Loading ...
Sorry, an error occurred while loading the content.

RE: [soaplite] SSL certificate authentication

Expand Messages
  • Taras Shkvarchuk
    Hi all, I got the certificate authentication working but in unix only for now. I have had some problems installing Crypt::SSLeay 0.29 in windows. The 0.29
    Message 1 of 4 , Aug 6, 2001
    • 0 Attachment
      Hi all,
      I got the certificate authentication working but in unix only for now. I
      have had some problems installing Crypt::SSLeay 0.29 in windows.
      The 0.29 version doesn't support setting password for the private key, gives
      you a prompt, so I had to make a small patch.
      To use the certificates you need to set 3 environment vars. HTTPS_CERT_FILE,
      HTTPS_KEY_FILE, HTTPS_CERT_PASS. (CERT_FILE, and KEY_FILE are often the same
      file) Everything else will be taken care of by the Crypt::SSLeay module.

      Hope it helps.
      -Taras

      Here is the simple patch(needed only if you using encripted private key, and
      don't want a user prompt).

      use Net::SSL;
      package Net::SSL;
      use GC::Cert;
      sub configure_certs {
      my $self = shift;
      my $ctx = *$self->{ssl_ctx};
      my $c_pass= $ENV{'HTTPS_CERT_PASS'};
      eval{

      if($c_pass){GC::Cert::SSL_CTX_set_default_passwd_cb_userdata($ctx,$c_pass);}
      };
      if($@){ print "\nNet:SSL Error:".$@."\n"; }
      my $count = 0;
      for ('HTTPS_CERT_FILE', 'HTTPS_KEY_FILE') {
      my $file = $ENV{$_};
      if($file) {
      (-e $file) or die("$file file does not exist: $!");
      $count++;
      if (/CERT/) {
      $ctx->use_certificate_file($file ,1) || die("failed to load
      $file: $!");
      } elsif (/KEY/) {
      $ctx->use_PrivateKey_file($file, 1) || die("failed to load
      $file: $!");
      } else {
      die("setting $_ not supported");
      }
      }
      }

      # if both configs are set, then verify them
      if (($count == 2)) {
      if (! $ctx->check_private_key) {
      die("Private key and certificate do not match");
      }
      }

      $count; # number of successful cert loads/checks
      }



      Here is the xs file for actually setting the password.
      #ifdef __cplusplus
      extern "C" {
      #endif
      #include "EXTERN.h"
      #include "perl.h"
      #include "XSUB.h"

      /* ssl.h or openssl/ssl.h is included from the crypt_ssleay_version
      * file which is written when building with perl Makefile.PL
      * #include "ssl.h"
      */
      #include "openssl/ssl.h"

      #ifdef __cplusplus
      }
      #endif


      MODULE = GC::Cert PACKAGE = GC::Cert
      PROTOTYPES: DISABLE
      void
      SSL_CTX_set_default_passwd_cb_userdata(ctx, pass)
      SSL_CTX* ctx
      char* pass


      here is Cert.pm
      package GC::Cert;

      require 5.005_62;
      use strict;
      use warnings;

      require Exporter;
      require DynaLoader;

      our @ISA = qw(Exporter DynaLoader);

      # Items to export into callers namespace by default. Note: do not export
      # names by default without a very good reason. Use EXPORT_OK instead.
      # Do not simply export all your public functions/methods/constants.

      # This allows declaration use GC::Cert ':all';
      # If you do not need this, moving things directly into @EXPORT or @EXPORT_OK
      # will save memory.
      our %EXPORT_TAGS = ( 'all' => [ qw(

      ) ] );

      our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );

      our @EXPORT = qw(

      );
      our $VERSION = '0.01';

      bootstrap GC::Cert $VERSION;

      # Preloaded methods go here.

      1;
    Your message has been successfully submitted and would be delivered to recipients shortly.