[Net-ssleay-devel] Re: Net::SSLeay & CRL's
Eric Nichols
eric at dirwiz.com
Thu Jan 12 14:37:09 UTC 2006
Ok I tried the code. The good news is it did not crash. The bad news.. it
did not crash... Let me explain..
I ran the new script straight out and did not load any CRL's anywhere.
According to the docs it should have errored on the connection because it
could not find the CRL file.
Thoughts?
On Thu, January 5, 2006 5:50 pm, Mike McCauley wrote:
> Hello Eric,
>
>
> On Friday 06 January 2006 02:05, Eric Nichols wrote:
>> Hi Mike,
>> Attached is the code I was playing with. If you can make it work then I
>> know it's my openssl binaries. What version of perl are you running?
>
> There was an error in your code in the way it called CTX_get_cert_store and
> X509_STORE_set_flags. You should have used:
>
> &Net::SSLeay::X509_STORE_set_flags(&Net::SSLeay::CTX_get_cert_store($ctx),&Net::SSLeay::X509_V_FLAG_CRL_CHECK);
>
> I have attached a working version of your code. Works fine here on Linux,
> openssl 0.9.8a and Windows with openssl 0.9.7i.
>
> [mikem at zulu tmp]$ perl ssleay.pl www.open.com.au 443 test
> Cipher `EDH-RSA-DES-CBC3-SHA'
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <HTML><HEAD>
> <TITLE>501 Method Not Implemented</TITLE>
> </HEAD><BODY>
> <H1>Method Not Implemented</H1>
> test to /index.html not supported.<P>
> Invalid method in request test<P>
> <HR>
> <ADDRESS>Apache/1.3.27 Server at www.open.com.au Port 443</ADDRESS>
> </BODY></HTML>
>
> Cheers.
>
>> Thanks
>> E.
>>
>> On Tue, January 3, 2006 7:51 pm, Mike McCauley wrote:
>> > Hello Eric,
>> >
>> > Perhaps if you will post the code that is not working correctly, I will
>> > be able to reproduce the problem.
>> >
>> > BTW, we use OpenSSL 0.9.7i on Windows here (binaries from
>> > shininglighthttp://www.shininglightpro.com/products/Win32OpenSSL.html).
>> > Our code works fine with CRLs here.
>> >
>> > I have a vague recollection that there were problems with CRLs in some
>> > earlier versions of 0.9.7, so you may want to try a more recent openssl
>> > with your net_ssleay.
>> >
>> > Cheers.
>> >
>> > On Wednesday 04 January 2006 00:09, Eric Nichols wrote:
>> >> Good morning and happy new year!
>> >> I realise with the holidays everything slows down. My new years
>> >> resolution is to get CRL's working. Any thoughts?
>> >>
>> >> On Wed, December 21, 2005 8:54 am, Eric Nichols wrote:
>> >> > Ok I'll try my best to get you what you need. Attached is the code I
>> >> > am using. I set the Trace to 2 and ran it. No output except the
>> >> > windows popup saying that perl crashed. I do not know how to perform
>> >> > a back trace on perl. Believe me I'd rather be doing this in Linux but
>> >> > I'm forced to use Windows.
>> >> >
>> >> > I would be more than happy to setup a test envrionment to let
>> >> > developers VNC in and try some things.
>> >> >
>> >> > Many thanks for all the help and assistance.
>> >> > Eric
>> >> >
>> >> > On Tue, December 20, 2005 11:48 pm, Florian Ragwitz wrote:
>> >> >> I'm taking this discussion to our development mailinglist. Please
>> >> >> continue there.
>> >> >>
>> >> >> On Wed, Dec 21, 2005 at 03:40:27AM +0000, Eric Nichols wrote:
>> >> >>> I need a bit of education here. I am using Windows Active State
>> >> >>> Perl 5.8.6 with Net::SSLeay 1.26 & OpenSSL 0.9.7b.
>> >> >>
>> >> >> I don't own a windows box, so I fear I can't help you much. But I'll
>> >> >> give a try.
>> >> >>
>> >> >>> I used your example code to connect to a server.
>> >> >>
>> >> >> Which example code? Please send it to us.
>> >> >>
>> >> >>> When I inserted the code to do the CRL check, perl crashed.
>> >> >>
>> >> >> We'd also like to see this code. Maybe you simply didn't use
>> >> >> Net::SSLeay the right way and that crash is avoidable.
>> >> >>
>> >> >> But beside that a perl crash is a bug and should be fixed.
>> >> >>
>> >> >>> Does this functionality work or is there a patch available to fix
>> >> >>> this?
>> >> >>
>> >> >> I don't even know what the problem is so I can't tell you how to fix
>> >> >> it.
>> >> >>
>> >> >>> I'm not sure what other info I can offer to help, the crash doesn't
>> >> >>> give me much to go on. Thanks Eric
>> >> >>
>> >> >> Please send me some more debugging information. For example the trace
>> >> >> output of Net::SSLeay and a backtrace of the crashed perl
>> >> >> interpreter.
>> >> >>
>> >> >>
>> >> >> Regards,
>> >> >> Flo
>> >> >>
>> >> >> --
>> >> >> BOFH excuse #144:
>> >> >> Too few computrons available.
>> >> >
>> >> > _______________________________________________
>> >> > Net-ssleay-devel mailing list
>> >> > Net-ssleay-devel at lists.alioth.debian.org
>> >> > http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
>> >>
>> >> _______________________________________________
>> >> Net-ssleay-devel mailing list
>> >> Net-ssleay-devel at lists.alioth.debian.org
>> >> http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
>> >
>> > --
>> > Mike McCauley mikem at open.com.au
>> > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
>> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>> > http://www.open.com.au Phone +61 7 5598-7474 Fax
>> > +61 7 5598-7070
>> >
>> > Radiator: the most portable, flexible and configurable RADIUS server
>> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> > TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>
More information about the Net-ssleay-devel
mailing list