On Sat, Jan 30, 1999 at 12:13:12PM +0100, Ralf S. Engelschall wrote:
>
>In article <[EMAIL PROTECTED]> you wrote:
>
>> I want to be able to automatically log into a website and interact with the
>> logged in, secure website. Unfortunately, it is 'protected' with one of those
>> automatic login/password 'authorization' type boxes. How do you get around
>> them?
>
>You can't get around them, of course. All you can do is, when you're using a
>batch-client, to automatically send the basic auth ingredients with the
>requests. When you're using Netscape or Explorer you have to type in the
>password at the first request (those browsers don't store it over GUI
>sessions).
Netscape allows one to enter a URL that looks like the following:
https://user:[EMAIL PROTECTED]/htaccessdirectory
where user:password is the 'automatic sending of the basic auth ingredients'
you talk about. This bypasses the user/password box, and automatically logs in.
So how do you do this in straight OpenSSL, and Net::SSLeay? (This is the FAQ I
was talking about - giving a code example for this.)
>
>> And how do you get around the timeouts (ie: when someone has been logged
>> in to a site for 5 mins, the site logs you out).
>
>"Logged out?" A website doesn't you log out like a shell. What exactly do you
>mean?
Some servers have a mechanism that forces you to go through the login process
again if you have been idle for so much time, like a half an hour. I'm not sure
what constitutes 'activity' on that website to postpone this error message - I
guess I'm asking about common ways to make an automated process convince the
server that in fact interaction *is* going on so that this does not occur.
Probably another FAQ.
>> Also, I don't want to have to get a certificate every single time I log in to
>> a secure site... does openssl cache them for you?
>
>When your browser connects to the secured website it either gets the server
>certificate within the full handshake or can resume a previously session
>(where no certificate is transferred). But usually because the certificate is
>transferred and verified doesn't mean you've to worry about this. The only
>time it can be annoying is when the client cannot verify the server cert (it
>lacks information about the CA) the verification dialog pops up. But that's
>then another problem...
I guess this is another FAQ that could be answered - how to deal with
verification. A general overview would be nice as well: as far as I can see it,
there are three possible uses for OpenSSL - on the server side, on the client
side, and for generating certificates. A summary of each of these roles and
in both generic and specific terms on how they work would help immensely to
those who want to use OpenSSL.
Thanks much,
Ed
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
