Imported Upstream version 0.58
gregor herrmann
12 years ago
0 | 0 | Revision history for Crypt-SSLeay |
1 | 1 | ================================= |
2 | ||
3 | 0.58 2010-08-25 14:06:30 UTC | |
4 | ||
5 | - Bump version number for Crypt::SSLeay to 0.58 and Net::SSL to 2.85 in | |
6 | preparation for release. | |
7 | - Fix typo in POD is SSLeay.pm s/PEM0encoded/PEM encoded/ (checked | |
8 | http://github.com/gitpan/Crypt-SSLeay/blob/9a1582ee1e4d132ae7cf9497bb83144786425d73/SSLeay.pm) | |
9 | - Update Changes and TODO. Regenerate README and META.yml. Update package | |
10 | author. Minor POD fixes. | |
11 | ||
12 | 0.57_05 2010-08-15 17:41:21 UTC | |
13 | ||
14 | - Fix for NO_PROXY support in Net::SSL (bug #57836) | |
15 | - Bump Net::SSL version number to 2.84_02 after changes | |
16 | - Fix file/dir permissions (bug #60338) | |
17 | - Review warnings when compiling SSLeay.xs against older versions of OpenSSL. | |
18 | Warnings are due to OpenSSL. | |
19 | - Add clarification regarding $ENV{HTTPS_CA_FILE} and $ENV{HTTPS_CA_DIR} to the | |
20 | POD. | |
21 | - Other POD related changes: | |
22 | * Remove historic information in README about platforms where the package | |
23 | was successfully built. | |
24 | * Reformat acknowledgements. TODO: Add more people. | |
25 | * Fix link to Net-SSLeay. | |
26 | * Add note about the --live-tests command line option | |
27 | * Generate README from POD. | |
28 | * Formatting fixes. | |
29 | * Update copyright notice. | |
30 | ||
31 | 0.57_04 2010-08-11 00:22:33 UTC | |
32 | ||
33 | - Reorganize Makefile.PL to break individual steps in to subroutines so as to | |
34 | facilitate localized future modifications. Whether there was any point to | |
35 | this remains to be seen. | |
36 | - In Makefile.PL, accommodate ActiveState+MingW configuration. | |
37 | - Pick the correct lib location for Strawberry Perl (bug #60230). | |
38 | - Apply fixes in bug reports #59312 and #33954 to Net/SSL.pm. | |
39 | - Bump version number in Net/SSL.pm to indicate development release. | |
40 | ||
41 | 0.57_03 2010-08-09 20:12:30 UTC | |
42 | ||
43 | - If the last component of $inc_dir is 'openssl', set $inc_dir to its parent | |
44 | and set $prefix to 'openssl'. Otherwise, leave $inc_dir as is and set $prefix | |
45 | to '' (I hope this fixes bugs #28431, #28680, #32084, #43084, #54103 without | |
46 | breaking anything). | |
47 | - Improved OpenSSL detection on Win32/Strawberry Perl (bug #49285). | |
48 | - Add MIME::Base64 as a prerequisite as Net::SSL needs it. | |
49 | - exit 0 if OpenSSL can't be found to avoid superfluous reports from CPAN | |
50 | Testers. | |
51 | - Add \ to $opt_bench in eg/net-ssl-test (bugs #30931, #39363). | |
52 | ||
53 | 0.57_02 2010-08-08 18:27:40 UTC | |
54 | ||
55 | - Refactor the version detection algorithm in Makefile.PL to handle all known | |
