Loading ...
Sorry, an error occurred while loading the content.

Re: [soaplite] ssl certificate

Expand Messages
  • Byrne Reese
    I recommend that you have the webserver (in your case Netscape) handle all the HTTPS traffic. The CGI script will then not need to worry about SSL at all -
    Message 1 of 5 , Jun 9, 2004
    • 0 Attachment
      I recommend that you have the webserver (in your case Netscape) handle
      all the HTTPS traffic. The CGI script will then not need to worry about
      SSL at all - which is ideal.

      Sinha, Madhukar [IT] wrote:

      > Thats really helpful
      >
      > Bryne - if we have perl CGI based webservice using SOAP::Lite (running
      > under Netscape). and the client is a apache java soap client from
      > external machine. Do we need Crypt::SSLeay and OpenSSL on webserver
      > too to understand SSL commmunication ? I guess it would be needed.
      > Please confirm?
      >
      > thanks
      >
      >
      >
      > -----Original Message-----
      > *From:* Byrne Reese [mailto:byrne@...]
      > *Sent:* Wednesday, June 09, 2004 11:12 AM
      > *To:* Gordon Pate
      > *Cc:* soaplite@yahoogroups.com
      > *Subject:* Re: [soaplite] ssl certificate
      >
      > http://www.perldiscuss.com/article.php?id=5504&group=perl.libwww
      > <http://www.perldiscuss.com/article.php?id=5504&group=perl.libwww>
      >
      > It is accomplished by setting some global environment variables
      > that LWP
      > and SSLeay read in order to know where to find the necessary cert.
      >
      > http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT
      > <http://search.cpan.org/%7Echamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT>
      >
      > Gordon Pate wrote:
      >
      > > How do you specify the location of an ssl certificate in an ssl soap
      > > call?
      > >
      > >
      > > *Yahoo! Groups Sponsor*
      > > ADVERTISEMENT
      > >
      > <http://rd.yahoo.com/SIG=129lg5kh2/M=298184.5022502.6152625.3001176/D=groups/S=1705701014:HM/EXP=1086833842/A=2164330/R=0/SIG=11eamf8g4/*http://www.netflix.com/Default?mqso=60183350>
      >
      > >
      > >
      > >
      > >
      > ------------------------------------------------------------------------
      > > *Yahoo! Groups Links*
      > >
      > > * To visit your group on the web, go to:
      > > http://groups.yahoo.com/group/soaplite/
      > >
      > > * To unsubscribe from this group, send an email to:
      > > soaplite-unsubscribe@yahoogroups.com
      > >
      > <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
      > >
      > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
      > > Service <http://docs.yahoo.com/info/terms/>.
      > >
      > >
      >
      >
      >
      > *Yahoo! Groups Sponsor*
      > ADVERTISEMENT
      > <http://rd.yahoo.com/SIG=12910ojsc/M=298184.5022502.6152625.3001176/D=groups/S=1705701014:HM/EXP=1086887103/A=2164338/R=0/SIG=11ed4vqbv/*http://www.netflix.com/Default?mqso=60183349>
      >
      >
      >
      > ------------------------------------------------------------------------
      > *Yahoo! Groups Links*
      >
      > * To visit your group on the web, go to:
      > http://groups.yahoo.com/group/soaplite/
      >
      > * To unsubscribe from this group, send an email to:
      > soaplite-unsubscribe@yahoogroups.com
      > <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
      >
      > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
      > Service <http://docs.yahoo.com/info/terms/>.
      >
      >
    • Sinha, Madhukar [IT]
      Byrne/group My SSL connection via soaplite is working when i use Crypt::SSLeay . I am not supplying certificates now. Crypt::SSLeay is trusting it internally.
      Message 2 of 5 , Jun 15, 2004
      • 0 Attachment
        Byrne/group
         
        My SSL connection via soaplite is working when i use Crypt::SSLeay . I am not supplying certificates now. Crypt::SSLeay is trusting it internally.
         
        My problem is that for every call it tries to verify the certificate and uses a new connection. as shown in SSL debug below . Please  also see client.pl which uses module Utils.pm . This repeat SSL handshake has made my application quiet slow.
         
        Seems like the SOAP handle i use for making repeat calls is not keeping the SSLcontext/channel in memory and hence starts another connection.
         
        This is surely and overhead and has slowed down my calls to a great extent compared to non-ssl situation,
         
        Please suggest if something can be done to force soaplite to use same connection?
         
