Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Dear fellow perl users,

Here is a problem I've been trying to tackle since about 2007. I figured maybe someone on this group might know.

I'm trying to establish some SSL connection with self signed server and client certs between server and client, to establish encrypted authentication between different bits of software. These are daemons so I use the POE library.

I managed to do what I wanted in JavaScript with node.JS:

var sslcert = fs.readFileSync('mycert.pem');
var sslkey = fs.readFileSync('mykey.pem');
var sslca = fs.readFileSync('ca.pem');
var options = { cert: sslcert, key: sslkey, ca: sslca, ... other optio
+ns ... };
options.agent = new https.Agent(options);
var req = https.request(options, function(res) {
  s = req.socket;
  if(!s.authorized) { my_callback('SSL API ERROR '+s.authorizationErro
+r); return; }
  // the remote end was OK
...

[download]

No need to expand, just to give an idea of what I'm doing. I really want to do it with perl, node isn't mature enough yet in my experience and particularly with the libs I use, whereas perl mostly is.

Now I found how to do it with perl and cURL lib, but it's synchronous single thread, and I'd have to fork a separate interpreter to handle my connections. I tried with LWP just for kicks and kept getting some negotiations errors. At least cURL worked.

Anyway, I found this module: POE::Component::SSLify. Within the options, I can set a client cert, and a client key

http://search.cpan.org/~apocal/POE-Component-SSLify-1.008/lib/POE/Component/SSLify.pm#SSLify_ContextCreate

But nowhere can I choose to verify things against a specific certificate authority or check for the cert of the server I'm connecting to.

Any ideas of how I could do that or find where to do it? Been looking on and off since 2007...

I really don't want to have to resort to porting the app to node.js to get SSL, because honestly it's a nightmare to debug and the libs are still changing, not to mention well written perl is so much cleaner than these piles of async callbacks that node imposes.

Thanks so much all in advance for your great ideas.

Cheers

Patrick Viet

In reply to Trying to get SSL with client cert to work within POE environment by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2024-04-19 07:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found