't change the cert you
      are using...

      On Wed, 2002-10-09 at 08:54, Ajit Deshpande wrote:
      > On Wed, Oct 09, 2002 at 08:22:51AM -0700, Byrne Reese wrote:
      > > [..]
      > > the service via HTTPS. As for client certificate based authentication...
      > > let me get back to you. We solved this at GCC, but I have to dig through
      > > some code. Let me ping an engineer who got this working and see if he
      > > can help.
      >
      > Concidentally, I was just researching this yesterday! i.e. how to do SSL
      > Client Certificate authentication from a perl client using SOAP::Lite.
      > And my research led to the same conclusion as yours above:
      > i.e. simply use an https://blah as your proxy for the SSL connection.
      >
      > Now, as regards the Client certificate, the trick seems to lie in
      > the declaring an environment variable. The following is from the
      > Crypt::SSLeay documentation:
      >
      > [..]
      > use LWP::UserAgent;
      > my $ua = new LWP::UserAgent;
      > my $req = new HTTP::Request('GET', 'https://www.nodeworks.com');
      > my $res = $ua->request($req);
      > print $res->code."\n";
      >
      > # PROXY SUPPORT
      > $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
      >
      > # PROXY_BASIC_AUTH
      > $ENV{HTTPS_PROXY_USERNAME} = 'username';
      > $ENV{HTTPS_PROXY_PASSWORD} = 'password';
      >
      > # DEFAULT SSL VERSION
      > $ENV{HTTPS_VERSION} = '3';
      >
      > # CLIENT CERT SUPPORT
      > $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
      > $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
      >
      > # CA CERT PEER VERIFICATION
      > $ENV{HTTPS_CA_FILE} = 'certs/ca.crt';
      > $ENV{HTTPS_CA_DIR} = 'certs/';
      > [..]
      >
      > I haven't yet implemented the system -- but just thought I'd share this
      > with the list, since it was quite frustratting to track down the above
      > information for me :)
      >
      > Maybe, we could put in a blurb in SOAP::Lite documentation. Also, there
      > needs to be a blurb in the LWP::UserAgent documentation -- because that
      > is where people first start looking.
      >
      > Ajit
      >
      --
      :/ byrne

      Program Manager
      Grand Central Communications
      breese@...
    • Show all 9 messages in this topic