56 | variations of version number encoding. Should fix bug #52408. | |
57 | ||
58 | 0.57_01 2008-02-18 14:42:32 UTC | |
59 | ||
60 | - use #include <..> rather than #include "..." in | |
61 | crypt_ssleay_version.h. | |
62 | - add command-line switch to avoid live tests (bug #30268). | |
63 | - skip tests in t/01-connect.t if 443 is already in use (bug #30985). | |
64 | - make code gcc -Wwrite-strings compatible (bug #31926). | |
2 | 65 | |
3 | 66 | 0.57 2007-09-17 20:45:20 UTC |
4 | 67 |
0 | --- #YAML:1.0 | |
1 | name: Crypt-SSLeay | |
2 | version: 0.57 | |
3 | abstract: OpenSSL support for LWP | |
4 | license: perl | |
5 | generated_by: ExtUtils::MakeMaker version 6.36_01 | |
6 | distribution_type: module | |
7 | requires: | |
8 | meta-spec: | |
9 | url: http://module-build.sourceforge.net/META-spec-v1.2.html | |
10 | version: 1.2 | |
11 | author: | |
12 | - David Landgren | |
0 | --- #YAML:1.0 | |
1 | name: Crypt-SSLeay | |
2 | version: 0.58 | |
3 | abstract: OpenSSL support for LWP | |
4 | author: | |
5 | - A. Sinan Unur <nanis@cpan.org> | |
6 | license: perl | |
7 | distribution_type: module | |
8 | configure_requires: | |
9 | ExtUtils::MakeMaker: 0 | |
10 | build_requires: | |
11 | ExtUtils::MakeMaker: 0 | |
12 | requires: | |
13 | MIME::Base64: 0 | |
14 | no_index: | |
15 | directory: | |
16 | - t | |
17 | - inc | |
18 | generated_by: ExtUtils::MakeMaker version 6.56 | |
19 | meta-spec: | |
20 | url: http://module-build.sourceforge.net/META-spec-v1.4.html | |
21 | version: 1.4 |
2 | 2 | |
3 | 3 | use Config; |
4 | 4 | use ExtUtils::MakeMaker; |
5 | use File::Basename qw(dirname); | |
5 | use File::Basename qw(basename dirname); | |
6 | 6 | use Getopt::Long; |
7 | 7 | |
8 | 8 | eval "use ExtUtils::MakeMaker::Coverage"; |
9 | 9 | $@ or print "Adding testcover target\n"; |
10 | 10 | |
11 | use vars qw($opt_default $opt_libpath $opt_static); | |
11 | use vars qw($OPT_DEFAULT $OPT_LIBPATH $OPT_STATIC $OPT_LIVE_TESTS); | |
12 | 12 | |
13 | 13 | GetOptions( |
14 | "default", \$opt_default, | |
15 | "lib=s", \$opt_libpath, | |
16 | "static", \$opt_static, | |
14 | "default", \$OPT_DEFAULT, | |
15 | "lib=s", \$OPT_LIBPATH, | |
16 | "static", \$OPT_STATIC, | |
17 | "live-tests!", \$OPT_LIVE_TESTS, | |
17 | 18 | ); |
18 | 19 | |
19 | $opt_default ||= $ENV{CRYPT_SSLEAY_DEFAULT}; | |
20 | $OPT_DEFAULT ||= $ENV{CRYPT_SSLEAY_DEFAULT}; | |
20 | 21 | |
21 | 22 | # FIND POSSIBLE SSL INSTALLATIONS |
22 | 23 | |
23 | my @POSSIBLE_SSL_DIRS; | |
24 | if ($opt_libpath) { | |
25 | # explicit from command-line | |
26 | @POSSIBLE_SSL_DIRS = ($opt_libpath); | |
27 | $opt_default = 1; | |
28 | } | |
29 | elsif ($^O eq 'MSWin32') { | |
30 | @POSSIBLE_SSL_DIRS = 'c:\\openssl'; | |
31 | } | |
32 | elsif ($^O eq 'VMS') { | |
33 | @POSSIBLE_SSL_DIRS = '/ssl$root'; | |
34 | } | |
35 | else { | |
36 | # Unix and the rest | |
