Re: SSL protocol via custom module?

On 08/04/2006 12:28 PM, petesouthwest@xxxxxxxxxxx wrote:
Hi

I have bought a ‘well known’ shopping cart program which I'm trying to use with a ‘well known’ payment service provider.

There is unfortunately a problem with a Perl script not functioning that each company says is the fault of the other. I am trying to determine which one is correct �

The payment service provider says that in order for the process to work, the server hosting my shopping cart must have SSL support. This is apparently as the process uses a POST to send a simple acknowledgement back to an HTTPS website, for handshaking purposes. The payment service provider says that as the hosts system is a Linux box it requires crypt::SSLeay and port 443 open.

However after a week of pushing the cart company they now say that that SSL support is not required as their own module, an sc.pm file in stored in the cgi-bin uploaded during the cart upload provides the SSL support.

Searching for their scripts for lines like ‘new HTTP::Request "POST","url"; certainly draws a blank.

The shopping cart scripts appear to post the information by calling a function
::HTTPS_SendAndReceive('www.xxxx.com', 443,
'/xxx.dll/apc/apc', $sPostedData, 'POST', $::TRUE, $ssl_socket);

This seems to use another object in the a .pm file that seems to have a lot encryption going on ie #
# Construct the MD5 object
#
$Self->{_MASTER_MD5} = instantiateMD5Object();
#
# Construct the SHA1 object
#
$Self->{_MASTER_SHA1} = instantiateSHA1Object();
#
# Some more initialisation
#
$Self->init();



My questions are this:
1) In your opinions is it possible to implement a function to replace the POST command so that simple data can be sent to an HTTPS site.

This would probably be very hard, and your debugging attempts might get you locked out of the payment service temporarily.

2) If the answer is yes, would it require the Perl MD5 module?

Yes

3) If yes is it enough to have the module in /usr/lib/perl5/site_perl/5.6.1/MD5.pm like my host says it is

Most likely.

4) Would all of the above negate the need for a module like crypt::SSLeay?


If you write the equivalent of Crypt::SSLeay, that would eliminate the requirement of Crypt::SSLeay.


Please reply with as much detail as possible as I am the middle man between the payment provider, shopping cart and host. And they seem to find it impossible to talk to each other.


It sounds like your "well known" shopping cart software is slightly incompatible with your web hosting service. You can possibly get around this by installing Crypt::SSLeay in your web account.

But even that won't work if the payment service provider absolutely requires that port 443 be open on the web host, and it's not.

Maybe next time you can buy the shopping cart software, web hosting and payment service as part of a package of guaranteed compatible services and software.
.