[Net-ssleay-devel] Re: Net::SSLeay Cert Chain
sampo at symlabs.com
sampo at symlabs.com
Sat Apr 29 13:36:27 UTC 2006
I am no longer the maintainer. Please ask on
net-ssleay-devel at lists.alioth.debian.org
Cheers,
--Sampo
Holgilein writes:
> Hi Sampo,
>
> FYI, there seems to be a missing part in the Net::SSLeay doco
> regarding this very useful function here:
>
> Net::SSLeay::CTX_load_verify_locations($ctx,"intermediate_cert", "");
>
> Anyway, Sebastian helped me greatly when he showed me how to use
> this function to enable intermediate certificates in my web server
> daemon, which uses Net::SSLeay and a Comodo intermediate certificate.
> Please see below for details.
>
> Would be nice if you add this info to the documentation.
>
> Cheers, mate!
>
> Holger
>
>
>
>>> ------------------------------------------------------------------------
>>>
>>> Subject:
>>> Re: Intermediate Certificates in Perl Net::SSLeay, how to use?
>>> From:
>>> Sebastian Dietrich <sd at ton-tauben.de>
>>> Date:
>>> Tue, 28 Mar 2006 20:19:45 +0200
>>> To:
>>> Mikhail Menshov <MMenshov at infohighway.com>
>>>
>>> To:
>>> Mikhail Menshov <MMenshov at infohighway.com>
>>>
>>>
>>> Hello Mike,
>>>
>>> yes, I found a solution. The deficiency does actually not lie in
>>> Net::SSLeay but in its poor documentation. I took a look into the
>>> perl-code and found out, that there was no function at all defined
>>> there. They are all sort of "loaded on demand". So I worked my way to
>>> the original OpenSSL documentation and found some useful API
>>> descriptions there:
>>> http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_CONTEXTS
>>> Calling these from Perl works! Even though they are not documented in
>>> SSLeay :)
>>>
>>> I use the following code-snippet to accept an incoming SSL-connection
>>> via inetd:
>>>
>>> (Please ignore line-breaks created by my MUA)
>>>
>>>
>>> # Initialize SSL
>>> Net::SSLeay::load_error_strings();
>>> Net::SSLeay::SSLeay_add_ssl_algorithms();
>>> Net::SSLeay::randomize();
>>>
>>> $ctx = Net::SSLeay::CTX_new() or die_now "CTX_new ($ctx) ($!)";
>>> Net::SSLeay::CTX_load_verify_locations($ctx,
>>> "/path/and/filename/of/intermediate_certificate", "");
>>> $ssl = Net::SSLeay::new($ctx) or die_now "new ($ssl) ($!)";
>>> Net::SSLeay::set_options($ssl, &Net::SSLeay::OP_ALL) and
>>> die_if_ssl_error("ssl set options");
>>>
>>> # We get already open network connections from inetd, now we just
>>> # need to attach SSLeay to STDIN and STDOUT
>>> Net::SSLeay::set_rfd($ssl, fileno(STDIN));
>>> Net::SSLeay::set_wfd($ssl, fileno(STDOUT));
>>>
>>> Net::SSLeay::use_RSAPrivateKey_file ($ssl,
>>> "/path/and/filename/of/server_key",&Net::SSLeay::FILETYPE_PEM);
>>> die_if_ssl_error("private key");
>>> Net::SSLeay::use_certificate_file ($ssl,
>>> "/path/and/filename/of/server_cert",&Net::SSLeay::FILETYPE_PEM);
>>> die_if_ssl_error("certificate");
>>>
>>>
>>> I would be interested if that worked for you, too.
>>>
>>> Regards
>>>
>>> Sebastian
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Mikhail Menshov schrieb:
>>>
>>>> Sebastian,
>>>>
>>>> I saw your post in *mailing.openssl.users
>>>> <http://groups.google.com/group/mailing.openssl.users?hl=en>. ** *Were
>>>> you able to find any asnwer to this question eventually?
>>>>
>>>> This looks like a significant deficiency in Net::SSLeayL
>>>>
>>>> Thank you
>>>>
>>>> -Mike
>>>>
>>>>
>>>>
>>>> Mikhail Menshov
>>>>
>>>> System Engineer
>>>>
>>>> InfoHighway Communications
>>>>
>>>> +1.2124045352
>>>>
>>>>
>>>>
>>>
>>>
>
>
....................................................................
Sampo Kellomaki ---> Chief Architect ---> DirectoryScript
M: +351-918.731.007 F: +351-213.422.185 W: www.symlabs.com
Customize directories -> LDAP SOAP Liberty SIP -> Directory Extender
More information about the Net-ssleay-devel
mailing list