        ##########################################################
        SSL_connect:before/connect initialization
        SSL_connect:SSLv2/v3 write client hello A
        SSL_connect:SSLv3 read server hello A
        SSL_connect:SSLv3 read server certificate A
        SSL_connect:SSLv3 read server done A
        SSL_connect:SSLv3 write client key exchange A
        SSL_connect:SSLv3 write change cipher spec A
        SSL_connect:SSLv3 write finished A
        SSL_connect:SSLv3 flush data
        SSL_connect:SSLv3 read finished A
        SSL3 alert read:warning:close notify
         
        next call ----

        SSL_connect:before/connect initialization
        SSL_connect:SSLv2/v3 write client hello A
        SSL_connect:SSLv3 read server hello A
        SSL_connect:SSLv3 read server certificate A
        SSL_connect:SSLv3 read server done A
        SSL_connect:SSLv3 write client key exchange A
        SSL_connect:SSLv3 write change cipher spec A
        SSL_connect:SSLv3 write finished A
        SSL_connect:SSLv3 flush data
        SSL_connect:SSLv3 read finished A
        SSL3 alert read:warning:close notify
         
        ####################################################
         
        my client code looks like
         
        ### client.pl ###
         
        my $riskcall = new Utils() or die "error: unable to create Riskmaster";
         
         
        foreach my $result (@results) {
        #  print "RESULT: @$result !\n";
          my ($id1, $id2, $source) = @$result;
         
          print STDOUT "Retrieving risk for $id1.$id2 for COB $date\n";

        #CALL 1 #
          my @risk = $riskcall ->get_risk($date, $id1, $id2);
        #CALL 2 #
        my @risk2 = $riskcall ->get_risk($date, $id11, $id22);
        #CALL 3 #
        my @risk3 = $riskcall ->get_risk($date, $id111, $id222);
         
         
         
        #################
        Utils.pm -----
        #################
        sub new {
          my ($class, $config_file) = @_;
         
          my $self = {};
         
          my $risksource =  SOAP::Lite
            -> uri($URN)
            -> proxy($SOAP_ROUTER_URL);
         
          $self->{'risksource'} = $risksource;
          #
          bless $self, $class;
        }
         
        #
         
        sub get_risk {
          my ($self, $date, $id1, $id2) = @_;
         
          # make the call to get data
         
          my $risksource = $self->{'risksource'};
         
          my $dt = SOAP::Data->type(string => $date);
          my $deal_id = SOAP::Data->type(string => $id1);
          my $txn_num = SOAP::Data->type(string => $id2);
         
          my ($result);
          eval {
                my $risk = $risksource->getRisk('RISK', $dt, $deal_id, $txn_num);
                $result  = $risk->result();
          1 } or die_cleanup();
         
        }
         
         
        Please help
         
        Regards
        Madhukar
         

         
         

        -----Original Message----- 
         
        From: Byrne Reese [mailto:byrne@...]
        Sent: Wednesday, June 09, 2004 11:12 AM
        To: Gordon Pate
        Cc: soaplite@yahoogroups.com
        Subject: Re: [soaplite] ssl certificate

        http://www.perldiscuss.com/article.php?id=5504&group=perl.libwww

        It is accomplished by setting some global environment variables that LWP
        and SSLeay read in order to know where to find the necessary cert.

        http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT

        Gordon Pate wrote:

        > How do you specify the location of an ssl certificate in an ssl soap
        > call?
        >
        >
        > *Yahoo! Groups Sponsor*
        > ADVERTISEMENT
        > <http://rd.yahoo.com/SIG=129lg5kh2/M=298184.5022502.6152625.3001176/D=groups/S=1705701014:HM/EXP=1086833842/A=2164330/R=0/SIG=11eamf8g4/*http://www.netflix.com/Default?mqso=60183350>
        >
        >
        >
        > ------------------------------------------------------------------------
        > *Yahoo! Groups Links*
        >
        >     * To visit your group on the web, go to:
        >       http://groups.yahoo.com/group/soaplite/
        >       
        >     * To unsubscribe from this group, send an email to:
        >       soaplite-unsubscribe@yahoogroups.com
        >       <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
        >       
        >     * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
        >       Service <http://docs.yahoo.com/info/terms/>.
        >
        >


      Your message has been successfully submitted and would be delivered to recipients shortly.