Loading ...
Sorry, an error occurred while loading the content.

SSL SOAP::Transport::HTTP::Daemon Self-signed Certificates ???

Expand Messages
  • vipin gupta
    Hi, I have modified SOAP::Transport::HTTP::Daemon to be used with SSL as directed in previous group mails. I have added new patch to HTTP.pm so that it can
    Message 1 of 2 , Dec 16, 2005
    • 0 Attachment
      Hi,
      I have modified SOAP::Transport::HTTP::Daemon to be used with SSL as directed in previous group mails. I have added new patch to HTTP.pm so that it can support SSL for daemon by using HTTP::Daemon::SSL perl module.
      I created self signed certificates for server authentication.
      I am running a Soap HTTP daemon server at port 443. The server code is as shown below:

      #**********************************************************************************
      #*** SOAP Server
      !/usr/bin/perl
      use SOAP::Lite;
      use SOAP::Transport::HTTP;
      use IO::Socket::SSL;
      use HTTP::Daemon::SSL;

      SOAP::Transport::HTTP::Daemon
          -> new (ReuseAddr => 1, LocalAddr => '192.168.1.22', LocalPort => 443, Listen => 5, SSL_use_cert => 1,
              SSL_cert_file => '/usr/local/cvsw/server.crt', SSL_key_file => '/usr/local/cvsw/server.key')
          -> dispatch_to('cvs_service')
          -> handle;

      package cvs_service;

      sub getCvsConfig
      {
              my $line = 1;
              my(@configFile);
              my $temp;
              if(!open(CONFIG, "/etc/cvsw.conf"))
              {
                      qx{touch /etc/cvsw.conf};
                      return "";
              }
              while($temp=<CONFIG>)
              {
                      $configFile[$line]=$temp;
                      $line++;
              }
              close(CONFIG);
              return @configFile;
      }

      ## End of server code
      #******************************************************************************************
      #******************************************************************************************
      #******************************************************************************************

      The Client code is as follows:
      #******************************************************************************************
      #******************************************************************************************
      ## Client
      #!/usr/bin/perl
      use strict; # enforce variable declarations and quoting
      use CGI qw(:standard);
      use CGI::Cookie;
      use Crypt::SSLeay;
      use SOAP::Lite +trace => qw{trace debug};

      $ENV{HTTPS_DEBUG} = 1;
      $ENV{HTTPS_VERSION} = '23';

      my $soap_response = SOAP::Lite
          -> uri('cvs_service')
          -> proxy("https://192.168.1.22")
          -> getCvsConfig();

      if($soap_response->fault)
      {
              print ($soap_response->faultcode,$soap_response->faultstring,$soap_response->faultdetail);
      }
      else
      {
              print("Success");
      }
      #*******************************************************************************************
      #*******************************************************************************************
      #*******************************************************************************************
      #*******************************************************************************************

        After running the server, when I run the client program in debug mode, it runs as shown below:

      #*******************************************************************************************
      #*******************************************************************************************
      ### Client output
      #*******************************************************************************************


      SOAP::Transport::new: ()
      SOAP::Serializer::new: ()
      SOAP::Deserializer::new: ()
      SOAP::Parser::new: ()
      SOAP::Lite::new: ()
      SOAP::Transport::HTTP::Client::new: ()
      SOAP::Lite::call: ()
      SOAP::Serializer::envelope: ()
      SOAP::Serializer::envelope: getCvsConfig
      SOAP::Data::new: ()
      SOAP::Data::new: ()
      SOAP::Data::new: ()
      SOAP::Data::new: ()
      SOAP::Transport::HTTP::Client::send_receive: HTTP::Request=HASH(0x8427168)
      SOAP::Transport::HTTP::Client::send_receive: POST https://192.168.1.22 HTTP/1.1
      Accept: text/xml
      Accept: multipart/*
      Content-Length: 443
      Content-Type: text/xml; charset=utf-8
      SOAPAction: "cvs_service#getCvsConfig"

