Loading ...
Sorry, an error occurred while loading the content.
 

RE: [soaplite] ssl certificate

Expand Messages
  • Sinha, Madhukar [IT]
    Thats really helpful Bryne - if we have perl CGI based webservice using SOAP::Lite (running under Netscape). and the client is a apache java soap client from
    Message 1 of 5 , Jun 9, 2004
      Thats really helpful
       
      Bryne - if we have perl CGI based webservice using SOAP::Lite (running under Netscape). and the client is a apache java soap client from external machine. Do we need Crypt::SSLeay and OpenSSL on webserver too to understand SSL commmunication ? I guess it would be needed. Please confirm?
       
      thanks
       
       
      -----Original Message-----
      From: Byrne Reese [mailto:byrne@...]
      Sent: Wednesday, June 09, 2004 11:12 AM
      To: Gordon Pate
      Cc: soaplite@yahoogroups.com
      Subject: Re: [soaplite] ssl certificate

      http://www.perldiscuss.com/article.php?id=5504&group=perl.libwww

      It is accomplished by setting some global environment variables that LWP
      and SSLeay read in order to know where to find the necessary cert.

      http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT

      Gordon Pate wrote:

      > How do you specify the location of an ssl certificate in an ssl soap
      > call?
      >
      >
      > *Yahoo! Groups Sponsor*
      > ADVERTISEMENT
      > <http://rd.yahoo.com/SIG=129lg5kh2/M=298184.5022502.6152625.3001176/D=groups/S=1705701014:HM/EXP=1086833842/A=2164330/R=0/SIG=11eamf8g4/*http://www.netflix.com/Default?mqso=60183350>
      >
      >
      >
      > ------------------------------------------------------------------------
      > *Yahoo! Groups Links*
      >
      >     * To visit your group on the web, go to:
      >       http://groups.yahoo.com/group/soaplite/
      >       
      >     * To unsubscribe from this group, send an email to:
      >       soaplite-unsubscribe@yahoogroups.com
      >       <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
      >       
      >     * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
      >       Service <http://docs.yahoo.com/info/terms/>.
      >
      >


    • Byrne Reese
      I recommend that you have the webserver (in your case Netscape) handle all the HTTPS traffic. The CGI script will then not need to worry about SSL at all -
      Message 2 of 5 , Jun 9, 2004
        I recommend that you have the webserver (in your case Netscape) handle
        all the HTTPS traffic. The CGI script will then not need to worry about
        SSL at all - which is ideal.

        Sinha, Madhukar [IT] wrote:

        > Thats really helpful
        >
        > Bryne - if we have perl CGI based webservice using SOAP::Lite (running
        > under Netscape). and the client is a apache java soap client from
        > external machine. Do we need Crypt::SSLeay and OpenSSL on webserver
        > too to understand SSL commmunication ? I guess it would be needed.
        > Please confirm?
        >
        > thanks
        >
        >
        >
        > -----Original Message-----
        > *From:* Byrne Reese [mailto:byrne@...]
        > *Sent:* Wednesday, June 09, 2004 11:12 AM
        > *To:* Gordon Pate
        > *Cc:* soaplite@yahoogroups.com
        > *Subject:* Re: [soaplite] ssl certificate
        >
        > http://www.perldiscuss.com/article.php?id=5504&group=perl.libwww
        > <http://www.perldiscuss.com/article.php?id=5504&group=perl.libwww>
        >
        > It is accomplished by setting some global environment variables
        > that LWP
        > and SSLeay read in order to know where to find the necessary cert.
        >
        > http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT
        > <http://search.cpan.org/%7Echamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT>
        >
        > Gordon Pate wrote:
        >
        > > How do you specify the location of an ssl certificate in an ssl soap
        > > call?
        > >
        > >
        > > *Yahoo! Groups Sponsor*
        > > ADVERTISEMENT
        > >
        > <http://rd.yahoo.com/SIG=129lg5kh2/M=298184.5022502.6152625.3001176/D=groups/S=1705701014:HM/EXP=1086833842/A=2164330/R=0/SIG=11eamf8g4/*http://www.netflix.com/Default?mqso=60183350>
        >
        > >
        > >
        > >
        > >
        > ------------------------------------------------------------------------
        > > *Yahoo! Groups Links*
        > >
        > > * To visit your group on the web, go to:
        > > http://groups.yahoo.com/group/soaplite/
        > >
        > > * To unsubscribe from this group, send an email to:
        > > soaplite-unsubscribe@yahoogroups.com
        > >
        > <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
        > >
        > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
        > > Service <http://docs.yahoo.com/info/terms/>.
        > >
        > >
        >
        >
        >
        > *Yahoo! Groups Sponsor*
        > ADVERTISEMENT
        > <http://rd.yahoo.com/SIG=12910ojsc/M=298184.5022502.6152625.3001176/D=groups/S=1705701014:HM/EXP=1086887103/A=2164338/R=0/SIG=11ed4vqbv/*http://www.netflix.com/Default?mqso=60183349>
        >
        >
        >
        > ------------------------------------------------------------------------
        > *Yahoo! Groups Links*
        >
        > * To visit your group on the web, go to:
        > http://groups.yahoo.com/group/soaplite/
        >
        > * To unsubscribe from this group, send an email to:
        > soaplite-unsubscribe@yahoogroups.com
        > <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
        >
        > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
        > Service <http://docs.yahoo.com/info/terms/>.
        >
        >
      • Sinha, Madhukar [IT]
        Byrne/group My SSL connection via soaplite is working when i use Crypt::SSLeay . I am not supplying certificates now. Crypt::SSLeay is trusting it internally.
        Message 3 of 5 , Jun 15, 2004
          Byrne/group
           
          My SSL connection via soaplite is working when i use Crypt::SSLeay . I am not supplying certificates now. Crypt::SSLeay is trusting it internally.
           
