Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Examining SSL Certificates of SMTP hosts using Perl

by foobar1977 (Novice)
on Sep 09, 2008 at 14:55 UTC ( #710106=perlquestion: print w/replies, xml ) Need Help??
foobar1977 has asked for the wisdom of the Perl Monks concerning the following question:


I have a list of SMTP servers running TLS that I need to check certs on. I've been going around in circles trying to find a solution and think I must be missing something.

I think I need to be in Crypt::OpenSSL::X509 since I need to use the issuer, notBefore and notAfter methods its provides but Im struggling with how to extract the certificate from the SMTP server. Im happily connecting via IO::Socket::SSL but the peer_certificate/dump_peer_certificate methods dont dump the entire cert.

I can use the openssl binary and pass the output of that into Crypt::OpenSSL::X509 and do what I need from there but I dont really want to shell out and even if I go down that route there are other hurdles to overcome.

Can anyone advise on the best solution here.

Thanks in advance.
  • Comment on Examining SSL Certificates of SMTP hosts using Perl

Replies are listed 'Best First'.
Re: Examining SSL Certificates of SMTP hosts using Perl
by mr_mischief (Monsignor) on Sep 09, 2008 at 15:42 UTC
    I can't tell you the exact solution, but I had a quick look at your problem and I'll make some suggestions where you might want to look deeper.

    IO::Socket::SSL uses Net::SSLeay as its wrapper around OpenSSL. The POD for the latter says it doesn't have a complete x509 interface and that dump_peer_certificate returns "selected" information.

    There is a low-level routine in Net::SSLeay called sslcat that does more general things, including grabbing the whole certificate.

    Perhaps using the lower-level Net::SSLeay stuff will get you a certificate you can save to a temp file and specify to Crypt::OpenSSL::X509. I haven't tried it, but that's where I'd start based on the docs for these three modules.

      See the QuickRef in the Net::SSLeay package for more details, but you could get the X509 certificate by smth like this: Net::SSLeay::PEM_get_string_X509( $CLIENT->peer_certificate() ). $CLIENT->peer_certificate() returns integer number which represents a certificate from the cert-store
Re: Examining SSL Certificates of SMTP hosts using Perl
by Anonymous Monk on Sep 09, 2008 at 16:14 UTC
    Expanding mr_mischief's answer, I'd also suggest to take a look to the certificate verification facilities that Net::SSLeay gives you.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://710106]
Approved by Arunbear
Front-paged by Tanktalus
[Lady_Aleena]: I'm glad I've sort of learned command line grep so I can find where and how I've used this sub.
[Lady_Aleena]: Having to rewrite some parts of my site for mobile devices is such a pain in the butt.
[shmem]: Lady_Aleena: what editor are you using, on what platform?

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2017-04-27 11:58 GMT
Find Nodes?
    Voting Booth?
    I'm a fool:

    Results (504 votes). Check out past polls.