Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Examining SSL Certificates of SMTP hosts using Perl

by foobar1977 (Novice)
on Sep 09, 2008 at 14:55 UTC ( #710106=perlquestion: print w/ replies, xml ) Need Help??
foobar1977 has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I have a list of SMTP servers running TLS that I need to check certs on. I've been going around in circles trying to find a solution and think I must be missing something.

I think I need to be in Crypt::OpenSSL::X509 since I need to use the issuer, notBefore and notAfter methods its provides but Im struggling with how to extract the certificate from the SMTP server. Im happily connecting via IO::Socket::SSL but the peer_certificate/dump_peer_certificate methods dont dump the entire cert.

I can use the openssl binary and pass the output of that into Crypt::OpenSSL::X509 and do what I need from there but I dont really want to shell out and even if I go down that route there are other hurdles to overcome.

Can anyone advise on the best solution here.

Thanks in advance.
  • Comment on Examining SSL Certificates of SMTP hosts using Perl

Replies are listed 'Best First'.
Re: Examining SSL Certificates of SMTP hosts using Perl
by mr_mischief (Monsignor) on Sep 09, 2008 at 15:42 UTC
    I can't tell you the exact solution, but I had a quick look at your problem and I'll make some suggestions where you might want to look deeper.

    IO::Socket::SSL uses Net::SSLeay as its wrapper around OpenSSL. The POD for the latter says it doesn't have a complete x509 interface and that dump_peer_certificate returns "selected" information.

    There is a low-level routine in Net::SSLeay called sslcat that does more general things, including grabbing the whole certificate.

    Perhaps using the lower-level Net::SSLeay stuff will get you a certificate you can save to a temp file and specify to Crypt::OpenSSL::X509. I haven't tried it, but that's where I'd start based on the docs for these three modules.

      See the QuickRef in the Net::SSLeay package for more details, but you could get the X509 certificate by smth like this: Net::SSLeay::PEM_get_string_X509( $CLIENT->peer_certificate() ). $CLIENT->peer_certificate() returns integer number which represents a certificate from the cert-store
Re: Examining SSL Certificates of SMTP hosts using Perl
by Anonymous Monk on Sep 09, 2008 at 16:14 UTC
    Expanding mr_mischief's answer, I'd also suggest to take a look to the certificate verification facilities that Net::SSLeay gives you.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://710106]
Approved by Arunbear
Front-paged by Tanktalus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (5)
As of 2016-08-27 02:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The best thing I ever won in a lottery was:















    Results (376 votes). Check out past polls.