http://www.perlmonks.org?node_id=1005065

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Dear fellow perl users,

Here is a problem I've been trying to tackle since about 2007. I figured maybe someone on this group might know.

I'm trying to establish some SSL connection with self signed server and client certs between server and client, to establish encrypted authentication between different bits of software. These are daemons so I use the POE library.

I managed to do what I wanted in JavaScript with node.JS:

var sslcert = fs.readFileSync('mycert.pem'); var sslkey = fs.readFileSync('mykey.pem'); var sslca = fs.readFileSync('ca.pem'); var options = { cert: sslcert, key: sslkey, ca: sslca, ... other optio +ns ... }; options.agent = new https.Agent(options); var req = https.request(options, function(res) { s = req.socket; if(!s.authorized) { my_callback('SSL API ERROR '+s.authorizationErro +r); return; } // the remote end was OK ...

No need to expand, just to give an idea of what I'm doing. I really want to do it with perl, node isn't mature enough yet in my experience and particularly with the libs I use, whereas perl mostly is.

Now I found how to do it with perl and cURL lib, but it's synchronous single thread, and I'd have to fork a separate interpreter to handle my connections. I tried with LWP just for kicks and kept getting some negotiations errors. At least cURL worked.

Anyway, I found this module: POE::Component::SSLify. Within the options, I can set a client cert, and a client key

http://search.cpan.org/~apocal/POE-Component-SSLify-1.008/lib/POE/Component/SSLify.pm#SSLify_ContextCreate

But nowhere can I choose to verify things against a specific certificate authority or check for the cert of the server I'm connecting to.

Any ideas of how I could do that or find where to do it? Been looking on and off since 2007...

I really don't want to have to resort to porting the app to node.js to get SSL, because honestly it's a nightmare to debug and the libs are still changing, not to mention well written perl is so much cleaner than these piles of async callbacks that node imposes.

Thanks so much all in advance for your great ideas.

Cheers

Patrick Viet

Replies are listed 'Best First'.
Re: Trying to get SSL with client cert to work within POE environment
by rcaputo (Chaplain) on Nov 22, 2012 at 17:59 UTC

    Looking through the code for POE::Component::SSLify and the underlying modules, I think you can use tied($handle)->{ssl} and tied($handle)->{ctx} to access the Net::SSLeay object and context respectively. From there, you can do whatever Net::SSLeay provides.