Re: LWP::UserAgent, Crypt::SSLeay, Net::LDAPS, IO::Socket::SSL
Jacinta Alice Richardson wrote:
> Dear Gisle Aas author of libwww-perl
> Joshua Chamas author of Crypt::SSLeay
> Graham Barr author of perl-ldap and
> Marko Asplund author of IO::Socket::SSL
>
> First of all, I'd like to say thanks for writing a great set of packages
> and releasing them to CPAN for the good of all.
>
> I'm writing to you today due to a problem I have had when trying to use
> these packages in combination, specificially I was trying to use
> LWP::UserAgent for HTTP SSL connections as well as Net::LDAPS for LDAP SSL
> connections in the same application. To the best of my knowledge these
> both rely on IO::Socket::SSL.
>
Please post messages such as this in the future to [EMAIL PROTECTED]
which is the LWP support mailing list. Posting such questions
directly to authors is less good for all of us usually. You just
happened to catch me at a good time, but this is not normally
the case! :)
The problem here I believe is IO::Socket::SSL not working with
LWP to connect to your web site, where Crypt::SSLeay does.
With perl 5.8, & recent IO::Socket::SSL & LWP, openssl 0.9.6d,
I was not able to connect to https://www.nodeworks.com, but when
using Crypt::SSLeay instead of IO::Socket::SSL, I was.
Net::LDAPS loads IO::Socket::SSL on the back end it seems,
so if you use the former, LWP will try to use IO::Socket::SSL
for its https connections.
To work around this problem for the moment, you might
undef $IO::Socket::SSL::VERSION
$IO::Socket::SSL::VERSION = undef;
AFTER you load Net::LDAPS or IO::Socket::SSL ( might as well
"use IO::Socket::SSL" explicity ). This work around however would
break as soon as LWP detects IO::Socket::SSL a different way.
A better long term fix is for LWP & IO::Socket::SSL to work
on your platform. It did not on mine. Getting IO::Socket::SSL
to work is not something I will try, but you are more than
welcome to dive into the code & send a patch to the author
if you find the problem.
Regards,
Josh
Josh Chamas, Founder phone:714-625-4051
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checkinghttp://www.nodeworks.com
> My problem was the following:
>
> My current job at work is to alter a very successful student service site
> to play nicely with a portal we've just bought.
>
> Currently we require the students to submit their PIN with every change to
> their details and hope that that can be avoided with the portal. The first
> time that the student comes in from the portal they'll hit a basic auth
> page and submit their username and password. From then on the portal will
> submit their details to my site and no further PIN or password will be
> needed.
>
> Unfortunately their username will not be their student number, so I need
> to make an LDAP query to our LDAP server to get their student number based
> on their username. This is easy, I'm using perl-ldap version 0.26. (I did
> try perldap but had too much trouble getting it to install on our alpha
> machine).
>
> The machine that our (Forte) database (with all the student's course
> details etc) is on is different from where we host the student service.
> Access for information and updates for changes are made by web requests
> over SSL. This is easy, I'm using the libwww-perl libraries version 5.65.
>
> My problem is that I can very easily get the student's student number from
> LDAP or I can very easily access Forte, but for some reason I can't do
> both.
>
> Originally my code looked like this (heavily simplified):
>
> ### Forte.pm
> package Forte;
> use LWP::UserAgent;
>
> $ENV{HTTPS_VERSION} = '3';
> $ENV{HTTPS_CERT_FILE} = "some.crt";
> $ENV{HTTPS_KEY_FILE} = "some.key";
>
> sub callforte
> {
> ...
> my $ua = new LWP::UserAgent;
> my $req = new HTTP::Request("POST", "$url");
> ...
> my $res = $ua->request($req);
> ...
> }
>
> #--
> ### LDAP.pm
> package LDAP;
> use Net::LDAPS;
>
> sub LDAP_connect
> {
>
> my $conn = new Net::LDAPS($LDAPhost,
> port=>$LDAPport,
> clientcert=>$cert,
> clientkey=>$key);
>
> }
>
> sub get_student_number
> {
> LDAP_connect();
> ...
