[Net-ssleay-devel] Re: Net::SSLeay & CRL's

Mike McCauley mikem at open.com.au
Wed Jan 18 22:10:56 UTC 2006 

Hello Eric,

Whats going on? You are still using your orginal code with your bug still in 
it. No wonder it crashes. Here again is the working code I have sent to you 3 
times now. Please use it and check your work before resubmittting a bug 
report on this list. I dont have time to debug your code for you any more.

You must pass $ctx to CTX_get_cert_store, not $ssl:
&Net::SSLeay::X509_STORE_set_flags(&Net::SSLeay::CTX_get_cert_store($ctx),&Net::SSLeay::X509_V_FLAG_CRL_CHECK); 

Cheers.


On Thursday 19 January 2006 02:19, Eric Nichols wrote:
> Very strange.. still crashes perl in windows.. here is the code...
> If you would like I can setup VNC and an IM client if you want to take a
> look... Thanks
> Eric
>
> On Thu, January 12, 2006 6:42 pm, Mike McCauley wrote:
> > Hello Eric,
> >
> > On Friday 13 January 2006 00:37, Eric Nichols wrote:
> >> Ok I tried the code.  The good news is it did not crash.  The bad news..
> >> it did not crash... Let me explain..
> >>
> >> I ran the new script straight out and did not load any CRL's anywhere.
> >> According to the docs it should have errored on the connection because
> >> it could not find the CRL file.
> >> Thoughts?
> >
> > You did not enable certificate verification. You need to add
> >
> > &Net::SSLeay::CTX_set_default_verify_paths($ctx);
> > &Net::SSLeay::set_verify($ssl, &Net::SSLeay::VERIFY_PEER, 0);
> >
> > to your code.
> > If you are using private certificates you may need to call
> > Net::SSLeay::CTX_load_verify_locations
> > too.
> >
> > Hint: use Net::SSLeay::get_verify_result($ssl) to find out why
> > verification fails. You should expect 3: unable to get certificate CRL.
> >
> > Cheers.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssleay.pl
Type: application/x-perl
Size: 1939 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/net-ssleay-devel/attachments/20060119/c68e0c67/ssleay.bin

More information about the Net-ssleay-devel mailing list