          My problem is that for every call it tries to verify the certificate and uses a new connection. as shown in SSL debug below . Please  also see client.pl which uses module Utils.pm . This repeat SSL handshake has made my application quiet slow.
           
          Seems like the SOAP handle i use for making repeat calls is not keeping the SSLcontext/channel in memory and hence starts another connection.
           
          This is surely and overhead and has slowed down my calls to a great extent compared to non-ssl situation,
           
          Please suggest if something can be done to force soaplite to use same connection?
           
          ##########################################################
          SSL_connect:before/connect initialization
          SSL_connect:SSLv2/v3 write client hello A
          SSL_connect:SSLv3 read server hello A
          SSL_connect:SSLv3 read server certificate A
          SSL_connect:SSLv3 read server done A
          SSL_connect:SSLv3 write client key exchange A
          SSL_connect:SSLv3 write change cipher spec A
          SSL_connect:SSLv3 write finished A
          SSL_connect:SSLv3 flush data
          SSL_connect:SSLv3 read finished A
          SSL3 alert read:warning:close notify
           
          next call ----

          SSL_connect:before/connect initialization
          SSL_connect:SSLv2/v3 write client hello A
          SSL_connect:SSLv3 read server hello A
          SSL_connect:SSLv3 read server certificate A
          SSL_connect:SSLv3 read server done A
          SSL_connect:SSLv3 write client key exchange A
          SSL_connect:SSLv3 write change cipher spec A
          SSL_connect:SSLv3 write finished A
          SSL_connect:SSLv3 flush data
          SSL_connect:SSLv3 read finished A
          SSL3 alert read:warning:close notify
           
          ####################################################
           
          my client code looks like
           
          ### client.pl ###
           
          my $riskcall = new Utils() or die "error: unable to create Riskmaster";
           
           
          foreach my $result (@results) {
          #  print "RESULT: @$result !\n";
            my ($id1, $id2, $source) = @$result;
           
            print STDOUT "Retrieving risk for $id1.$id2 for COB $date\n";

          #CALL 1 #
            my @risk = $riskcall ->get_risk($date, $id1, $id2);
          #CALL 2 #
          my @risk2 = $riskcall ->get_risk($date, $id11, $id22);
          #CALL 3 #
          my @risk3 = $riskcall ->get_risk($date, $id111, $id222);
           
           
           
          #################
          Utils.pm -----
          #################
          sub new {
            my ($class, $config_file) = @_;
           
            my $self = {};
           
            my $risksource =  SOAP::Lite
              -> uri($URN)
              -> proxy($SOAP_ROUTER_URL);
           
            $self->{'risksource'} = $risksource;
            #
            bless $self, $class;
          }
           
          #
           
          sub get_risk {
            my ($self, $date, $id1, $id2) = @_;
           
            # make the call to get data
           
            my $risksource = $self->{'risksource'};
           
            my $dt = SOAP::Data->type(string => $date);
            my $deal_id = SOAP::Data->type(string => $id1);
            my $txn_num = SOAP::Data->type(string => $id2);
           
            my ($result);
            eval {
                  my $risk = $risksource->getRisk('RISK', $dt, $deal_id, $txn_num);
                  $result  = $risk->result();
            1 } or die_cleanup();
           
          }
           
           
          Please help
           
          Regards
          Madhukar
           

           
           

          -----Original Message----- 
           
          From: Byrne Reese [mailto:byrne@...]
          Sent: Wednesday, June 09, 2004 11:12 AM
          To: Gordon Pate
          Cc: soaplite@yahoogroups.com
          Subject: Re: [soaplite] ssl certificate

          http://www.perldiscuss.com/article.php?id=5504&group=perl.libwww

          It is accomplished by setting some global environment variables that LWP
          and SSLeay read in order to know where to find the necessary cert.

          http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT

          Gordon Pate wrote:

          > How do you specify the location of an ssl certificate in an ssl soap
          > call?
          >
          >
          > *Yahoo! Groups Sponsor*
          > ADVERTISEMENT
          > <http://rd.yahoo.com/SIG=129lg5kh2/M=298184.5022502.6152625.3001176/D=groups/S=1705701014:HM/EXP=1086833842/A=2164330/R=0/SIG=11eamf8g4/*http://www.netflix.com/Default?mqso=60183350>
          >
          >
          >
          > ------------------------------------------------------------------------
          > *Yahoo! Groups Links*
          >
          >     * To visit your group on the web, go to:
          >       http://groups.yahoo.com/group/soaplite/
          >       
          >     * To unsubscribe from this group, send an email to:
          >       soaplite-unsubscribe@yahoogroups.com
          >       <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
          >       
          >     * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
          >       Service <http://docs.yahoo.com/info/terms/>.
          >
          >


        Your message has been successfully submitted and would be delivered to recipients shortly.