> my $entry = $conn->search(filter=>"(uid=$username)",
>
Mailing list support for Crypt::SSLeay
Hey, I have been officially supporting Crypt::SSLeay on the openssl users list, but it seems that the traffic for its use is higher here naturally. ( go figure, it has little use outside of LWP :) ) So how about I direct users to this list for official Crypt::SSLeay support? Naturally, I will respond to posts especially involving Crypt::SSLeay. Regards, Josh
[ANNOUNCE] Crypt::SSLeay .45
Hey, I just posted Crypt::SSLeay .45 to PAUSE, will be in CPAN next day or so. Crypt::SSLeay is one of the modules that can be used to handle https requests for LWP. Here are the recent changes: + PKCS12 certificate support, patch submitted by Beni Takahashi, author of patch Daisuke Kuroda + Fixing compile warnings on Solaris 8/Sparc with Forte 7.0 about implicit conversions and implicit declarations. Thanks to Marek Rouchal for bug report. Thanks, Josh
Re: memory leak in Crypt::SSLeay
Pavel Hlavnicka wrote: Hi all, I'm not 100% sure, this is the best place to announce my discovery, but it will find the right person here, I hope. I met the significant memory leak in the Crypt::SSLeay, as I was using LWP HTTPS connection with the client certificate in PKCS12 format. I will look at integrating this patch for the next release & will followup with any question/testing/etc. BTW. what about HTTPS connection timeouts? :) There are many questions about this and no good answers. From my point of view, this is a pretty though issue, preventing many users to design robust applications (mainly for automated machin-e to machine communications). Crypt::SSLeay should honor timeouts set. What it actually does is use alarm() to alarm in $socket->timeout / 2... the reason is that Net::SSL on the backend will actually try up to 3 different SSL version connection (v23, v3, v2), so it leaves room for 2 such connection attempts in the time in a kind of averaging. Do you find that Crypt::SSLeay does not timeout well enough for your application development needs? If you are using LWP::UserAgent, does $ua->timeout(15) not work well? Regards, Josh ________ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checkinghttp://www.nodeworks.com
Re: memory leak in Crypt::SSLeay
Pavel Hlavnicka wrote: Josh, this is just a reminder message. What about timeouts? (see the recent messages in this thread). To be honest, the fact the timeout never happens for https connection is a real nightmare for me. I've designed mission critical solution using LWP, and from time to time something happens (firewall resart?), and connection gets never closed. Just to close this thread on the [EMAIL PROTECTED] list, I have just sent a test version to Pavel for Crypt::SSLeay .47 which should have the timeout working in Net::SSL->read(). Net::SSL->connect() already respected timeouts, so this make things better. Hopefully, I will have uploaded this new release to CPAN in the next week. Regards, Josh ____ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checkinghttp://www.nodeworks.com
Re: how to fetch https pages
Lance wrote: "Lance" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... OK, I finally found out why Crypt-SSLeay won't install. It is a Solaris-only module! I used 'describe Crypt-SSLeay' in ppm3 to find this out. So the next question is: How can I use my perl script to read https pages? I keep getting a 501 http error code - protocol not available. The LWP docs say to use Crypt-SSLeay, btw. But no alternatives. Check with ActiveState to see what Crypt::SSLeay builds they packages for ppm for which ActivePerls... sometimes its just a matter of using the right ActivePerl build #. I don't know why their support of Crypt::SSLeay has been splotchy, you would think it would be part of their automated build processes by now. If you want to have a go at installing / compiling OpenSSL yourself & Crypt::SSLeay, read the OpenSSL win32 installation instructions in particular. You will need a compiler, preferrably MS VC++ 6, but it compiles & installs fine. ( I just did it in the past couple weeks ). If you are on a unix platform & not win32, then installation of openssl & Crypt::SSLeay it typically as easy as compiling & installing any other software. Regards, Josh ____ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checkinghttp://www.nodeworks.com
Re: [Crypt::SSLeay] Peer certificate not verified problem
Sterin, Ilya wrote:
Crypt::SSLeay version .49.
I'm having an issue with receiving a result of...
stuff before
Client-SSL-Cipher: EDH-RSA-DES-CBC3-SHA
Client-SSL-Warning: Peer certificate not verified
stuff after
response from a server. The weird thing is that it used to work about a
week ago, and I don't remember making any upgrades, etc...
Whether or not you are doing any peer cert verification, LWP will
add that Client-SSL-Warning header to the response output. I had
submitted a patch a while back that would fix this in LWP, I think
at least a couple times, and have given up. Just know that if you
are doing peer cert verification with configs like:
# CA CERT PEER VERIFICATION
$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
$ENV{HTTPS_CA_DIR}= 'certs/';
Then it will work, or throw an error like:
SSL negotiation failed: error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed
The patch I had submitted this before for LWP was:
[EMAIL PROTECTED] libwww-perl-5.64]# diff -u lib/LWP/Protocol/https.pm.old
lib/LWP/Protocol/https.pm
--- lib/LWP/Protocol/https.pm.old Fri Nov 16 18:10:28 2001
+++ lib/LWP/Protocol/https.pm Mon Mar 18 12:38:37 2002
@@ -34,7 +34,9 @@
$res->header("Client-SSL-Cert-Subject" => $cert->subject_name);
$res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name);
}
-$res->header("Client-SSL-Warning" => "Peer certificate not verified");
+if(! eval { $sock->get_peer_verify }) {
+ $res->header("Client-SSL-Warning" => "Peer certificate not verified");
+}
}
Regards,
Josh
Josh Chamas, Founder phone:925-552-0128
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checkinghttp://www.nodeworks.com
Re: Crypt::SSLeay usage with openssl engines
Gilad Finkelstein wrote: Hi, My final goal is to run LWP over Crypt::SSLeay where the crypto operations are done via a standard pkcs#11 engine supported in openssl 0.97 I am now modifying the submitted pkcs#11 openssl engine (trustway-pkcs11-openssl-0.9.7.patch.gz) to accommodate any standard SmartCard or crypto hardware via the pkcs#11 interface. I have looked in the code of Crypt::SSLeay and found no such support for openssl engines (or am I wrong ) Crypt::SSLeay does not explicitly support any openssl engines, however that is not to say that it would not work with them or not. It uses the openssl APIs, so I imagine that since those APIs know how to use the engine, then it will all work together nicely. To see for yourself, once you have the openssl engine done, try to build & run Crypt::SSLeay against it. Regards, Josh ____ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checkinghttp://www.nodeworks.com
Re: HTTPS requests and PKCS12 keybags
Svein E. Seldal wrote:
Hello,
I'm using your Crypt::SSLeay, and I'm very happy this works. Thank you
very much for this!!