37 | @POSSIBLE_SSL_DIRS = qw( | |
38 | /local | |
39 | /local/ssl | |
40 | /opt/ssl | |
41 | /usr | |
42 | /usr/local | |
43 | /usr/local/ssl | |
44 | /usr/local/openssl | |
45 | ); | |
46 | } | |
47 | ||
48 | my @CANDIDATE = do { | |
49 | my %seen; | |
50 | grep {!$seen{$_->{check}}++} | |
51 | map {Candidate($_)} | |
52 | @POSSIBLE_SSL_DIRS | |
53 | }; | |
54 | ||
55 | if (@CANDIDATE == 0) { | |
56 | $opt_default = 0; | |
57 | my $bar = '=' x 72; | |
58 | print <<"INFO"; | |
59 | $bar | |
60 | No installed SSL libraries found in any of the following places. | |
61 | INFO | |
62 | print " $_\n" for @POSSIBLE_SSL_DIRS; | |
63 | print <<"INFO"; | |
64 | You will have to either specify a directory location at the following | |
65 | prompt, or rerun the Makefile.PL program and use the --lib switch | |
66 | to specify the path. If the path in question is considered standard | |
67 | on your platform, please consider filing a bug report in order to | |
68 | have it taken into account in a subsequent version of Crypt::SSLeay. | |
69 | ||
70 | INFO | |
71 | ||
72 | if (-f '/etc/debian_version') { | |
73 | print <<"DEBIAN_INFO"; | |
74 | ||
75 | This host looks like it is running Debian. Crypt::SSLeay needs to | |
76 | be compiled with C headers that the libssl-dev package makes | |
77 | available. Please install that package before trying to build this | |
78 | module. (You can always deinstall the package afterwards, once | |
79 | Crypt::SSLeay has been built). | |
80 | DEBIAN_INFO | |
81 | } | |
82 | } | |
83 | ||
84 | my $SSL_DIR; | |
85 | my $pkg_config; | |
86 | ||
87 | if (@CANDIDATE == 1) { | |
88 | $pkg_config = $CANDIDATE[0]; | |
89 | if ($opt_default) { | |
90 | $SSL_DIR = $pkg_config->{dir}; | |
91 | } | |
92 | else { | |
93 | print <<"INFO"; | |
94 | ======================================================= | |
95 | Only one $pkg_config->{type} installation found at $pkg_config->{dir} | |
96 | Consider running 'perl Makefile.PL --default' the next | |
97 | time Crypt::SSLeay is upgraded to select this directory | |
98 | automatically thereby avoiding the following prompt. | |
99 | ======================================================= | |
100 | INFO | |
101 | } | |
102 | } | |
103 | elsif (@CANDIDATE > 1) { | |
104 | print "Found multiple possibilities for OpenSSL\n"; | |
105 | for my $c (@CANDIDATE) { | |
106 | print " $c->{dir} ($c->{type} $c->{ver})\n"; | |
107 | } | |
108 | } | |
109 | ||
110 | if (not $SSL_DIR) { | |
111 | my %cand; | |
112 | for my $c (@CANDIDATE) { | |
113 | $cand{$c->{dir}} = {%$c}; | |
114 | } | |
115 | ||
116 | $SSL_DIR = prompt "Which SSL install path do you want to use?", | |
117 | $CANDIDATE[0]->{dir}; | |
118 | ||
119 | if (exists $cand{$SSL_DIR}) { | |
120 | # we've already determined that this directory is usable | |
121 | $pkg_config = $cand{$SSL_DIR}; | |
122 | } | |
