[Net-ssleay-devel] Re: Net::SSLeay question

sampo at symlabs.com sampo at symlabs.com
Thu Sep 14 19:56:22 UTC 2006 

I take it that you are not reporting any bug. I do not any more
have resources to provide end user support - in fact I have
passed the project maintainership on. 

You can try 

http://alioth.debian.org/projects/net-ssleay/
net-ssleay-devel at lists.alioth.debian.org 

which is the new home of the project (and, yes, it is very much alive). 

Cheers,
 --Sampo 

Mark Terry writes:
> Sorry for troubling you, I have a question regarding Net::SSLeay: 
> 
> with "openssl s_client -connect 123.123.123.123.:443 < /dev/null" you 
> receive the following response: 
> 
> depth=1 /CN=NTA Monitor
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> DONE
> CONNECTED(00000003)
> ---
> Certificate chain
>  0 s:/CN=neon.nta-monitor.com
>    i:/CN=NTA Monitor
>  1 s:/CN=NTA Monitor
>    i:/CN=NTA Monitor
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIDVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtOVEEg
> TW9uaXRvcjAeFw0wNjA1MDcyMDUxMTFaFw0xNjA1MDQyMDUxMTFaMB8xHTAbBgNV
> BAMTFG5lb24ubnRhLW1vbml0b3IuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
> MIIBCgKCAQEAw518G6xfaA+0lu6szLWGVqk+KF6iwnFug3qah1nhIR2xi7bkTBbC
> I9F4pKblY8+rsNfV60iRpOR4RcR3zLKUhJ9DHK6qRcUgc0dM7gHVcpOzXWQ6mZKM
> 6GCmPxdPOiaVflPPQfL1WN+vY0Avadkj4iYTULHJYF38sc0mEDMrkN5i+w1HLGeK
> rtfvC9+LakycGJT4mththOURGjbHa3bG0u6GXDZuENO4Ewy2xbxgPe/IbfYmqzEj
> 4xaWSWO1oOia1CzqhRcNQBitBHJcJME9VrQzrmJAa6z4D6Dq/wLZY1TBf757+ox9
> UsrJvsVcXMdggO2XLoBiDFwF/ZEjC0VEpwIDAQABo4GjMIGgMAkGA1UdEwQCMAAw
> LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G
> A1UdDgQWBBQ97mk/izv4CRo05zYG5Grn9tyRYTBGBgNVHSMEPzA9gBTEACpJFXeB
> SdNdPnmVxQQ4oQnflKEapBgwFjEUMBIGA1UEAxMLTlRBIE1vbml0b3KCCQCQhsVS
> 4XpAhjANBgkqhkiG9w0BAQQFAAOCAQEAoKT7cgVFx7VNbMhDAEloVFJpNymvwdwE
> hYRSSbZDNl5WJAdhW0Hgx2WCQGiPr/wRaUPgNU/63NJ+aPpJ6d9SantPXOFazZys
> Lg77zOMoqPeSy6xGDhExyw5NQIRIAHvb3PkJcbnZrg7HB+7GyEZh6PNd8RB8ff1H
> 8rq0u1RSdZxGoFhPoAbjlVun92cM0et9vu0OqTFpA4qdFNjphWy5jBYj1Yu0mYKm
> LFFwX8xdeS6DhF5HVcVddkgPZPesfEM852Gj7yGkIecQJm/jtetlaarl+v3/UyoB
> rdVcJ4KAIs1F4wHxXIeYts9cxeRQcjVn6gbttIwDBC17Icu6iHvdwQ==
> -----END CERTIFICATE-----
> subject=/CN=neon.nta-monitor.com
> issuer=/CN=NTA Monitor
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 2361 bytes and written 340 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 2048 bit
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : DHE-RSA-AES256-SHA
>     Session-ID: 
> B81B40B607A06B832BE2F0D3521C00DAD33B7DFAB9B3935C78A7E6EAEA6358F1
>     Session-ID-ctx:
>     Master-Key: 
> 8ABDCAC29FBCA7FD4270F44D4814DD4B2B9B977C0C492F454ECC21DC9D2F4F13104F414E1F 
> EDBED819B5B01EECB393A7
>     Key-Arg   : None
>     Start Time: 1158153666
>     Timeout   : 300 (sec)
>     Verify return code: 19 (self signed certificate in certificate chain)
> --- 
> 
> How do I go about getting the "Protocol  : TLSv1" value with Net::SSLeay? 
> 
> I was thinking that it would be the following openssl fucntion: 
> 
> 	char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); 
> 
>     	Returns a string like ``TLSv1/SSLv3'' or ``SSLv2'' which 		 indicates 
> the SSL/TLS protocol version to which cipher belongs 			(i.e. where it was 
> defined in the specification the first time). 
> 
> Any help would be great, thanks. 
> 
> -- 
> Mark Terry 
> 
> Research and Development
> NTA Monitor Ltd
> 14 Ashford House,
> Beaufort Court,
> Medway City Estate,
> Rochester,
> Kent ME2 4FA, UK 
> 
> Email: mark.terry at nta-monitor.com
> WWW:   http://www.nta-monitor.com
 


__________________________________________________________________
Sym  | Sampo Kellomaki  ______| Identity Architect, Federated SSO
____ | +351-918.731.007 ______| Liberty ID-WSF DirectoryScript
labs | skype: sampo.kellomaki | LDAP SOAP PlainDoc Crypto C Perl

More information about the Net-ssleay-devel mailing list