We have this intraweb-server that requires the clients to be
authenticated with the means of client certificates. These client
certificates are distributed to the users in PKCS12 keybags. Each bag
contains the user's private key, the user's cert, the web-server cert
and the CA's cert.
1) Is the PEM pass phrase password dialogue (when $ENV{HTTPS_KEY_FILE}
is used) safe? Is it stored in any enviromentvariable which make it unsafe?
I have been testing Crypt::SSLeay with PKCS12 files mentioned abover,
but it doesnt seem to work unless you specify the
$ENV{HTTPS_PKCS12_PASSWORD}. No password input dialogue is show. Nor do
I want to create my own password input routine, and store it in this
environment variable because of the security issues involved.
Sorry, since this message did not have Crypt::SSLeay in the subject,
I missed it earlier, but just saw it now in the archives.
With regards to the security issue of setting something in %ENV,
you might try
local $ENV{HTTPS_PKCS12_PASSWORD} = ...
It may be that this will not actually set this in such a way as there
may be a security risk, I am not sure.
There is a limit in the message passing interface down to Net::SSL
of Crypt::SSLeay, mostly because we have never had a nice API to pass
arguments down through LWP to the Net::SSL object that gets created.
So we pass all the configuration through %ENV unfortunately.
Regards,
Josh
____
Josh Chamas, Founder phone:925-552-0128
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checker http://www.nodeworks.com
Re: LWP over SSL - How to send identification certificate
[EMAIL PROTECTED] wrote:
I have added SSL support to my libwww and I am able to download some
sites with the LWP::UserAgent. The problem is that there is a site that
needs me send a certificate for identification otherwise I get the
response:
Failed: 500 SSL negotiation failed: error:1406D0FD:SSL
routines:GET_SERVER_HELLO:unknown remote error type
Please notice that when I use the browser IE for that URL, it prompts
me with that client authentication window: "The web site you want to
view request identification. Select the certificate to use when
connecting." Then I can put the certifcate file there and have the
browser retrieve the page.
My question is, how can I send a certificate to a server along with
with my form post? Thanks a lot for the help.
If you are using Crypt::SSLeay for SSL, then check out the "perldoc Crypt::SSLeay"
You will find these settings described which may be useful:
# CLIENT CERT SUPPORT
$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
# CA CERT PEER VERIFICATION
$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
$ENV{HTTPS_CA_DIR}= 'certs/';
# CLIENT PKCS12 CERT SUPPORT
$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
Regards,
Josh
Josh Chamas, Founder phone:925-552-0128
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checker http://www.nodeworks.com
Re: LWP over SSL - How to send identification certificate
[EMAIL PROTECTED] wrote:
Josh,
Thank you a lot for replying.
I went through the perldoc and did the following:
1. copy the certificates in a directory under the html
2. set the ENV variables,
export HTTPS_CA_FILE=/certs/wbmQA_cert.cer
export HTTPS_CA_DIR=/certs/
3. set the debug mode
Is ther a way to tell from the output below what went wrong?
I think you wanted to use these for client site cert...
# CLIENT CERT SUPPORT
$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
The CA stuff is to verify the server cert.
--Josh
Thanks again
===OUTPUT
SL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Failed: 500 SSL negotiation failed: error:1406D0FD:SSL
routines:GET_SERVER_HELLO:unknown remote error type
500 (Internal Server Error) SSL negotiation failed: error:1406D0FD:SSL
routines:GET_SERVER_HELLO:unknown remote error type
Client-Date: Tue, 09 Sep 2003 22:41:09 GMT
==
[EMAIL PROTECTED] wrote:
I have added SSL support to my libwww and I am able to download
some
sites with the LWP::UserAgent. The problem is that there is a site
that
needs me send a certificate for identification otherwise I get the
response:
Failed: 500 SSL negotiation failed: error:1406D0FD:SSL
routines:GET_SERVER_HELLO:unknown remote error type
Please notice that when I use the browser IE for that URL, it
prompts
me with that client authentication window: "The web site you want
to
view request identification. Select the certificate to use when
connecting." Then I can put the certifcate file there and have the
browser retrieve the page.
My question is, how can I send a certificate to a server along with
with my form post? Thanks a lot for the help.
If you are using Crypt::SSLeay for SSL, then check out the "perldoc
Crypt::SSLeay"
You will find these settings described which may be useful:
# CLIENT CERT SUPPORT
$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
# CA CERT PEER VERIFICATION
$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
$ENV{HTTPS_CA_DIR}= 'certs/';
# CLIENT PKCS12 CERT SUPPORT
$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
Regards,
Josh
Josh Chamas, Founder phone:925-552-0128
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checker http://www.nodeworks.com
Re: LWP over SSL - How to send identification certificate
[EMAIL PROTECTED] wrote:
Thanks for all the help.
This SSL deal is making a lot more sense to me right now. I have added
the following lines to my perl code:
$ENV{'HTTPS_DEBUG'} = 1;
$ENV{'HTTPS_CERT_FILE'} = '/usr/share/ssl/certs/pub_test.crt';
# $ENV{HTTPS_KEY_FILE} = # I don't have. Hopefully is not needed
It still fails. Line 12 of the output says "bad certificate". I am
wondering is there is a way to make sure that the UserAgent is actualy
sending out my certificate file pub_test.crt?
I think you need both the KEY and the CERT, at least that's what I have
always done when testing this. If anyone knows differently, I hope
they can say so now!