123 | else { | |
124 | # unknown directory, better check it out | |
125 | $pkg_config = Candidate($SSL_DIR); | |
126 | if (not $pkg_config) { | |
127 | die <<"INFO"; | |
128 | $SSL_DIR does not appear to be an SSL library installation, since | |
129 | the required header files were not found. The build cannot proceed. | |
130 | INFO | |
131 | } | |
132 | } | |
133 | } | |
134 | ||
135 | # note: $SSL_DIR is now sane at this point | |
136 | ||
137 | my (@INC_FLAGS, @LIB_FLAGS); | |
138 | ||
139 | if ($^O eq 'VMS') { | |
140 | push @INC_FLAGS, "-I$pkg_config->{inc}"; | |
141 | push @LIB_FLAGS, qw(-L/SYS$SHARE -lSSL$LIBSSL_SHR32 -lSSL$LIBCRYPTO_SHR32); | |
142 | } | |
143 | elsif ($^O eq 'MSWin32') { | |
144 | # external tools probably expect \ and not / for path separators | |
145 | $SSL_DIR =~ tr{/}{\\}; | |
146 | ||
147 | # default to drive C: if no drive or relative path | |
148 | $SSL_DIR = "c:$SSL_DIR" if $SSL_DIR !~ m{\A(?:[a-z]:|\.\.[\\/])}i; | |
149 | ||
150 | my $inc = $pkg_config->{inc}; | |
151 | $inc =~ tr{/}{\\}; | |
152 | $inc = "c:$inc" if $inc !~ m{\A(?:[a-z]:|\.\.[\\/])}i; | |
153 | push @INC_FLAGS, "-I$inc"; | |
154 | push @INC_FLAGS, "-I$SSL_DIR\\inc32" if -d "$SSL_DIR/inc32"; | |
155 | ||
156 | my $vanilla = $Config{cc} eq 'gcc' ? 1 : 0; | |
157 | $vanilla and print "Assuming Vanilla/Strawberry Perl installation\n"; | |
158 | ||
159 | if ($vanilla and -d "$SSL_DIR\\lib\\MinGW") { | |
160 | push @LIB_FLAGS, "-L$SSL_DIR\\lib\\MinGW"; | |
161 | } | |
162 | elsif(-d "$SSL_DIR/lib") { | |
163 | push @LIB_FLAGS, "-L$SSL_DIR\\lib"; | |
164 | } | |
165 | else { | |
166 | my $dir = $opt_static ? "$SSL_DIR\\out32" : "$SSL_DIR\\out32dll"; | |
167 | if (-d $dir) { | |
168 | push @LIB_FLAGS, "-L$dir"; | |
169 | } | |
170 | else { | |
171 | # Allow developers to point at OpenSSL source... | |
172 | push @LIB_FLAGS, "-L$SSL_DIR"; | |
173 | } | |
174 | } | |
175 | ||
176 | push @LIB_FLAGS, qw(-lssleay32 -llibeay32); | |
177 | push @LIB_FLAGS, qw(-lRSAglue -lrsaref) if $pkg_config->{type} ne 'OpenSSL'; | |
178 | } | |
179 | else { | |
180 | push @INC_FLAGS, "-I$pkg_config->{inc}"; | |
181 | ||
182 | push @LIB_FLAGS, "-L$pkg_config->{lib}", qw(-lssl -lcrypto -lgcc); | |
183 | push @LIB_FLAGS, qw(-lRSAglue -lrsaref) if $pkg_config->{type} ne 'OpenSSL'; | |
184 | ||
185 | # ccc on alpha support | |
186 | if ($^O eq 'linux' | |
187 | and `uname -m` =~ /alpha/ | |
188 | and !(system("nm $SSL_DIR/lib/libssl.a|grep -q 'U _Ots'")>>8) | |
189 | ) { | |
190 | push @LIB_FLAGS, '-lots'; | |
191 | } | |
192 | ||
193 | # this fix was suggested for building on RedHat 9 | |
194 | push @INC_FLAGS, '-I/usr/kerberos/include' if -d '/usr/kerberos/include'; | |
195 | } | |
196 | ||
197 | # write include file that determines ssl support | |
198 | # we need to include crypto.h for SSLeay so the version gets picked up in SSLeay.xs | |
