Thanks. That worked perfectly (well, actually, it failed, but that's what I wanted to happen). Is there any way for me to tell within my code which SSL has been loaded, or am I pretty much stuck having to both set the HTTPS_CA_FILE variable as well as set the IO::Socket::SSL's default context in all situations? By the way, to answer your first question, they're both installed properly, as far as I can tell (they both came with the default Red Hat installation, I think). The Crypt::SSLeay version seems to get invoked whenever mod_ssl is disabled (since setting HTTPS_CA_FILE actually works properly in those cases), and the IO::Socket::SSL version gets invoked whenever mod_ssl is enabled. Thanks again! Rich
________________________________ From: [EMAIL PROTECTED] on behalf of Marko Asplund Sent: Tue 2/14/2006 7:12 AM To: openssl-users@openssl.org Subject: Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications? On 2006-02-13, at 23.42, Richard Eggert wrote: > It seems that it first tries to load the SSL module from > Crypt::SSLeay first, and if that fails, it then tries to load > IO::Socket::SSL, which, as far as I can tell, doesn't use > HTTPS_CA_FILE (but may provide another mechanism for accomplishing > the same thing). Could it be that perhaps loading mod_ssl is > causing the load of Net::SSL to fail (symbol conflict?), resulting > in it falling back to IO::Socket::SSL (which ignores HTTPS_CA_FILE)? do you have both IO::Socket::SSL (+Net::SSLeay) and Crypt::SSLeay properly installed on the system? > Does IO::Socket::SSL provide a means for passing parameters via > LWP::UserAgent (maybe through UserAgent's constructor or one of its > other methods?)? > It definitely seems to support verification of peer certificates in > its interface, but it's unclear from the available documentation > how one does that in conjunction with LWP::UserAgent, if that's > even possible. If there is a way to do this, then an easy > workaround seems to be to simply accomodate both configuration > methods in my code. i just did some testing and with one caveat you can do it like this with IO::Socket:SSL and LWP: # NB: only works with ciphers that support certificate verification e.g. with Apache/mod_ssl: # SSLCipherSuite RSA # With some cipher suites server certificate may not be verified. use strict; use IO::Socket::SSL 0.97; use LWP::UserAgent; my $ctx = new IO::Socket::SSL::SSL_Context( SSL_verify_mode => 0x01, SSL_ca_file => 'certs/8086.pem', ); IO::Socket::SSL::set_default_context($ctx); my $ua = LWP::UserAgent->new(); my $rq = HTTP::Request->new(GET => 'https://foo.bar.int:8086/'); my $rt = $ua->request($rq); print $rt->content(); 1; br. aspa ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
<<winmail.dat>>