      <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:xsd="http://www.w3.org/1999/XMLSchema"><SOAP-ENV:Body><namesp1:getCvsConfig xmlns:namesp1="cvs_service"/></SOAP-ENV:Body></SOAP-ENV:Envelope>
      SSL_connect:before/connect initialization
      SSL_connect:SSLv2/v3 write client hello A
      SSL_connect:SSLv3 read server hello A
      SSL_connect:SSLv3 read server certificate A
      SSL_connect:SSLv3 read server done A
      SSL_connect:SSLv3 write client key exchange A
      SSL_connect:SSLv3 write change cipher spec A
      SSL_connect:SSLv3 write finished A
      SSL_connect:SSLv3 flush data
      SSL_connect:SSLv3 read finished A

      *** It waits here for some time, & comes out with 500 SSL read timeout response.......
      ******************************************************************************

      I have tried debugging it , but couldn't found the reason for this kind of behaviour.

      please help me if u can....

      regards
      Vipin








      __________________________________________________
      Do You Yahoo!?
      Tired of spam? Yahoo! Mail has the best spam protection around
      http://mail.yahoo.com

      __________________________________________________
      Do You Yahoo!?
      Tired of spam? Yahoo! Mail has the best spam protection around
      http://mail.yahoo.com

    • Vipin Gupta
      Hi, After spending hours in trying to sort out SSL timeout problem, I came to know that the problem lies in HTTP::Daemon::SSL. There is a call to sysread for
      Message 2 of 2 , Dec 22, 2005
      • 0 Attachment
        Hi,

        After spending hours in trying to sort out SSL timeout problem, I came
        to know that the problem lies in HTTP::Daemon::SSL. There is a call to
        "sysread" for reading the client request after SSL handshake. This
        call tries to read 2048 bytes of data from client. If the client is
        sending less than 2k data, server waits there & don't come out of
        sysread call. While client is waiting for response from server, server
        gets stuck in sysread call, which ultimately results in SSL timeout.

        I have written a patch to solve this problem with HTTP::Daemon::SSL.



        cd /usr/lib/perl5/site_perl/5.6.0/HTTP/Daemon
        diff SSL.pm.orig SSL.pm

        172,173c172,195

        < my $n = sysread($self, $_[0], 2048, length($_[0]));

        < print STDERR sprintf("sysread() just \$n=%s\n",(defined
        $n?$n:'undef')) if $DEBUG;

        ---

        >#################################################################

        >##################### Patch starts here #########################

        > my ($x,$n);

        > my $lent=1;

        > while($lent<=2048)

        > {

        > eval {

        > local $SIG{ALRM} = sub{die "alarm\n"};

        > alarm(1);

        > $n = sysread($self,$x,1);

        > alarm(0);

        > $_[0] = "$_[0]"."$x";

        > $lent++;

        > };

        > if($@)

        > {

        >

        > last;

        > }

        > }

        > $n=$lent;

        >##################### Patch ends here #########################

        >#################################################################

        > print STDERR sprintf("sysread() just \$n=%s\n",(defined
        $n?$n:'undef')) if $DEBUG;





        After adding this patch, My SSL Daemon & SSL soap client are
        communicating properly.

        I hope this will help & save your time.

