Windows / Perl / Net::SSLeay / OpenSSL: What locations are CA certificates loaded from? -

-

here's program https request, code @ start i'm going explain below:

use 5.012; use lwp::useragent; use http::request::common; use net::ssleay;  begin {     return unless $^o eq 'mswin32'; # needed on windows     print stderr "attempting set https_ca_file pem file path\n";     require mozilla::ca; # load module determine pem file path     $pemfile = {         $path = $inc{ 'mozilla/ca.pm' };         $path =~ s#\.pm$#/cacert.pem#;         $path;     };     if ( -f $pemfile ) {         $env{https_ca_file} = $pemfile;         print stderr "https_ca_file set $pemfile\n";     }     else {         warn "pem file $pemfile missing";     } } # ==========================================================================  $net::ssleay::trace = 2;  $ua = lwp::useragent->new; $req = 'https://client.billsafe.de/'; $rsp = $ua->request( $req );  $rsp->is_success ? 'success' : 'failure'; $rsp->status_line; '================='; substr $rsp->decoded_content, 0, 200; '=================';  # possibly relevant module versions ( qw/net::ssleay crypt::ssleay lwp::protocol::https mozilla::ca/ ) {     no strict 'refs';     $_, "\t", ${"${_}::version"} }

the code @ beginning sets environment variable https_ca_file value of pem file cacert.pem mozilla::ca gets loaded default (i checked using procmon.exe, file read default).

the reason doing apparently nonsensical setting have windows machines (windows server 2008) ssl setup fails certificate verify failed when environment variable not set. mystery why so. , works fine on other windows machines identical versions net::ssleay, lwp::protocol::https , mozilla::ca.

our module versions are:

  • net::ssleay 1.36
  • crypt::ssleay -/-
  • lwp::protocol::https 6.02
  • mozilla::ca 20110409

now question: there other places, apart cacert.pem, root certificates loaded in constellation (windows, perl, net::ssleay)? if so, they? can read on it?

update

the openssl docs not mention certificate store other plain file , plain directory:

the windows c api functions used open system certificate store following:

i checked out openssl head cvs. certopenstore function indeed used in engines/e_capi.c. haven't investigated further find out used access store in openssl versions on servers in question.

if web search you'll see couple of people have wondered whether openssl can access windows certificate store directly, or have proposed patch openssl accordingly. there's recent issue on tortoisesvn list (windows certificate store / openssl capi). more research needed find out what's matter here.

since lwp 6.00 can pass ssl_opts hashref new specifying certificate files amongst other options:

my $ua = lwp::useragent->new(     ssl_opts   => {         verify_hostname => 1,         ssl_cert_file   => $ssl_cert_file,         ssl_key_file    => $ssl_key_file,     }, );

Comments

Post a Comment

Popular posts from this blog

objective c - Change font of selected text in UITextView -

-
can suggest me how change font of selected text in uitextview.i cannot use uiwebview since have edit text. have seen pages app.how possible in app. see formatting text within uilabel differently . since need editing, should @ javascript-based editors such ckeditor or tinymce . highly recommend wwdc 2011 video session 511: "rich text editing in safari on ios."
Read more

php - Accessing POST data in Facebook cavas app -

-
so i've got simple form in canvas / iframe facebook app, , i'm trying pass along values post. reading on s.o. , fb's latest docs, understand it, data send via post form can accessed on receiving end $_request object. i read on thread on s.o. in order post forms work need pass along input named "signed_request" value current signed_request (i have signed request working ok otherwise...all login , authentication stuff working fine). isnt mentioned anywhere in official fb docs. so problem comes in $_request object signed request, , bunch of other session stuff. form inputs found. the way can read them set method of form "request" isn't real form method. takes of inputs , sends them args in url. horrible. here's sample page canvas app form i'm using try debug (leaving out authentication stuff): <form enctype="application/x-www-form-urlencoded" method="post" target="_top" id="my_form" action=...
Read more

c# - Getting control value when switching a view as part of a multiview -

-
i have following code in aspx page: <asp:button id="display_button" runat="server" text="display" onclick="button1_click" /> &nbsp; <asp:button id="edit_button" runat="server" text="edit" onclick="button2_click" /> &nbsp; <asp:button id="save_button" runat="server" text="save" onclick="button3_click" visible="false" /> &nbsp; <asp:multiview id="multiview1" runat="server" activeviewindex="0"> <asp:view id="view1" runat="server"> <asp:formview id="view_program" runat="server"> <itemtemplate> <%# eval("status").tostring().trim() %> </itemtemplate> </asp:formview> </asp:view> <asp:view id="view2" runat="server"> ...
Read more