Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Examining SSL Certificates of SMTP hosts using Perl

by foobar1977 (Novice)
on Sep 09, 2008 at 14:55 UTC ( #710106=perlquestion: print w/ replies, xml ) Need Help??
foobar1977 has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I have a list of SMTP servers running TLS that I need to check certs on. I've been going around in circles trying to find a solution and think I must be missing something.

I think I need to be in Crypt::OpenSSL::X509 since I need to use the issuer, notBefore and notAfter methods its provides but Im struggling with how to extract the certificate from the SMTP server. Im happily connecting via IO::Socket::SSL but the peer_certificate/dump_peer_certificate methods dont dump the entire cert.

I can use the openssl binary and pass the output of that into Crypt::OpenSSL::X509 and do what I need from there but I dont really want to shell out and even if I go down that route there are other hurdles to overcome.

Can anyone advise on the best solution here.

Thanks in advance.

Comment on Examining SSL Certificates of SMTP hosts using Perl
Re: Examining SSL Certificates of SMTP hosts using Perl
by mr_mischief (Monsignor) on Sep 09, 2008 at 15:42 UTC
    I can't tell you the exact solution, but I had a quick look at your problem and I'll make some suggestions where you might want to look deeper.

    IO::Socket::SSL uses Net::SSLeay as its wrapper around OpenSSL. The POD for the latter says it doesn't have a complete x509 interface and that dump_peer_certificate returns "selected" information.

    There is a low-level routine in Net::SSLeay called sslcat that does more general things, including grabbing the whole certificate.

    Perhaps using the lower-level Net::SSLeay stuff will get you a certificate you can save to a temp file and specify to Crypt::OpenSSL::X509. I haven't tried it, but that's where I'd start based on the docs for these three modules.

      See the QuickRef in the Net::SSLeay package for more details, but you could get the X509 certificate by smth like this: Net::SSLeay::PEM_get_string_X509( $CLIENT->peer_certificate() ). $CLIENT->peer_certificate() returns integer number which represents a certificate from the cert-store
Re: Examining SSL Certificates of SMTP hosts using Perl
by Anonymous Monk on Sep 09, 2008 at 16:14 UTC
    Expanding mr_mischief's answer, I'd also suggest to take a look to the certificate verification facilities that Net::SSLeay gives you.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://710106]
Approved by Arunbear
Front-paged by Tanktalus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (8)
As of 2014-10-25 13:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (143 votes), past polls