[Net-ssleay-devel] Re: Net::SSLeay & CRL's
Mike McCauley
mikem at open.com.au
Thu Jan 5 22:50:18 UTC 2006
Hello Eric,
On Friday 06 January 2006 02:05, Eric Nichols wrote:
> Hi Mike,
> Attached is the code I was playing with. If you can make it work then I
> know it's my openssl binaries. What version of perl are you running?
There was an error in your code in the way it called CTX_get_cert_store and
X509_STORE_set_flags. You should have used:
&Net::SSLeay::X509_STORE_set_flags(&Net::SSLeay::CTX_get_cert_store($ctx),&Net::SSLeay::X509_V_FLAG_CRL_CHECK);
I have attached a working version of your code. Works fine here on Linux,
openssl 0.9.8a and Windows with openssl 0.9.7i.
[mikem at zulu tmp]$ perl ssleay.pl www.open.com.au 443 test
Cipher `EDH-RSA-DES-CBC3-SHA'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
test to /index.html not supported.<P>
Invalid method in request test<P>
<HR>
<ADDRESS>Apache/1.3.27 Server at www.open.com.au Port 443</ADDRESS>
</BODY></HTML>
Cheers.
> Thanks
> E.
>
> On Tue, January 3, 2006 7:51 pm, Mike McCauley wrote:
> > Hello Eric,
> >
> > Perhaps if you will post the code that is not working correctly, I will
> > be able to reproduce the problem.
> >
> > BTW, we use OpenSSL 0.9.7i on Windows here (binaries from
> > shininglighthttp://www.shininglightpro.com/products/Win32OpenSSL.html).
> > Our code works fine with CRLs here.
> >
> > I have a vague recollection that there were problems with CRLs in some
> > earlier versions of 0.9.7, so you may want to try a more recent openssl
> > with your net_ssleay.
> >
> > Cheers.
> >
> > On Wednesday 04 January 2006 00:09, Eric Nichols wrote:
> >> Good morning and happy new year!
> >> I realise with the holidays everything slows down. My new years
> >> resolution is to get CRL's working. Any thoughts?
> >>
> >> On Wed, December 21, 2005 8:54 am, Eric Nichols wrote:
> >> > Ok I'll try my best to get you what you need. Attached is the code I
> >> > am using. I set the Trace to 2 and ran it. No output except the
> >> > windows popup saying that perl crashed. I do not know how to perform
> >> > a back trace on perl. Believe me I'd rather be doing this in Linux but
> >> > I'm forced to use Windows.
> >> >
> >> > I would be more than happy to setup a test envrionment to let
> >> > developers VNC in and try some things.
> >> >
> >> > Many thanks for all the help and assistance.
> >> > Eric
> >> >
> >> > On Tue, December 20, 2005 11:48 pm, Florian Ragwitz wrote:
> >> >> I'm taking this discussion to our development mailinglist. Please
> >> >> continue there.
> >> >>
> >> >> On Wed, Dec 21, 2005 at 03:40:27AM +0000, Eric Nichols wrote:
> >> >>> I need a bit of education here. I am using Windows Active State
> >> >>> Perl 5.8.6 with Net::SSLeay 1.26 & OpenSSL 0.9.7b.
> >> >>
> >> >> I don't own a windows box, so I fear I can't help you much. But I'll
> >> >> give a try.
> >> >>
> >> >>> I used your example code to connect to a server.
> >> >>
> >> >> Which example code? Please send it to us.
> >> >>
> >> >>> When I inserted the code to do the CRL check, perl crashed.
> >> >>
> >> >> We'd also like to see this code. Maybe you simply didn't use
> >> >> Net::SSLeay the right way and that crash is avoidable.
> >> >>
> >> >> But beside that a perl crash is a bug and should be fixed.
> >> >>
> >> >>> Does this functionality work or is there a patch available to fix
> >> >>> this?
> >> >>
> >> >> I don't even know what the problem is so I can't tell you how to fix
> >> >> it.
> >> >>
> >> >>> I'm not sure what other info I can offer to help, the crash doesn't
> >> >>> give me much to go on. Thanks Eric
> >> >>
> >> >> Please send me some more debugging information. For example the trace
> >> >> output of Net::SSLeay and a backtrace of the crashed perl
> >> >> interpreter.
> >> >>
> >> >>
> >> >> Regards,
> >> >> Flo
> >> >>
> >> >> --
> >> >> BOFH excuse #144:
> >> >> Too few computrons available.
> >> >
> >> > _______________________________________________
> >> > Net-ssleay-devel mailing list
> >> > Net-ssleay-devel at lists.alioth.debian.org
> >> > http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
> >>
> >> _______________________________________________
> >> Net-ssleay-devel mailing list
> >> Net-ssleay-devel at lists.alioth.debian.org
> >> http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
> >
> > --
> > Mike McCauley mikem at open.com.au
> > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > http://www.open.com.au Phone +61 7 5598-7474 Fax
> > +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssleay.pl
Type: application/x-perl
Size: 1767 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/net-ssleay-devel/attachments/20060106/ad4a2518/ssleay.bin
More information about the Net-ssleay-devel
mailing list