199 | ||
200 | open(INCLUDE, ">crypt_ssleay_version.h") || die("can't open crypt_ssleay_version.h for writing: $!"); | |
201 | print INCLUDE <<"INFO"; | |
202 | #include "$pkg_config->{prefix}ssl.h" | |
203 | #include "$pkg_config->{prefix}crypto.h" | |
204 | #include "$pkg_config->{prefix}err.h" | |
205 | #include "$pkg_config->{prefix}rand.h" | |
206 | #include "$pkg_config->{prefix}pkcs12.h" | |
207 | ||
208 | INFO | |
209 | ||
210 | if ($] < 5.005) { | |
211 | print "adding PL_sv_undef symbol for this ancient perl installation"; | |
212 | print INCLUDE <<"INFO"; | |
213 | /* defining PL_sv_undef for very old perls ($]) */ | |
214 | #ifndef PL_sv_undef | |
215 | #define PL_sv_undef sv_undef | |
216 | #endif | |
217 | ||
218 | INFO | |
219 | } | |
220 | ||
221 | if ($pkg_config->{type} eq 'OpenSSL') { | |
222 | # OPENSSL_free defined in OpenSSL 0.9.6 and higher | |
223 | if ($pkg_config->{ver} =~ /\b0\.9\.[2-5]/) { | |
224 | print INCLUDE "#define CRYPT_SSLEAY_free free\n"; | |
225 | } | |
226 | else { | |
227 | print INCLUDE "#define CRYPT_SSLEAY_free OPENSSL_free\n"; | |
228 | } | |
229 | } | |
230 | else { | |
231 | print INCLUDE "#define CRYPT_SSLEAY_free free\n"; | |
232 | } | |
233 | ||
234 | close INCLUDE or die "Cannot close crypt_ssleay_version.h for output: $!\n"; | |
235 | ||
236 | print <<"INFO"; | |
237 | ||
238 | BUILD INFORMATION | |
239 | ================================================ | |
240 | ssl library: $pkg_config->{type} $pkg_config->{ver} in $SSL_DIR | |
241 | ssl header: $pkg_config->{prefix}ssl.h | |
242 | libraries: @LIB_FLAGS | |
243 | include dir: @INC_FLAGS | |
244 | ================================================ | |
245 | INFO | |
246 | ||
247 | my @license = | |
248 | do { | |
249 | my $version = $ExtUtils::MakeMaker::VERSION; | |
250 | $version =~ tr/_//d; | |
251 | $version} > 6.30 | |
252 | ? qw(LICENSE perl) | |
253 | : (); | |
24 | my $pkg_config = select_ssl_dir(); | |
25 | ||
26 | if ( $^O eq 'MSWin32' ) { | |
27 | fix_win32_paths( $pkg_config ); | |
28 | } | |
29 | ||
30 | my @INC_FLAGS = inc_flags( $pkg_config ); | |
31 | my @LIB_FLAGS = lib_flags( $pkg_config ); | |
32 | ||
33 | # write include file that determines ssl support we need to include crypto.h | |
34 | # for SSLeay so the version gets picked up in SSLeay.xs | |
35 | ||
36 | write_crypt_ssleay_version_h( $pkg_config ); | |
37 | ||
38 | show_build_information( $pkg_config, \@INC_FLAGS, \@LIB_FLAGS); | |
39 | ||
40 | my @license = do { | |
41 | my $version = $ExtUtils::MakeMaker::VERSION; | |
42 | $version =~ tr/_//d; | |
43 | $version | |
44 | } > 6.3 ? (LICENSE => 'perl') | |
45 | : (); | |
254 | 46 | |
255 | 47 | WriteMakefile( |
256 | 48 | NAME => 'Crypt::SSLeay', |
257 | AUTHOR => 'David Landgren', | |
49 | AUTHOR => 'A. Sinan Unur <nanis@cpan.org>', | |
258 | 50 | ABSTRACT_FROM => 'SSLeay.pm', |
