Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^2: LWP UserAgent - Sending Client Certificate connect to remote host

by kabachaa (Novice)
on May 14, 2013 at 18:56 UTC ( #1033531=note: print w/ replies, xml ) Need Help??


in reply to Re: LWP UserAgent - Sending Client Certificate connect to remote host
in thread LWP UserAgent - Sending Client Certificate connect to remote host

Our primary task is to use the CERTIFICATE and RSA PRIVATE KEY to connect to the host machine, once connected the host machine we need to make multiple https/http request to download some file. So there are no user level credentials that need to be verified just need to user the cert.crt file which has them the CERTIFICATE and RSA PRIVATE KEY. Thanks!


Comment on Re^2: LWP UserAgent - Sending Client Certificate connect to remote host
Re^3: LWP UserAgent - Sending Client Certificate connect to remote host
by Zzenmonk (Sexton) on May 15, 2013 at 05:43 UTC

    Hi,

    OK! It is a less sophisticated authorization scheme than the one I though of. LWP will not provide you with the appropriate feature.

    Schematically you authenticate against the openssh daemon and query the web-server afterwards. Meaning the web server shells out to the openssh daemon, captures its return code and authorizes you or not. The implementation details for Apache is here: http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#accesscontrol

    Net::SSSLeay offers a solution to your problem. Solution descrption at http://search.cpan.org/~mikem/Net-SSLeay-1.54/lib/Net/SSLeay.pod. Search for =>Using client certificates<= in the page.

    Test:Try to open an ssh session against port 443 or 80. If you get a prompt, enter GET+Return. If you see HTML on the console, you can use the module above. Do not worry if the ssh session disconnects.

    K

    The best medicine against depression is a cold beer!

      I went through the documentation for Net::SSLeay and after searching for some good examples which I couldnt find i wrote something like this. I think I am not passing the certificate correctly that why i am getting the Forbidden 403. Using curl i can make the request and get a response from the host machine with the same cert. I would really appreciate if someone could give me any pointers to what I am doing wrong. Thanks!

      curl '-i' '-k' '-H' 'tag: 6-0-2-1' '-H' 'tag2' '-E' 'ops-cert.crt' '- +-data-binary' '@request_e' '--url' 'https://host.com:443/'

      use strict; use warnings; use IO::Socket::SSL qw(debug3); use Net::SSLeay qw(get_https get_https post_https sslcat make_headers +make_form); $Net::SSLeay::ssl_version = 3; $|=1; my $host = 'host.com'; my $port = 443; my $pathCert = '/home/cert/ops-cert-O.crt'; my $pathkey = '/home/cert/keys.key'; my $result =''; my %headers = '' ; ($page, $result, %headers) = get_https($host, 443, '', '', '', '', $p +athCert, $pathkey); print $result ;

      output i get

      do_httpx3(GET,1,host.com:443) at blib/lib/Net/SSLeay.pm (autosplit int +o blib/lib/auto/Net/SSLeay/do_httpx3.al) line 1268. httpx_cat: usessl=1 (host.com:443) at blib/lib/Net/SSLeay.pm (autospli +t into blib/lib/auto/Net/SSLeay/httpx_cat.al) line 1177. Opening connection to host.com:443 (208.90.58.23) at blib/lib/Net/SSLe +ay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al +) line 449. Creating SSL 3 context... Creating SSL connection (context was '425677232')... Setting fd (ctx 425677232, con 425782688)... Entering SSL negotiation phase... Cipher list: DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA, DHE-DSS-AES256-SH +A, AES256-SHA, KRB5-DES-CBC3-MD5, KRB5-DES-CBC3-SHA, EDH-RSA-DES-CBC3 +-SHA, EDH-DSS-DES-CBC3-SHA, DES-CBC3-SHA, DHE-RSA-AES128-SHA, DHE-DSS +-AES128-SHA, AES128-SHA, KRB5-RC4-MD5, KRB5-RC4-SHA, RC4-SHA, RC4-MD5 +, KRB5-DES-CBC-MD5, KRB5-DES-CBC-SHA, EDH-RSA-DES-CBC-SHA, EDH-DSS-DE +S-CBC-SHA, DES-CBC-SHA, EXP-KRB5-RC2-CBC-MD5, EXP-KRB5-DES-CBC-MD5, E +XP-KRB5-RC2-CBC-SHA, EXP-KRB5-DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA, E +XP-EDH-DSS-DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-KRB5-RC +4-MD5, EXP-KRB5-RC4-SHA, EXP-RC4-MD5\n at blib/lib/Net/SSLeay.pm (aut +osplit into blib/lib/auto/Net/SSLeay/https_cat.al) line 1110. Cipher `DHE-RSA-AES256-SHA' Subject Name: /C=US/ST=California/L=San Bruno/O=Inc Systems/CN=host.co +m Issuer Name: /C=US/ST=California/O=Inc Systems/CN=dev-sds-host.com https_cat 32382: sending 76 bytes... write_all VM at entry=vm_unknown written so far 76:76 bytes (VM=vm_unknown) waiting for reply... got 169:0 bytes (VM=vm_unknown). got 0:169 bytes (VM=vm_unknown). Got 169 bytes. headers ><html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/0.8.54</center> </body> </html> < page >><< http >>><html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/0.8.54</center> </body> </html> <<< at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay +/do_httpx3.al) line 1275.
        $path parameter looks wrong. Root URL should be '/'. Try this:
        get_https($host, 443, '/', ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1033531]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (7)
As of 2014-10-31 06:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (215 votes), past polls