The latest perl module Crypt::SSLeay v.25 is in perl's CPAN.
It includes patches from Tobias for client certificate support.
You can get the latest .25 from:
http://www.perl.com/CPAN-local/modules/by-module/Crypt/
The changes are below.
-- Josh
$MODULE=Crypt::SSLeay; $VERSION = .25; $DATE="2001-04-10";
+ = improvement; - = bug fix
+ update ./net_ssl_test to do smart parsing of host, where
host can now be of the form http://www.nodeworks.com:443/
+ integrated client cert patches provided by Tobias Manthey,
creating new config options:
$ENV{HTTPS_CERT_FILE} -- file of client certificate
$ENV{HTTPS_KEY_FILE} -- file of private key file
Also support for these options in ./net_ssl_test with these
options:
-cert client certificate file
-key private key file
like so:
./net_ssl_test -cert=notacacert.pem -key=notacakeynopass.pem -d
To create simple test cert with openssl:
/usr/local/openssl/bin/openssl req -config /usr/local/openssl/openssl.cnf -new -days 365 -newkey rsa:1024 -x509 -keyout notacakey.pem -out
notacacert.pem
/usr/local/openssl/bin/openssl rsa -in notacakey.pem -out notacakeynopass.pem
$MODULE=Crypt::SSLeay; $VERSION = .24; $DATE="2001-03-09";
+ = improvement; - = bug fix
- local $@ in Net::SSL::DESTROY so we don't kill real errors
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
I am trying to install your new release Crypt-SSLeay but makefile.pl is
trying to locate SSLeay.exe instead of Openssl.exe. Is this a problem?
No OpenSSL installation found, usually in /usr/local/openssl
Which OpenSSL build path do you want to link against? c:\bin
Apparently no SSLeay installation at 'c:\bin'
Are you sure you got it correct????
================================================
BUILD INFORMATION
================================================
ssl dir: c:\bin
libraries: -lssleay32 -llibeay32 -lRSAglue -lrsaref
include dir: c:\bin\include -Ic:\bin\inc32
ssl header: ssl.h
ssl candidate: c:\bin; c:\bin/include
================================================
Writing Makefile for Crypt::SSLeay
Also I am getting the following warnings when I run nmake
SSLeay.c
SSLeay.xs(57) : warning C4133: 'function' : incompatible types - from
'struct _PerlIO *' to 'struct _iobuf *'
SSLeay.xs(61) : warning C4133: 'function' : incompatible types - from
'struct _PerlIO *' to 'struct _iobuf *'
SSLeay.xs(68) : warning C4133: 'function' : incompatible types - from
'struct _PerlIO *' to 'struct _iobuf *'
SSLeay.xs(70) : warning C4133: 'function' : incompatible types - from
'struct _PerlIO *' to 'struct _iobuf *'
Marcus
read failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure | error:140940E5:SSL routines:SSL3_READ_BYTES:ssl
handshake failure
And the apache log file says:
[Thu Apr 12 14:40:22 2001] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?
Here is the actual test script:
#!/usr/bin/perl -w
use strict;
use LWP::UserAgent;
$ENV{'HTTPS_CERT_FILE'} = 'certs/certificate.pem';
$ENV{'HTTPS_KEY_FILE'} = 'certs/keynopass.pem';
my $oUag = LWP::UserAgent->new;
my $oReq = HTTP::Request->new('GET', 'https://rep1prod:8084/Passd');
my $oRes = $oUag->request($oReq);
print $oRes->code, "\n";
print $oRes->message, "\n";
And this is the relevant part to the httpd.conf file:
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache
dbm:/var/iefadmn/apache/8084/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/iefadmn/apache/8084/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/iefadmn/apache/8084/logs/ssl_engine_log
SSLLogLevel warn
SSLVerifyClient none
SSLVerifyDepth 1
SSLCACertificateFile /opt/perl5/apache/conf/8084/ssl.ca/esnp.crt
</IfModule>
##
## This has to go in a <VirtualHost> section (if there is one).
##
<IfDefine SSL>
SSLEngine on
SSLCertificateFile
/opt/perl5/apache/conf/8084/ssl.crt/server.crt
SSLCertificateKeyFile
/opt/perl5/apache/conf/8084/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</IfDefine>
<Location "/Passd">
<IfDefine SSL>
SSLOptions +StdEnvVars
SSLVerifyClient require
</IfDefine>
</Location>
So what am I doing wrong?
Thank you very much for your help,
Kees Vonk
______________________________________________________________________
The views expressed in this email are not necessarily the views of
Transco plc, and the company, its directors, officers or employees
make no representation or accept any liability for its accuracy or
completeness unless expressly stated to the contrary.
This e-mail, and any attachments are strictly confidential and
intended for the addressee(s) only. The content may also contain
legal, professional or other privileged information. If you are not
the intended recipient, could you please notify the sender
immediately and then delete the e-mail and any attachments, you
should not disclose, copy or take any action in reliance of this
transmission. Unless expressly stated to the contrary, no contracts
may be concluded on behalf of Transco plc by means of e-mail
communication.
You may report the matter by calling us on +44 (0)1455 230999.
You should not copy, forward or otherwise disclose the contents of
this e-mail or any of its attachments without express consent.
Please ensure you have adequate virus protection before you open or
detach any documents from this transmission. Transco plc does not
accept any liability for viruses.
Transco plc is part of Lattice Group
Transco plc is registered in England: Company number: 2006000
Registered Office: 130 Jermyn Street, London, SW1Y 4UR
http://www.transco.uk.com
Does it help if you set this:
# DEFAULT SSL VERSION
$ENV{HTTPS_VERSION} = '3';
Crypt::SSLeay starts off with a SSLv23 handshake and may
not renegotiate successfully. Also, if you use the
./net_ssl_test script for testing, you can use the -d
flag for better diagnostics.
Did that help? Is there a public URL that I can ping from here?
--Josh
You need to specify a path that contains the libraries and
headers for compilation, on WinNT, I set things up to look
like Unix, so I stick openssl in c:\usr\local\ssl
> ls -allg /usr/local/ssl/
total 0
drwxr-xr-x 8 544 everyone 0 Aug 10 1999 ./
drwxr-xr-x 11 544 everyone 0 Feb 12 12:06 ../
drwxr-xr-x 42 544 everyone 0 Apr 06 16:10 bin/
drwxr-xr-x 5 544 everyone 0 Aug 10 1999 include/
drwxr-xr-x 11 544 everyone 0 Aug 10 1999 lib/
> ls -allg /usr/local/ssl/lib/
total 1043
drwxr-xr-x 11 544 everyone 0 Aug 10 1999 ./
drwxr-xr-x 8 544 everyone 0 Aug 10 1999 ../
-rw-r--r-- 1 544 everyone 13972 Aug 10 1999 RSAglue.lib
-rw-r--r-- 1 544 everyone 557568 Aug 10 1999 libeay32.dll
-rw-r--r-- 1 544 everyone 260705 Aug 10 1999 libeay32.exp
-rw-r--r-- 1 544 everyone 1008278 Aug 10 1999 libeay32.lib
-rw-r--r-- 1 544 everyone 131072 Aug 10 1999 ssleay32.dll
-rw-r--r-- 1 544 everyone 33565 Aug 10 1999 ssleay32.exp
-rw-r--r-- 1 544 everyone 124672 Aug 10 1999 ssleay32.lib
> ls -allg /usr/local/ssl/include/
total 0
drwxr-xr-x 5 544 everyone 0 Aug 10 1999 ./
drwxr-xr-x 8 544 everyone 0 Aug 10 1999 ../
drwxr-xr-x 55 544 everyone 0 Aug 10 1999 openssl/
I believe you could just point the install script to a
binary distribution directory for openssl too, as it will
have a similar structure unwrapped, but with things like
inc32 for the includes dir instead, which the script should
pick up on.
Also, if you give up on trying to roll your own, here's a tip
for win32 users from the README:
!!! NOTE for Win32 users, few people seem to be able to build
W Crypt::SSLeay successfully on that platform. You don't need
I to because ActiveState has already compiled it for you,
N and is available for their perl builds 618 & 522 as a ppm
3 install. It may also be available for their latest build.
2 Keywords: WinNT, Win95, Win98, 95, 98, NT, 2000
!!! Please see http://www.activestate.com/
the problem with this "tip" is that ActiveState is usually way behind in
releasing new module versions. Their current Crypt::SSLeay version is 0.17!
Best Regards,
Reiner.
> Also, if you give up on trying to roll your own, here's a tip
> for win32 users from the README:
>
> !!! NOTE for Win32 users, few people seem to be able to build
> W Crypt::SSLeay successfully on that platform. You don't need
> I to because ActiveState has already compiled it for you,
> N and is available for their perl builds 618 & 522 as a ppm
> 3 install. It may also be available for their latest build.
> 2 Keywords: WinNT, Win95, Win98, 95, 98, NT, 2000
> !!! Please see http://www.activestate.com/
>
______________________________________________________________________