259 | 51 | VERSION_FROM => 'SSLeay.pm', |
260 | 52 | LIBS => ["@LIB_FLAGS"], |
261 | 53 | INC => "@INC_FLAGS", |
262 | 54 | NEEDS_LINKING => 1, |
55 | PREREQ_PM => { | |
56 | 'MIME::Base64' => 0, # for Net::SSL | |
57 | }, | |
263 | 58 | clean => { |
264 | 59 | FILES => 'crypt_ssleay_version.h test.config', |
265 | 60 | }, |
266 | 61 | @license, |
267 | 62 | ); |
268 | 63 | |
269 | if (open OUT, '> test.config') { | |
270 | print OUT <<"INFO"; | |
271 | ssl $pkg_config->{type} $pkg_config->{ver} in $SSL_DIR | |
272 | lib @LIB_FLAGS | |
273 | inc @INC_FLAGS | |
274 | cc $Config{cc} | |
275 | INFO | |
276 | ||
277 | print <<"INFO"; | |
278 | The test suite can attempt to connect to public servers | |
279 | to ensure that the code is working properly. If you are | |
280 | behind a strict firewall or have no network connectivity, | |
281 | these tests may fail (through no fault of the code). | |
282 | ||
283 | INFO | |
284 | my $network_tests = prompt | |
285 | "Do you want to run the live tests (y/N) ?", | |
286 | 'N'; | |
287 | print OUT "network_tests ", ($network_tests =~ /y/i) ? 1 : 0, "\n"; | |
288 | close OUT; | |
289 | } | |
64 | write_test_config($pkg_config); | |
290 | 65 | |
291 | 66 | ## HELPERS |
292 | 67 | |
294 | 69 | my $dir = shift; |
295 | 70 | return unless -d $dir; |
296 | 71 | |
297 | my $inc_dir; | |
298 | my $version_file; | |
299 | for ( | |
300 | "$dir/inc32/openssl/opensslv.h", # old win32 builds | |
301 | "$dir/crypto/opensslv.h", # cygwin32 builds | |
302 | "$dir/include/openssl/opensslv.h", | |
303 | "$dir/../include/openssl/opensslv.h", # Solaris | |
304 | "$dir/include/opensslv.h", | |
305 | "$dir/include/crypto.h" | |
306 | ) { | |
307 | if (-e $_) { | |
308 | $version_file = $_; | |
309 | last; | |
310 | } | |
311 | } | |
72 | my $version_file = find_version_file($dir); | |
312 | 73 | return unless defined $version_file; |
74 | ||
313 | 75 | my $fingerprint = join(':', (stat $version_file)[0,1]); |
314 | 76 | |
315 | my $open_ssl = ($version_file =~ /openssl/i) ? 1 : 0; | |
316 | $inc_dir = dirname($version_file); | |
77 | my $inc_dir = dirname $version_file; | |
317 | 78 | return unless -e "$inc_dir/ssl.h"; |
318 | 79 | |
319 | 80 | my $prefix; |
320 | if ($^O eq 'MSWin32') { | |
321 | $inc_dir =~ s{[\\/]openssl\z}{}; | |
322 | $prefix = 'openssl/'; | |
323 | } | |
324 | elsif (index($inc_dir, '/../') > -1) { | |
325 | # OpenSSL include directory is in a sibling directory | |
326 | $inc_dir =~ s{\/openssl\z}{}; | |
327 | $prefix = 'openssl/'; | |
81 | if ( 'openssl' eq lc basename $inc_dir ) { | |
82 | $prefix = 'openssl/'; | |
83 | $inc_dir = dirname $inc_dir; | |
328 | 84 | } |
329 | 85 | else { |
330 | $prefix = ($inc_dir =~ /\bopenssl/i) ? 'openssl/' : ''; | |
331 | } | |
332 | ||
333 | open(VERSION_FILE, $version_file) or return; | |
