RfC: Certificate/private key/intermediate CA's/SSllogging as arguments?
B.A.L.
We are using WebInject (1.41) to test a webservice through SSL. For
this I have editted webinject.pl with the following lines, making use
of the SSLeay module:
---
# This line specifies the certificate which has to be sent
$ENV{HTTPS_CERT_FILE} = '/data/nagios/libexec/webinject/
PK070001002956142nokey.pem';
# This line specifies the private key which has to be sent
$ENV{HTTPS_KEY_FILE} = '/data/nagios/libexec/webinject/
PK070001002956142key.pem';
# This line specifies the file which contains the intermediate CA
certificates, so WebInject sends the client certificate, and the
intermediate CA certificates, and the Apache server hosting the
webservice we are monitoring checks these 2 to a root certificate,
stored within Apache
$ENV{HTTPS_CA_FILE} = '/data/nagios/libexec/webinject/cacerts.cer';
# This line turns on the SSL logging, which is useful for debugging
$ENV{HTTPS_DEBUG}=100;
---
Now this works like a charm, but the problem with this construction is
that my webinject.pl file is not reusable for other checks, since the
references to the certificates are stored within the webinject.pl
file. Now, I would love a possibility to call on the certificates from
arguments rather than from the webinject.pl file itself, so I would
just have 1 webinject.pl file, and I could make sure the certificates
are sent correctly by using them as arguments, so the whole structure
of my WebInject monitoring would revolve around a single webinject.pl
file, which in turn will then be easier to upgrade as well. Sven, what
do you think of this idea?
Sven Nierlein
On 10/13/10 10:59, B.A.L. wrote:
> file, which in turn will then be easier to upgrade as well. Sven, what
> do you think of this idea?
Should be not a big deal to add a few arguments. But i am not really sure how we proceed with the webinject project in general, its currently up to Corey. I haven't heard from him so far, so i think he is still really busy at moment.
Regards,
Sven
Corey Goldberg
please proceed however you feel is best for the project. I don't mind
adding additional args if this is something that might be useful for
many users. If it is really a niche case, I suggest just hacking a
version for yourself. I'll defer to Sven to decide if it should be
added.
I'd like to update the website at some point with links to the new
release and any new info... and will try to be more responsive.
regards,
-Corey
Sven Nierlein
btw, you don't have to change the webinject.pl just to set a few environment variables, just call your perl script like this:
HTTPS_DEBUG=100 HTTPS_CERT_FILE=/data/nagios/libexec/webinject/PK070001002956142nokey.pem HTTPS_KEY_FILE=/data/nagios/libexec/webinject/PK070001002956142key.pem HTTPS_CA_FILE=/data/nagios/libexec/webinject/cacerts.cer ./webinject.pl ...
(everything in one line)
Regards,
Sven
On 10/13/10 10:59, B.A.L. wrote: