SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL3 alert read:fatal:unknown CA SSL_connect:failed in SSLv3 read finished A -----END OUTPUT-----
It seems that I need to find a way to include the equivalent of -CAfile, but the only option I have seen for Crypt::SSLeay that even mentions CAs relates to client verification of the server's cert:
# CA CERT PEER VERIFICATION $ENV{HTTPS_CA_FILE} = 'cacerts.pem'; # This does not work #$ENV{HTTPS_CA_DIR} = 'certs/';
Anyone have any ideas? I am willing to dive in somewhere and patch if I can, but I need some hand-holding to start since the code involved appears to me as deep magic.
I believe that both HTTPS_CA_FILE and HTTPS_CA_DIR need to be set correctly for the CA to be verified. So if cacerts.pem is a file in the currrent directory when you are running your script, you might set HTTPS_CA_DIR to ./ for example.
If the HTTPS_CA_FILE needs to be used in some other way to facilitate the HTTPS_CERT_FILE verification, I am not sure how that would be done, but you might ask on the openssl-users mailing list listed here:
http://www.openssl.org/support/
If there is some openssl function that should be called in particular to help set up the connection with this CA_FILE, we might be able to patch Crypt::SSLeay to do what you need. The relevant files for this would be SSLeay.xs which creates the glue to the OpenSSL functions, and lib/Net/SSL.pm which is the actual perl library that calls the configure_certs() setup routine.
Regards,
Josh
________________________________________________________________________ Josh Chamas, Founder | NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