334 | my $version_match = $open_ssl ? "OPENSSL_VERSION_NUMBER" : "SSLEAY_VERSION_NUMBER"; | |
335 | my $version; | |
336 | my $type; | |
337 | while (<VERSION_FILE>) { | |
338 | if (/^#define\s+$version_match\s+0x0+(\d\d\d)/) { | |
339 | $version = $1; | |
340 | $version =~ s/(\d)0(\d)/$1$2/; | |
341 | $type = ($version > 92) ? "OpenSSL" : "SSLeay"; | |
342 | $version = join('.', split(//, "0$version")); | |
343 | last; | |
344 | } | |
345 | } | |
346 | close(VERSION_FILE); | |
86 | $prefix = ''; | |
87 | } | |
88 | ||
89 | my ($type, $version) = get_type_and_version( $version_file ); | |
347 | 90 | |
348 | 91 | # Silly test to look for the library files |
349 | 92 | my $found_lib; |
350 | 93 | my $libd; |
351 | my $subdir = $opt_static ? 'out32' : 'out32dll'; | |
94 | my $subdir = $OPT_STATIC ? 'out32' : 'out32dll'; | |
352 | 95 | if (-d "$dir/$subdir") { |
353 | 96 | $libd = [$subdir]; |
354 | 97 | } |
355 | 98 | elsif ($^O eq 'MSWin32' and $Config{cc} eq 'gcc') { |
356 | $libd = ['lib/MinGW']; | |
99 | # don't miss c:\strawberry\c\lib | |
100 | $libd = ['lib', 'lib/MinGW']; | |
357 | 101 | } |
358 | 102 | else { |
359 | 103 | # second attempt is for Solaris, like the include directory, the |
391 | 135 | }; |
392 | 136 | } |
393 | 137 | |
138 | sub parse_openssl_version { | |
139 | my ($vstr) = @_; | |
140 | ||
141 | # 0.9.6 or later : MNNFFPPS : major, minor, fix, patch, status (0-f) | |
142 | # 0.9.5a to before 0.9.6 : high bit of PP is set in MNNFFPPS | |
143 | # 0.9.3-dev to before 0.9.5a : MNNFFRBB : major, minor, fix, status (0-1), beta | |
144 | # prior to 0.9.3-dev, MNFP | |
145 | ||
146 | if ( $vstr =~ /^(?:[1-9]|0090[6-9])/ ) { | |
147 | return ( OpenSSL => parse_openssl_v096_or_later( $vstr ) ); | |
148 | } | |
149 | elsif ( $vstr =~ /^00905[8-9]/ ) { | |
150 | return ( OpenSSL => parse_openssl_v095a_096( $vstr ) ); | |
151 | } | |
152 | elsif ( $vstr =~ /^0090[3-5][01]/ ) { | |
153 | return ( OpenSSL => parse_openssl_v093dev_095a( $vstr ) ); | |
154 | } | |
155 | else { | |
156 | return ( SSLeay => parse_openssl_pre_v093dev( $vstr ) ); | |
157 | } | |
158 | return; | |
159 | } | |
160 | ||
161 | sub parse_openssl_v096_or_later { | |
162 | my ($vstr) = @_; | |
163 | ||
164 | # 0.9.6 or later : MNNFFPPS : major, minor, fix, patch, status (0-f) | |
165 | return unless my @v = $vstr =~ /^(.)(..)(..)(..)(.)$/; | |
166 | ||
167 | my ($major, $minor, $fix, $patch, $status) = map hex, @v; | |
168 | ||
169 | $patch = $patch ? chr( ord('a') + $patch - 1 ) : ''; | |
170 | ||
171 | if ( $status == 0 ) { $status = '-dev' } | |
172 | elsif ( $status == 15 ) { $status = '' } | |
173 | else { $status = "-beta$status" } | |
174 | return sprintf( '%u.%u.%u%s%s', $major, $minor, $fix, $patch, $status); | |
175 | } | |
176 | ||
177 | sub parse_openssl_v095a_096 { | |
178 | my ($vstr) = @_; | |
179 | ||
180 | # 0.9.5a to before 0.9.6 : | |
