Re: How to ensure I'm doing lwp with https correctly?
- From: PugetSoundSylvia@xxxxxxxxx
- Date: Fri, 27 Jun 2008 09:14:12 -0700 (PDT)
On Jun 23, 4:22 pm, "comp.llang.perl.moderated" <c...@blv-
sam-01.ca.boeing.com> wrote:
On Jun 23, 11:29 am, PugetSoundSyl...@xxxxxxxxx wrote:
I'm usingLWPfor programatic access to a website. I'm using https,
and have installed Crypt::SSLeay (hopefully correctly).
What I'd like to do is make sure that my https access is actually
correctly set up, and that I am accessing everything securely. Any
ideas on how I can double-check that everything is happening
correctly? Or is there something I can use to audit my connection?
If I didn't do the Crypt::SSLeay install correctly, would https access
just not work, or would it just default to http?
If Crypt::SSLeay installed successfully
and passed its test suite, you can be
reasonably assured that SSL transactions
occur. You can confirm actual details of the exchange by setting:
$ENV{HTTPS_DEBUG} = 1
before initiating the connection. See:
perldoc Crypt::SSLeay.
Also, if usingPerl'sLWPmodule, you
can add:
useLWP::Debug qw/+/
for other details of the exchange>
See perldocLWP::Debug for less
verbose settings.
Here's an example with HTTPS_DEBUG andLWP::Debug set:
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
LWP::UserAgent::new: ()
HTTP::Cookies::add_cookie_header: Checking ... for cookies
LWP::UserAgent::send_request: GET https://....LWP::UserAgent::_need_proxy: Not proxied
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
--
Charles DeRykus
Thanks Charles - your debug hints were very helpful. It looks like
the certificate isn't even checked when doing https UNLESS you have
the HTTPS_CA_DIR environment variable set. Then it checks (and in my
case it's failing with a bad certificate error as below)
LWP::UserAgent::new: ()
LWP::UserAgent::request: ()
LWP::UserAgent::send_request: GET https://xxxxxxxxxx.org/api/login.php?name=xxxxxx&pass=xxxxxx
LWP::UserAgent::_need_proxy: Not proxied
LWP::Protocol::http::request: ()
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:error in SSLv2 read server hello A
LWP::UserAgent::request: Simple response: Internal Server Error
Error: 500 SSL negotiation failed:
Now I'm trying to fill the the gaps in my understanding of
certificates, which are pretty gaping.
Thanks again for your help.
Sylvia
.
- References:
- How to ensure I'm doing lwp with https correctly?
- From: PugetSoundSylvia
- Re: How to ensure I'm doing lwp with https correctly?
- From: comp.llang.perl.moderated
- How to ensure I'm doing lwp with https correctly?
- Prev by Date: Re: Template Toolkit and USE
- Next by Date: Re: 'nobody' using sudo -- scary!
- Previous by thread: Re: How to ensure I'm doing lwp with https correctly?
- Next by thread: Problem expanding filenames in loop
- Index(es):
Relevant Pages
|