        Cheers
        Vipin



        --- In soaplite@yahoogroups.com, vipin gupta <vipgup@y...> wrote:
        >
        > Hi,
        > I have modified SOAP::Transport::HTTP::Daemon to be used with SSL
        as directed in previous group mails. I have added new patch to
        HTTP.pm so that it can support SSL for daemon by using
        HTTP::Daemon::SSL perl module.
        > I created self signed certificates for server authentication.
        > I am running a Soap HTTP daemon server at port 443. The server
        code is as shown below:
        >
        >
        #**********************************************************************************
        > #*** SOAP Server
        > !/usr/bin/perl
        > use SOAP::Lite;
        > use SOAP::Transport::HTTP;
        > use IO::Socket::SSL;
        > use HTTP::Daemon::SSL;
        >
        > SOAP::Transport::HTTP::Daemon
        > -> new (ReuseAddr => 1, LocalAddr => '192.168.1.22',
        LocalPort => 443, Listen => 5, SSL_use_cert => 1,
        > SSL_cert_file => '/usr/local/cvsw/server.crt',
        SSL_key_file => '/usr/local/cvsw/server.key')
        > -> dispatch_to('cvs_service')
        > -> handle;
        >
        > package cvs_service;
        >
        > sub getCvsConfig
        > {
        > my $line = 1;
        > my(@configFile);
        > my $temp;
        > if(!open(CONFIG, "/etc/cvsw.conf"))
        > {
        > qx{touch /etc/cvsw.conf};
        > return "";
        > }
        > while($temp=<CONFIG>)
        > {
        > $configFile[$line]=$temp;
        > $line++;
        > }
        > close(CONFIG);
        > return @configFile;
        > }
        >
        > ## End of server code
        >
        #******************************************************************************************
        >
        #******************************************************************************************
        >
        #******************************************************************************************
        >
        > The Client code is as follows:
        >
        #******************************************************************************************
        >
        #******************************************************************************************
        > ## Client
        > #!/usr/bin/perl
        > use strict; # enforce variable declarations and quoting
        > use CGI qw(:standard);
        > use CGI::Cookie;
        > use Crypt::SSLeay;
        > use SOAP::Lite +trace => qw{trace debug};
        >
        > $ENV{HTTPS_DEBUG} = 1;
        > $ENV{HTTPS_VERSION} = '23';
        >
        > my $soap_response = SOAP::Lite
        > -> uri('cvs_service')
        > -> proxy("https://192.168.1.22")
        > -> getCvsConfig();
        >
        > if($soap_response->fault)
        > {
        > print
        ($soap_response->faultcode,$soap_response->faultstring,$soap_response->faultdetail);
        > }
        > else
        > {
        > print("Success");
        > }
        >
        #*******************************************************************************************
        >
        #*******************************************************************************************
        >
        #*******************************************************************************************
        >
        #*******************************************************************************************
        >
        > After running the server, when I run the client program in debug
        mode, it runs as shown below:
        >
        >
        #*******************************************************************************************
        >
        #*******************************************************************************************
        > ### Client output
        >
        #*******************************************************************************************
        >
        >
        > SOAP::Transport::new: ()
        > SOAP::Serializer::new: ()
        > SOAP::Deserializer::new: ()
        > SOAP::Parser::new: ()
        > SOAP::Lite::new: ()
        > SOAP::Transport::HTTP::Client::new: ()
        > SOAP::Lite::call: ()
        > SOAP::Serializer::envelope: ()
        > SOAP::Serializer::envelope: getCvsConfig
        > SOAP::Data::new: ()
        > SOAP::Data::new: ()
        > SOAP::Data::new: ()
        > SOAP::Data::new: ()
        > SOAP::Transport::HTTP::Client::send_receive:
        HTTP::Request=HASH(0x8427168)
        > SOAP::Transport::HTTP::Client::send_receive: POST
        https://192.168.1.22 HTTP/1.1
        > Accept: text/xml
        > Accept: multipart/*
        > Content-Length: 443
        > Content-Type: text/xml; charset=utf-8
        > SOAPAction: "cvs_service#getCvsConfig"
        >
        > <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
        xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
        SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
        xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
        xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
        xmlns:xsd="http://www.w3.org/1999/XMLSchema"><SOAP-ENV:Body><namesp1:getCvsConfig
        xmlns:namesp1="cvs_service"/></SOAP-ENV:Body></SOAP-ENV:Envelope>
        > SSL_connect:before/connect initialization
        > SSL_connect:SSLv2/v3 write client hello A
        > SSL_connect:SSLv3 read server hello A
        > SSL_connect:SSLv3 read server certificate A
        > SSL_connect:SSLv3 read server done A
        > SSL_connect:SSLv3 write client key exchange A
        > SSL_connect:SSLv3 write change cipher spec A
        > SSL_connect:SSLv3 write finished A
        > SSL_connect:SSLv3 flush data
        > SSL_connect:SSLv3 read finished A
        >
        > *** It waits here for some time, & comes out with 500 SSL read
        timeout response.......
        >
        ******************************************************************************
        >
        > I have tried debugging it , but couldn't found the reason for this
        kind of behaviour.
        >
        > please help me if u can....
        >
        > regards
        > Vipin
        >
        >
        >
        >
        >
        >
        >
        >
        >
        >
        > __________________________________________________
        > Do You Yahoo!?
        > Tired of spam? Yahoo! Mail has the best spam protection around
        > http://mail.yahoo.com
        > __________________________________________________
        > Do You Yahoo!?
        > Tired of spam? Yahoo! Mail has the best spam protection around
        > http://mail.yahoo.com
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.