You can check the function call Net::SSL::configure_certs and add
some debug code to make sure its being loaded, but it likely is.
You can run your perl program under strace of some equivalent to
make sure the file is really being read.
Regards,
Josh
________
Josh Chamas, Founder phone:925-552-0128
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checker http://www.nodeworks.com
Re: [Crypt::SSLeay] compilations errors on Solaris 2.8
Jon Frazier wrote: I have been attempting to compile this module on solaris 2.8 with no luck at all. Perl 5.6.1 gcc 3.3, 3.03 openSSL 0.9.7 Here is the log of the make I'm not sure what more to include. gcc -c -I/usr/local/ssl/include -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O-DVERSION=\"0.51\" -DXS_VERSION=\"0.51\" -fPIC -I/usr/local/lib/perl5/5.6.1/sun4-solaris/CORE SSLeay.c In file included from /usr/local/lib/perl5/5.6.1/sun4-solaris/CORE/perl.h:426, from SSLeay.xs:13: /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.3/include/sys/types.h:27:26: sys/isa_defs.h: No such file or directory Yep, something seems broken, but I suspect your perl installation rather than anything else. If you suspect it could be Crypt::SSLeay, I know I could compile at least old versions of the module on Solaris 2.6, so you might try to compile older versions from Backpan, which you can get here: http://backpan.cpan.org/modules/by-authors/id/C/CH/CHAMAS/ If an older version can compile it, but the more recent ones can't, it would be useful to know up through which version you got to compile so I could see the differences in the build process being used. Regards, Josh ________ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com
Re: [Crypt::SSLeay] cert auth verification and versions of Crypt::SSLeay
Michael Slade wrote: Okay, so I've figure out what the problem was with cert verification. Someone please apply that patch :P Meanwhile, a certain module I've written that uses Crypt::SSLeay will need to work rather securely. And I've noticed at least one version (0.23, I think) that doesn't properly verify certs - I gave it a fake cert and it didn't even hiccup. So which versions properly verify certs? Is there a CVS server somewhere?... If you would like to send me a patch for .51, that would be fine. You can find .51 at: http://www.cpan.org/modules/by-module/Apache/CHAMAS/ It looks like cert support was added back in .25 & fixed in .27. Regards, Josh ____ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com
Re: Crypt::SSLeay installation problem
Carl wrote: Okay I'll try to give as detailed run down as I can. I have a RedHat 7.2 box with the redhat perl rpm (latest errata) installed. The system has openssl-0.9.6k compiled from source with the glibc patch. The openssl has been compiled with rsaref20.1996 following the mod_ssl guideline. It has also been tested without rsaref. with rsaref it is compiled as such: config no-idea -L`pwd`/../rsaref2.0/local rsaref -fPIC --prefix=/usr --openssldir=/usr/openssl without rsaref it is compiled as such: config --prefix=/usr --openssldir=/usr/openssl Try a installation without rsaref... ( why do you need it anyway? just curious ) Try doing just a ./config --openssldir=/usr/local/ssl As that is one of the search paths that Crypt::SSLeay can deal with normally. Try compiling/installing to a new directory that has not been used before as there may be some conflicts with prior existing libraries in the destination you are installing to. If you suspect the latter, ./config with --shared option to build shared libraries too. Regards, Josh Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com
Re: problems with the HTTPS support within LWP
Mueller-Lynch Thomas wrote: Hello, I've got problems with the HTTPS support within LWP In case of requesting an HTTPS document I'll get the message: My Script looks like: use LWP::UserAgent; $url = "https://testserver.siemens.de <https://testserver.siemens.de> "; my $ua = LWP::UserAgent->new; my $req = HTTP::Request->new(GET => $url); This happens only within a webpage (webpage as a https proxy) - if I run the script from the command line everything works fine. I'm using perl v 5.6.1 Build 635 (no extra modules) Can anyone help? You need to make sure that the perl executing the web page is the same as from the command line. With mod_perl, this should happen automatically when you build it unless your user perl is different than your system perl. If this is CGI mode web page, try `which perl` from your command line and use that one explicitly in your #! CGI script line. Regards, Josh ____ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com
Re: [Crypt::SSLeay] server certificate validation
Pavel Hlavnicka wrote: Hi all (namely Josh :), I need to perform some server certificate validation with LWP. a) server cert must be issued by known CA (I have list of CA certs) b) must not be expired c) CN must match a server name Sorry for not getting back to you for so long Pavel. This email got buried, and it got hectic around the holidays this year. :-( I hope my response is still helpful for you at this late date... I do not care for CRL's. What I can see looking into SSLeay.xs is that if environment is set following is called: SSL_CTX_load_verify_locations(ctx,CAfile,CAdir); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); I tried to get some more info on these calls in openssl documentation/source, but it was not really helpful. Could you tell me what kind of checks is performed in such case? I believe this just does the verification that you wanted in (a) where the server cert is being checked against known CA's. set_verify is called in Net::SSL::connect - perhaps it should be handy, if the callback functions might be given in some way which would be passed into SSL_CTX_set_verify to get a better control over a validation phase. If you actually work with the Net::SSL interface directly, please see API example usage in script net_ssl_test in distribution, and you get get the info you need to satify checks for (b) and (c). my $cert = Net::SSL->new(@args)->get_peer_certificate; my $expires = $cert->not_after; my $subject = $cert->subject_name; my $cn = ($subject =~ /CN=[^/]+/s); The Net::SSL interface is not formally documented however, as Crypt::SSLeay is just being maintained to work with LWP in particular. Maybe its time I document this? Regards, Josh ________ Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: Crypt::SSLeay & client certificates
Sean Evans wrote:
Is this the right list for this question?
