Loading ...
Sorry, an error occurred while loading the content.

SSL and SOAP server (again)

Expand Messages
  • monsieur_magoo
    I m trying to write a soap server that will handle SSL requests. The SOAP::Transport::HTTP perldoc says you need: $ENV{HTTPS_CERT_FILE} = client-cert.pem ;
    Message 1 of 3 , Apr 26 1:21 PM
    View Source
    • 0 Attachment
      I'm trying to write a soap server that will handle SSL requests. The
      SOAP::Transport::HTTP perldoc says you need:

      $ENV{HTTPS_CERT_FILE} = 'client-cert.pem';
      $ENV{HTTPS_KEY_FILE} = 'client-key.pem';

      Tried that and it didn't work.

      A previous message from this list says to pass the following args into
      new():

      SSL_key_file => 'soap_proxy.key',
      SSL_cert_file => 'soap_proxy.crt'

      Tried that and it didn't work either.

      If I change LocalPort to 80 and make the client use http my code works
      fine. What do you have to do to get a SOAP server that works with ssl?

      Here's my code:

      #!/usr/bin/perl

      use SOAP::Transport::HTTP;

      $ENV{HTTPS_CERT_FILE} = 'soap_proxy.crt';
      $ENV{HTTPS_KEY_FILE} = 'soap_proxy.key';
      $ENV{HTTPS_CERT_PASS} = 'pass';

      my $daemon = new SOAP::Transport::HTTP::Daemon(LocalAddr => '10.14.18.60',
      LocalPort => 443,
      SSL_key_file =>
      'soap_proxy.key',
      SSL_cert_file =>
      'soap_proxy.crt',
      SSL_cert_pass => 'pass');
      $daemon->on_action(sub {print @_, qq(\n)});
      print qq(Contact SOAP server at ), $daemon->url, qq(\n);
      $daemon->handle();
    • Thomas J Pinkl
      ... [...] The approach I used, was a forking server based upon HTTP::Daemon::SSL. Each connection is handled by a child process which creates a
      Message 2 of 3 , Apr 26 2:00 PM
      View Source
      • 0 Attachment
        On Wed, Apr 26, 2006 at 08:21:15PM -0000, monsieur_magoo wrote:
        > I'm trying to write a soap server that will handle SSL requests.
        [...]

        The approach I used, was a forking server based upon HTTP::Daemon::SSL.
        Each connection is handled by a child process which creates a
        SOAP::Transport::HTTP::Server object to deal with SOAP requests.

        --
        Thomas J. Pinkl | T: 215-442-9300
        Senior Systems Architect | 800-444-1427
        Health Business Systems, Inc | F: 215-442-7555
        An SXC Company |
        738 Louis Drive | http://www.hbsrx.com/
        Warminster, PA 18974 | http://www.sxc.com/
      • Thomas J Pinkl
        ... I cannot post the code, as it is part of a commercial product that is sold by my employer. In pseudo code, it would look like so (untested): use
        Message 3 of 3 , Sep 9, 2008
        View Source
        • 0 Attachment
          On Tue, Sep 09, 2008 at 05:42:37PM -0000, fistan11 wrote:
          > Thomas, can you put any example here? Multithreaded SSL standalone
          > server could be MUCH MORE expressive than thousands of doc lines.
          > Thank you!

          I cannot post the code, as it is part of a commercial product that
          is sold by my employer. In pseudo code, it would look like so
          (untested):

          use IO::Socket;
          use HTTP::Daemon::SSL;
          use SOAP::Transport::HTTP;
          ...

          # set up HTTP and SSL options
          my %https_opts = ();
          $https_opts{LocalPort} = 443;
          $https_opts{Proto} = "tcp";
          $https_opts{Type} = SOCK_STREAM;
          $https_opts{Listen} = SOMAXCONN;
          $https_opts{ReuseAddr} = 1;
          $https_opts{Timeout} = 300;
          $https_opts{SSL_version} = 'SSLv2/3';
          $https_opts{SSL_cipher_list} = 'ALL:!LOW:!EXP';
          $https_opts{SSL_use_cert} = 1;
          $https_opts{SSL_key_file} = "server.key";
          $https_opts{SSL_cert_file} = "server.crt";
          $https_opts{SSL_ca_file} = "ca-bundle.crt";
          $https_opts{SSL_ca_path} = "/path/to/CA/certs";
          $https_opts{SSL_verify_mode} = 0x01|0x02;
          $https_opts{SSL_check_crl} = 0;
          ...

          sub https_daemon {
          # become a daemon (optional)
          &make_me_a_daemon();

          # start HTTPS listener
          my $server = HTTP::Daemon::SSL->new( %https_opts );

          # accept loop
          while (1) {
          # wait for a client connection
          my $client = $server->accept();
          next if (! $client);

          # start a child process to handle the connection
          &start_child($server,$client);

          # parent process closes the connected socket
          $client->close();
          }
          }

          sub start_child {
          my $server = shift;
          my $client = shift;

          my $pid = fork();
          return if (! defined $pid);

          if ($pid > 0) {
          # parent process
          return;
          } else {
          # child process
          $server->close();

          # handle the HTTP connection and exit
          &handle_http_connection($client);
          $client->close();
          exit(0);
          }
          }

          sub handle_http_connection {
          my $client = shift;

          my $soap = new SOAP::Transport::HTTP::Server;
          $soap->dispatch_to( $SOME_LIST_OF_MODULES );

          while (1) {
          # read HTTP request
          my $req = $client->get_request();
          last if (! $req);

          # handle HTTP request and generate HTTP response
          my $resp = &handle_http_request( $req, $soap );

          # send HTTP response
          if ($resp) {
          $client->send_response( $resp );
          } else {
          last;
          }
          }
          }

          sub handle_http_request {
          my $req = shift;
          my $soap = shift;

          # process the SOAP request
          $soap->request( $req );
          $soap->handle();

          # return the SOAP response
          return $soap->response();
          }

          Note that error and signal handling have been omitted to save space
          and to direct attention to the main concepts.

          Also note that this represents a forking server, suitable for a UNIX
          type system (eg. Linux). It is not multi-threaded and it may not
          work on Windows.

          --
          Thomas J. Pinkl


          This communication, including any attachments, may contain information that is confidential and may be privileged and exempt from disclosure under applicable law. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender. Thank you for your cooperation.
        Your message has been successfully submitted and would be delivered to recipients shortly.