I am trying to open an SSL connection with Client Authentication using Crypt::SSLeay.
What works fine is specifying environment variables HTTPS_CERT_FILE and HTTPS_KEY_FILE. Unfortunately the keyfile has to be unencrypted (there seems to be no no password mechanism for HTTPS_KEY_FILE). When I try to use HTTPS_PKCS12_FILE and HTTPS_PKCS12_PASSWORD, Crypt::SSLeay seems to be unable to open the PKCS12 file. On calling use_pkcs12_file it returns an error "No such file or directory" (though strace reveals that the file exists and is opened). This is what I do: ########################################################## $ENV{HTTPS_PKCS12_FILE} = '/home/gellert/test-cert.p12'; $ENV{HTTPS_PKCS12_PASSWORD} = 'test'; $ENV{HTTPS_VERSION} = 3; $ENV{HTTPS_DEBUG} = 1; require Crypt::SSLeay; sub _default_context { require Crypt::SSLeay::MainContext; Crypt::SSLeay::MainContext::main_ctx(@_); } my $ctx = _default_context(23); $file=$ENV{HTTPS_PKCS12_FILE}; $ctx->use_pkcs12_file($file ,$pass) || die("failed to load $file: $!"); ################################################################# This is the output of the script: ################################################################# ./test.pl failed to load /home/gellert/test-cert.p12: No such file or directory at ./test.pl line 27. ################################################################# And this is what strace says... ################################################################# open("/etc/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory) open("/home/gellert/test-cert.p12", O_RDONLY) = 3 [...] read(3, "0\202\n\351\2\1\0030\202\n\257\6\t*\206H\206\367\r\1\7\1\240\202\n\240\4\202\n\2340\202"..., 4096) = 2797 close(3) = 0 munmap(0x7f448c5fd000, 4096) = 0 write(2, "failed to load /home/gellert/tes"..., 149failed to load /home/gellert/test-cert.p12: No such file or directory at ./test.pl line 27. ################################################################# The PKCS12 file was generated using OpenSSL, so this should work... By the way: Funny that use_pkcs12_file() still tries to open /etc/ssl/cert.pem, even if a certificate file is specified... Any idea? Or can I work around this using PEM-key and certificate (but the key has to be encrypted)... Cheers, Olaf -- Olaf Gellert email gell...@dkrz.de Deutsches Klimarechenzentrum GmbH phone +49 (0)40 41173 214 Bundesstrasse 55 fax +49 (0)40 41173 270 D-20146 Hamburg, Germany www http://www.dkrz.de ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org