This is the right place, but if you don't get an answer here, I would
try the OpenSSL users list, as there might be some more experience
working with the PKCS12 cert format there, and the associated problems
when taking a certificated loaded into Netscape 7.1.
You can find the OpenSSL users list at http://www.openssl.org/support/
Regards,
Josh
Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com
Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com
http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Sean Evans wrote on 4/5/2004, 9:22 AM:
> Good day to everyone,
>
> I need to scrape some data from an HTTPS site that requires client
> certificates for authentication. I am able to access the site with a
> certificate loaded in Netscape 7.1, so I exported the certificate (there
> are two actually, one for encrypting and one for signing, not sure if
> this matters) to PKCS12 and tried the following:
>
> __BEGIN__
> use strict;
> use LWP::UserAgent;
> # DEBUGGING SWITCH / LOW LEVEL SSL DIAGNOSTICS
> $ENV{HTTPS_DEBUG} = 1;
> # DEFAULT SSL VERSION
> $ENV{HTTPS_VERSION} = '3';
>
> # CLIENT PKCS12 CERT SUPPORT
> $ENV{HTTPS_PKCS12_FILE} = 'test.p12';
> $ENV{HTTPS_PKCS12_PASSWORD} = 'password';
>
> my $ua = new LWP::UserAgent;
> my $req = new HTTP::Request('GET', 'https://example.com');
> my $res = $ua->request($req);
> print $res->status_line."\n";
> __END__
>
> Here's the debug output I get:
>
> __BEGIN__
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read finished A
> SSL_connect:SSL renegotiate ciphers
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server certificate request A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client certificate A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write certificate verify A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL3 alert read:fatal:certificate unknown
> SSL_connect:failed in SSLv3 read finished A
> 500 read failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown | error:140940E5:SSL routines:SSL3_READ_BYTES:ssl
> handshake failure
> __END__
>
>
> I'm running on ActiveState 5.8 using Crypt::SSLeay from theoryx5. Could
> anyone tell me what I'm doing wrong?
>
> --
> Sean Evans
>
Re: [Crypt::SSLeay] make test failed Can't load ........... SSLeay.so
vinita vigine MURUGIAH wrote: [EMAIL PROTECTED] Crypt-SSLeay-0.51 [2:128] make test PERL_DL_NONLAZY=1 /usr/local/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/net_sslCan't load '/mount/autofs/home_tech/vinita/.cpan/build/Crypt-SSLeay-0.51/blib/arch/auto/Crypt/SSLeay/SSLeay.so ' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: relocation error: file /mount/autofs/home_tech/vinita/.cpan/build/Crypt-SSLeay-0.51/blib/arch/auto/Crypt/SSLeay/SSLeay.so: symbol __umoddi3: referenced symbol not found at /usr/local/apps/perl-5.8.1/lib/5.8.1/i86pc-solaris/DynaLoader.pm line 229. This might very well be that you need /usr/local/apps/openssl-0.9.7c/lib in your environment LD_LIBRARY_PATH setting. Its been a while for me on Solaris, but I think that is the setting you need. I am not sure why this is not in the build notes for Crypt::SSLeay, but if this is the fix for you, please let me know. When you set this in your shell, make sure to export it as well. If this is not the fix for you, then please let me know that too :-) __umoddi3 seems familiar to me, so we'll probably figure this out. Regards, Josh ________ Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: [Crypt::SSLeay] How do I send the chain?
Sean Evans wrote:
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:unknown CA
SSL_connect:failed in SSLv3 read finished A
-END OUTPUT-
It seems that I need to find a way to include the equivalent of -CAfile,
but the only option I have seen for Crypt::SSLeay that even mentions CAs
relates to client verification of the server's cert:
# CA CERT PEER VERIFICATION
$ENV{HTTPS_CA_FILE} = 'cacerts.pem'; # This does not work
#$ENV{HTTPS_CA_DIR}= 'certs/';
Anyone have any ideas? I am willing to dive in somewhere and patch if I
can, but I need some hand-holding to start since the code involved
appears to me as deep magic.
I believe that both HTTPS_CA_FILE and HTTPS_CA_DIR need to be set correctly
for the CA to be verified. So if cacerts.pem is a file in the currrent
directory when you are running your script, you might set HTTPS_CA_DIR
to ./ for example.
If the HTTPS_CA_FILE needs to be used in some other way to facilitate
the HTTPS_CERT_FILE verification, I am not sure how that would be done,
but you might ask on the openssl-users mailing list listed here:
http://www.openssl.org/support/
If there is some openssl function that should be called in particular
to help set up the connection with this CA_FILE, we might be able to
patch Crypt::SSLeay to do what you need. The relevant files for this
would be SSLeay.xs which creates the glue to the OpenSSL functions,
and lib/Net/SSL.pm which is the actual perl library that calls the
configure_certs() setup routine.
