(1)
]
CPAN::Forum
IO-Socket-SSL - Client cert validation fails
| Posted on Thu Jun 21 10:48:38 2007 by jebe86 |
| Client cert validation fails |
|
Hi all,
probably this is stupid, but I can not "force" io::Socket::SSL to verify the client side of the connection.
I know certificate s are valid, because I checked hme with openss s_server... and openss s_client, and also with a simple https server.
When I try to acces the client certificates on the server, I get this:
Undefined SSL objecterror:00000000:lib(0):func(0):reason(0)
What am I donig wrong ?
Thanks for any help !
Here are the scripts:
CLIENT
use IO::Socket;
use IO::Handle;
use IO::Socket::SSL(debug2); ##to use crypto transfer
require File::Basename;
require File::Spec;
if(!($sock = IO::Socket::SSL->new(
PeerAddr => 'localhost',
PeerPort => '9502',
Proto => 'tcp',
SSL_use_cert =>'1',
SSL_verify_mode => '0x02',
SSL_key_file => 'client-new-key.pem',
SSL_cert_file => 'client-new-cert.pem',
SSL_ca_file => 'CAperDT-cacert.pem'
))) {
print "ERROR: unable to create socket: '$!'.\n";
exit(2);
}
print "connect ($sock).\n" if ($IO::Socket::SSL::DEBUG);
# check server cert.
my ($peer_cert, $subject_name, $issuer_name, $cipher);
if( ref($sock) eq "IO::Socket::SSL") {
if(($peer_cert = $sock->get_peer_certificate)) {
$subject_name = $peer_cert->subject_name;
$issuer_name = $peer_cert->issuer_name;
$cipher = $sock->get_cipher();
}
print "cipher: $cipher.\n";
print "server cert:\n". "\t '$subject_name' \n\t '$issuer_name'.\n\n";
}
$stringa = "hello";
$sock->syswrite($stringa,length($stringa));
$sock->sysread($buf, 32768);
$stringa = "exit";
$sock->syswrite($stringa,length($stringa));
exit(0);
SERVER
use File::Spec;
#use strict;
use IO::Socket::SSL;
$Local_Host = 'localhost';
my ($sock, $s, $v_mode);
if($ARGV[0] eq "DEBUG") { $IO::Socket::SSL::DEBUG = 4; }
if(!($sock = IO::Socket::SSL->new( Listen => 5,
LocalAddr => $Local_Host,
LocalPort => 9502,
Proto => 'tcp',
Reuse => 1,
SSL_verify_mode => 0x02,
SSL_key_file => 'server-new-key.pem',
SSL_cert_file => 'server-new-cert.pem',
SSL_ca_file => 'CAperDT-cacert.pem',
SSL_use_cert => '1',
SSL_error_trap=>&culo,
# SSL_ca_path => ''
)) ) {
print STDERR "unable to create socket: $!.\n";
exit(0);
}
print STDERR "socket created: $sock.\n";
open(PIDDU,">Server_DT_bbftp.pid");
PIDDU->autoflush(1);
print PIDDU $$;
print "PID $$\n";
close(PIDDU);
while (1) {
print STDERR "waiting for next connection.\n";
while(($s = $sock->accept())) {
if( ! $s ) { print STDERR "SUO ERRORE error: '$!'.\n";
next; }
my ($peer_cert, $subject_name, $issuer_name, $date, $str);
$remote_site=$s->peerhost();
print "remote $remote_site\n";
print MAIN_LOG scalar(localtime(time()))," connection from $remote_site\n";
if (ref($sock) eq "IO::Socket::SSL") {
if(($peer_cert = $sock->get_peer_certificate)) {
$subject_name = $peer_cert->subject_name;
$issuer_name = $peer_cert->issuer_name;
$cipher = $sock->get_cipher();
}
print "cipher: $cipher.\n";
print "server cert:\n". "\t '$subject_name' \n\t '$issuer_nam
+e'.\n\n";
}
else
{
print "in err $peer_cert\n";
print errstr($sock),"$SSL_ERROR AHHAHAHHAHH\n";
}
while (1) {
my $buf ="";
$s->sysread($buf,32768);
print "Read: $buf\n";
# Exit
if ($buf =~ /quit|exit/i) { $s->close(); last; }
}
# Error
else {
print "Error in input\n";
$s->close();
last;
}
}
}
}
$sock->close();
|
| Write a response |
