On 2006-02-13, at 23.42, Richard Eggert wrote:
It seems that it first tries to load the SSL module from Crypt::SSLeay first, and if that fails, it then tries to load IO::Socket::SSL, which, as far as I can tell, doesn't use HTTPS_CA_FILE (but may provide another mechanism for accomplishing the same thing). Could it be that perhaps loading mod_ssl is causing the load of Net::SSL to fail (symbol conflict?), resulting in it falling back to IO::Socket::SSL (which ignores HTTPS_CA_FILE)?
do you have both IO::Socket::SSL (+Net::SSLeay) and Crypt::SSLeay properly installed on the system?
Does IO::Socket::SSL provide a means for passing parameters via LWP::UserAgent (maybe through UserAgent's constructor or one of its other methods?)? It definitely seems to support verification of peer certificates in its interface, but it's unclear from the available documentation how one does that in conjunction with LWP::UserAgent, if that's even possible. If there is a way to do this, then an easy workaround seems to be to simply accomodate both configuration methods in my code.
i just did some testing and with one caveat you can do it like this with IO::Socket:SSL and LWP:
# NB: only works with ciphers that support certificate verification e.g. with Apache/mod_ssl:
# SSLCipherSuite RSA # With some cipher suites server certificate may not be verified. use strict; use IO::Socket::SSL 0.97; use LWP::UserAgent; my $ctx = new IO::Socket::SSL::SSL_Context( SSL_verify_mode => 0x01, SSL_ca_file => 'certs/8086.pem', ); IO::Socket::SSL::set_default_context($ctx); my $ua = LWP::UserAgent->new(); my $rq = HTTP::Request->new(GET => 'https://foo.bar.int:8086/'); my $rt = $ua->request($rq); print $rt->content(); 1; br. aspa ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