Regards,
Josh
____
Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com
Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com
http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: [Crypt::SSLeay] compile problems on HP-UX
Chok, Melven wrote: Hello, /psoft/scripts/lwp/Crypt-SSLeay-0.51(NO SID)$ make I'm trying to compile on HP-UX B.11.11 U 9000/800 and I'm getting this error. Would you be able to shed some light as to what happened? ... The perl installation on this machine is /apps/perl and the installation of openssl-0.9.7d is in /apps/openssl I've modified the Makefile.PL with these changes Without modifying the Makefile.PL, I would try running it as: perl Makefile.PL /apps/openssl Your openssl should be built like: ./config --openssldir=/apps/openssl Try these things and see if you get the same problems. Regards, Josh ________ Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: [Crypt::SSLeay] make test fails: undefined symbol: EVP_MD_CTX_init
Michael Beckmann wrote: Greetings, I am trying to install Crypt::SSLeay on a Red Hat Linux 8.0. I updated OpenSSL to 0.9.7d. Perl version is 5.8.3. Both updated from source. Other modules seem to work smoothly, but I haven't figured out how to solve this problem. I appreciate any suggestions. This might be the kind of thing that happens with openssl system libraries get updated incorrectly. You might try this from the README INSTALL notes for Crypt::SSLeay: If you are planning on upgrading the default OpenSSL libraries on a system like RedHat, not that I would recommend this, then you might try something like: > ./config --openssldir=/usr --shared Personally, I would recommending building a new openssl into /usr/local and using that one. Regards, Josh Thanks, Michael # perl Makefile.PL Found OpenSSL (version OpenSSL 0.9.7) installed at /usr Which OpenSSL build path do you want to link against? [/usr] BUILD INFORMATION ssl dir:/usr libraries: -lssl -lcrypto -lgcc -lRSAglue -lrsaref include dir:/usr/include -I/usr/kerberos/include ssl header: openssl/ssl.h ssl candidate: /usr; /usr/include/openssl; OpenSSL 0.9.7 Checking if your kit is complete... Looks good Note (probably harmless): No library found for -lgcc Note (probably harmless): No library found for -lRSAglue Note (probably harmless): No library found for -lrsaref Writing Makefile for Crypt::SSLeay # make cp lib/Crypt/SSLeay/X509.pm blib/lib/Crypt/SSLeay/X509.pm cp lib/Net/SSL.pm blib/lib/Net/SSL.pm cp SSLeay.pm blib/lib/Crypt/SSLeay.pm cp lib/Crypt/SSLeay/MainContext.pm blib/lib/Crypt/SSLeay/MainContext.pm cp lib/Crypt/SSLeay/Conn.pm blib/lib/Crypt/SSLeay/Conn.pm cp lib/Crypt/SSLeay/CTX.pm blib/lib/Crypt/SSLeay/CTX.pm cp lib/Crypt/SSLeay/Err.pm blib/lib/Crypt/SSLeay/Err.pm /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.3/ExtUtils/typemap -typemap typemap SSLeay.xs > SSLeay.xsc && mv SSLeay.xsc SSLeay.c cc -c -I/usr/include -I/usr/kerberos/include -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O -mcpu=pentium4 -DVERSION=\"0.51\" -DXS_VERSION=\"0.51\" -fpic "-I/usr/lib/perl5/5.8.3/i686-linux/CORE" SSLeay.c cc1: warning: changing search order for system directory "/usr/include" cc1: warning: as it has already been specified as a non-system directory SSLeay.xs: In function `XS_Crypt__SSLeay__Conn_new': SSLeay.xs:252: warning: passing arg 2 of `SSL_set_info_callback' from incompatible pointer type Running Mkbootstrap for Crypt::SSLeay () chmod 644 SSLeay.bs rm -f blib/arch/auto/Crypt/SSLeay/SSLeay.so LD_RUN_PATH="/usr/lib" cc -shared -L/usr/local/lib SSLeay.o -o blib/arch/auto/Crypt/SSLeay/SSLeay.so -L/usr/lib -lssl -lcrypto chmod 755 blib/arch/auto/Crypt/SSLeay/SSLeay.so cp SSLeay.bs blib/arch/auto/Crypt/SSLeay/SSLeay.bs chmod 644 blib/arch/auto/Crypt/SSLeay/SSLeay.bs Manifying blib/man3/Crypt::SSLeay.3 # make test Running Mkbootstrap for Crypt::SSLeay () chmod 644 SSLeay.bs rm -f blib/arch/auto/Crypt/SSLeay/SSLeay.so LD_RUN_PATH="/usr/lib" cc -shared -L/usr/local/lib SSLeay.o -o blib/arch/auto/Crypt/SSLeay/SSLeay.so -L/usr/lib -lssl -lcrypto chmod 755 blib/arch/auto/Crypt/SSLeay/SSLeay.so cp SSLeay.bs blib/arch/auto/Crypt/SSLeay/SSLeay.bs chmod 644 blib/arch/auto/Crypt/SSLeay/SSLeay.bs PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/net_sslCan't load '/usr/local/src/Crypt-SSLeay-0.51/blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: /usr/local/src/CryptSSLeay0.51/blib/arch/auto/Crypt/SSLeay/SSLeay.so: undefined symbol: EVP_MD_CTX_init at /usr/lib/perl5/5.8.3/i686-linux/DynaLoader.pm line 229. at lib/Net/SSL.pm line 16 Compilation failed in require at lib/Net/SSL.pm line 16. Compilation failed in require at t/net_ssl.t line 5. BEGIN failed--compilation aborted at t/net_ssl.t line 5. t/net_ssldubious Test returned status 255 (wstat 65280, 0xff00) t/ssl_contextCan't load '/usr/local/src/Crypt-SSLeay-0.51/blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: /usr/local/src/Crypt-SSLeay0.51/blib/arch/auto/Crypt/SSLeay/SSLeay.so: undefined symbol: EVP_MD_CTX_init at /usr/lib/perl5/5.8.3/i686-linux/DynaLoader.pm line 229. at /usr/local/src/Crypt-SSLeay-0.51/blib/lib/Crypt/SSLeay/CTX.pm line 2 Compilation failed in require at /usr/local/src/Crypt-SSLeay-0.51/blib/lib/Crypt/SSLeay/CTX.pm line 2. Compilation failed in require at /usr/local/src/Crypt-SSLeay-0.51/blib/lib/Crypt/SSLeay/MainContext.pm line 8. Compilation failed in require at t/ssl_context.t line 3. BEGIN failed--compilation aborted at t/ssl_context.t line 3. t/ssl_contextdubious Test returned status 255 (wstat 65280, 0xff00) FAILED--2 test scripts could be
Re: [Crypt::SSLeay] compile problems on HP-UX
Chok, Melven wrote: Hi Josh, Thanks for you reply. I did what you mentioned, re-installing openssl with ./config --openssldir=/apps/openssl and using " perl Makefile.PL /apps/openssl " before make. I got the following output on make. Well, I really don't know what to make of the error. It seems like some kind of library incompatibility. I would try installing openssl to /usr/local/ssl and building against that, so you have a fresh install to work with, and what you have in /usr might be broken in some way. Regards, Josh Melven /psoft/scripts/lwp/Crypt-SSLeay-0.51(NO SID)$ perl Makefile.PL /apps/openssl Found OpenSSL (version OpenSSL 0.9.7) installed at /apps/openssl BUILD INFORMATION ssl dir:/apps/openssl libraries: -lssl -lcrypto -lgcc -lRSAglue -lrsaref include dir:/apps/openssl/include ssl header: openssl/ssl.h ssl candidate: /apps/openssl; /apps/openssl/include/openssl; OpenSSL 0.9.7 Note (probably harmless): No library found for -lgcc Note (probably harmless): No library found for -lRSAglue Note (probably harmless): No library found for -lrsaref Writing Makefile for Crypt::SSLeay /psoft/scripts/lwp/Crypt-SSLeay-0.51(NO SID)$ /psoft/scripts/lwp/Crypt-SSLeay-0.51(NO SID)$ make cc -c -I/apps/openssl/include +z -D_HPUX_SOURCE -I/usr/local/include -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 +O2 +Onolimit-DVERSION=\"0.51\" -DXS_VERSION=\"0.51\" +Z "-I/apps/perl/lib/5.8.0/PA-RISC2.0/CORE" SSLeay.c cc: "/usr/include/sys/socket.h", line 504: warning 562: Redeclaration of "sendfile" with a different storage class specifier: "sendfile" will have internal linkage. cc: "/usr/include/sys/socket.h", line 505: warning 562: Redeclaration of "sendpath" with a different storage class specifier: "sendpath" will have internal linkage. Running Mkbootstrap for Crypt::SSLeay () chmod 644 SSLeay.bs rm -f blib/arch/auto/Crypt/SSLeay/SSLeay.sl LD_RUN_PATH="/apps/openssl/lib" /usr/bin/ld -b -s -a shared SSLeay.o -o blib/arch/auto/Crypt/SSLeay/SSLeay.sl -L/apps/openssl/lib -lssl -lcrypto /usr/bin/ld: Can't find library: "ssl" *** Error exit code 1 -Original Message- From: Josh Chamas [mailto:[EMAIL PROTECTED] Sent: Saturday, 24 April 2004 4:07 AM To: Chok, Melven Cc: '[EMAIL PROTECTED]'; Baras, Gal Subject: Re: [Crypt::SSLeay] compile problems on HP-UX Chok, Melven wrote: Hello, /psoft/scripts/lwp/Crypt-SSLeay-0.51(NO SID)$ make I'm trying to compile on HP-UX B.11.11 U 9000/800 and I'm getting this error. Would you be able to shed some light as to what happened? ... The perl installation on this machine is /apps/perl and the installation of openssl-0.9.7d is in /apps/openssl I've modified the Makefile.PL with these changes Without modifying the Makefile.PL, I would try running it as: perl Makefile.PL /apps/openssl Your openssl should be built like: ./config --openssldir=/apps/openssl Try these things and see if you get the same problems. Regards, Josh Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: LWP with Crypt::SSLeay or Net::SSLeay with OpenSSL v0.97c hanging ( 500 read timeout )
Taylor Carpenter wrote: Hello, I was getting 500 read timeouts trying to download a 2MB file at around 1.5MB (downloading in chunks) with ActiveState Perl and Crypt::SSLeay v0.51 compiled against OpenSSL v0.9.7c. I then tried the same script on a Linux box and it worked fine. I then noticed I was using IO::Socket::SSL and Net::SSLeay rather than Crypt::SSLeay on the Linux machine, so I uninstalled Crypt::SSLeay on the windows machine and installed the ppm module Net::SSLeay v1.25. It still timed out. So I installed Crypt::SSLeay on the Linux machine and it did not work. After all this I noticed that I had both OpenSSL 0.9.6g and 0.9.7c. The Net::SSLeay was compiled against the 0.9.6g. I installed a version compiled against 0.9.7c and it failed on the download also. Also downloads were working from the site just a couple of weeks ago, and my Crypt::SSLeay install and OpenSSL were not updated or modified. I suppose something could have changed with the server that is causing a problem to show up in OpenSSL, but I don't know. I am having to recompile any modules that need SSL support for the older OpenSSL library, which is not an attractive solution. Hi Taylor, I think you have worked up this issue pretty well and I really have no additional insight. First, I might try the latest releases of openssl and see if they have your problem fixed: openssl-0.9.7d openssl-0.9.6m Also, if there is a occuring on the Crypt::SSLeay on Windows, I am not sure that this would be happening in the Crypt::SSLeay layer itself, as Crypt::SSLeay does not implement timeouts effectively on windows to my knowledge as it uses alarm() to implement this on unix platforms, and that system call has not been implemented on windows perl versions. If this SSL site has a public URL, I could ping it myself using an older OpenSSL / Crypt::SSLeay and share these results. Regards, Josh Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: 501 Protocol scheme 'https' is not supported (Crypt::SSLeay not ins talled)
Jonathan Buchanan wrote: I am uploading files to a HTTPS server using a perl script. Everything works fine when running the script from the command line. However, when I call the script via a browser, I get the error: 501 Protocol scheme 'https' is not supported (Crypt::SSLeay not installed) The web server is configured on the same system as the perl script. To see what the real error is, try adding this to your perl script: use Crypt::SSLeay; Then when it fails to load the library, you will know why better. Make sure to read the README ( perldoc Crypt::SSLeay ) to resolve more common loading errors with Crypt::SSLeay on various platforms, as it could be a shared library loading issue for example. Regards, Josh ____ Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: Crypt::SSLeay pkcs12 problem
Mad Elf IX wrote:
A) 'configure certs failed: failed to load : Illegal seek'
B) 'configure certs failed: Private key and certificate do not match'
now the second error occurs when i add this line:
---
print STDERR Dumper($ctx),"\n$file\n",$ENV{'HTTPS_PKCS12_PASSWORD'},"\n\n";
---
before the use_pkcs12_file() call in Net:SSL.
any ideas what is going on?
Hi Max,
Sorry for replying for so long. I have never seen these problems,
but I am not particularly expert with pkcs12 loading API. I wonder
whether your pkcs12 file is valid to begin with? It seems that either
error message might point to problems in loading this file, whether
it be simply reading it or the possibly validation phase going on.
You might make sure you are working with the latest Crypt::SSLeay
and OpenSSL, and that your pkcs12 file was created by the same verion
of OpenSSL. I don't know that any of this will matter. If you are
still having problems, I could try to reproduce this behavior,
and you might provide a sample LWP script that you are using
for me to reproduce this on my side, but I will be using a different
pkcs12 file so it probably won't help anyway.
Regards,
Josh
____
Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com
Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com
http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: Problems Installin Crypt::SSLeay with ppm
bzzt wrote: Hi, I tried to find Crypt::SSLeay through ppm but doesn't exist in the search results. Am I doing something wrong? Windows XP. It seems that ActiveState has recently, as of 2003, dropped their distribution of Crypt::SSLeay compiled libraries. To get the compiled version of perl that includes Crypt::SSLeay, you can try one of the mod_perl downloads which contains a perl with Crypt::SSLeay: http://perl.apache.org/download/binaries.html and if you can't find the right thing there, you might also try: http://perl.apache.org/dist/win32-bin/ but be sure to read the README there first to make sure you know what you are downloading. Regards, Josh ____ Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Re: Crypt::SSLeay Information Request
Dean Browett wrote: Can you supply me with information on the use of Crypt::SSLeay & Net::SSL with perl's LWP. Here's the README for Crypt::SSLeay: http://www.cpan.org/modules/by-module/Apache/CHAMAS/Crypt-SSLeay-0.51.readme Regards, Josh Thanks @-@ + Dean Browett+ + Technical Development Manager + + Push Information Systems : website design solutions + @-@ [EMAIL PROTECTED] Tel: 01767 651466 This e-mail and any attached files are intended for the named addressee only. It contains information which may be confidential and legally privileged and also protected by copyright. Unless you are the named addressee (or authorised to receive for the addressee) you may not copy or use it, or disclose it to anyone else. If you received it in error please notify the sender immediately and then delete it from your system. We make every effort to keep our network free from viruses. However you do need to check this e-mail and any attachments to it for viruses as we can take no responsibility for any computer virus which may be transferred by way of this e-mail. ---
Re: Crypt::SSLeay
[EMAIL PROTECTED] wrote: Hello -- I'm trying to locate, download, and install Crypt::SSLeay on my Windows XP workstation which has Perl v5.6.1 installed. I tried: ppm> install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd and got the message: Could not locate a PPD file for package Crypt-SSLeay There's a file called Crypt-SSLeay.ppd in Perl/site/lib/ppm-conf and it contains the following text string: OpenSSL glue that provides LWP https support Joshua Chamas install_ssl Please advise what I am doing wrong. Thank you. To get the compiled version of perl that includes Crypt::SSLeay, you can try one of the mod_perl downloads which contains a perl with Crypt::SSLeay: http://perl.apache.org/download/binaries.html and if you can't find the right thing there, you might also try: http://perl.apache.org/dist/win32-bin/ but be sure to read the README there first to make sure you know what you are downloading. Regards, Josh ________ Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