181 | # high bit of PP is set in MNNFFPPS | |
182 | ||
183 | return parse_openssl_v096_or_later( | |
184 | sprintf '%08x', hex($vstr) & 0xfffff7ff | |
185 | ); | |
186 | } | |
187 | ||
188 | sub parse_openssl_v093dev_095a { | |
189 | my ($vstr) = @_; | |
190 | ||
191 | # 0.9.3-dev to before 0.9.5a | |
192 | # MNNFFRBB : major, minor, fix, status (0-1), beta | |
193 | ||
194 | return unless my @v = $vstr =~ /^(0)(09)(0[3-5])([0-1])(..)$/; | |
195 | ||
196 | my ($major, $minor, $fix, $status, $patch) = map hex, @v; | |
197 | ||
198 | $patch = $patch ? chr( ord('a') + $patch - 1 ) : ''; | |
199 | $status = $status ? '' : '-dev'; | |
200 | return sprintf( '%u.%u.%u%s%s', $major, $minor, $fix, $patch, $status ); | |
201 | } | |
202 | ||
203 | sub parse_openssl_pre_v093dev { | |
204 | my ($vstr) = @_; | |
205 | ||
206 | # prior to 0.9.3-dev, | |
207 | # MNFP : major, minor, fix, patch | |
208 | ||
209 | return unless my @v = $vstr =~ /^(0)(9)([12])([0-9])$/; | |
210 | ||
211 | my ($major, $minor, $fix, $patch) = map hex, @v; | |
212 | ||
213 | $patch = $patch ? chr( ord('a') + $patch - 1 ) : ''; | |
214 | return sprintf( '%u.%u.%u%s', $major, $minor, $fix, $patch ); | |
215 | } | |
216 | ||
217 | sub find_version_file { | |
218 | my $dir = shift; | |
219 | ||
220 | for my $file ( | |
221 | "$dir/inc32/openssl/opensslv.h", # old win32 builds | |
222 | "$dir/crypto/opensslv.h", # cygwin32 builds | |
223 | "$dir/include/openssl/opensslv.h", | |
224 | "$dir/../include/openssl/opensslv.h", # Solaris | |
225 | "$dir/include/opensslv.h", | |
226 | "$dir/include/crypto.h" | |
227 | ) { | |
228 | return $file if -e $file; | |
229 | } | |
230 | return; | |
231 | } | |
232 | ||
233 | sub get_type_and_version { | |
234 | my $version_file = shift; | |
235 | my ($type, $version); | |
236 | ||
237 | open VERSION_FILE, $version_file or return; | |
238 | ||
239 | # Changed version number matching because | |
240 | # #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER | |
241 | # in crypto/crypto.h in at least some early versions of OpenSSL | |
242 | while (<VERSION_FILE>) { | |
243 | next unless my ($vstr) = | |
244 | /^#define\s+(?:OPENSSL|SSLEAY)_VERSION_NUMBER\s+0x([0-9A-Fa-f]+)/; | |
245 | ||
246 | ($type, $version) = parse_openssl_version( $vstr ); | |
247 | last if defined $version; | |
248 | die "Failed to parse OpenSSL version '$vstr'" unless defined $version; | |
249 | } | |
250 | close VERSION_FILE; | |
251 | return ($type, $version); | |
252 | } | |
253 | ||
254 | sub win32_ssl_dirs { | |
255 | return ( | |
256 | 'c:\\openssl', | |
257 | # $Config{usrinc} points to an include directory. Use dirname | |
258 | # so the lib directory is picked up correctly | |
259 | -d $Config{usrinc} ? dirname $Config{usrinc} : (), | |
260 | # pre-Oct2009 Strawberry Perl | |
261 | $Config{prefix}, | |
262 | "$Config{prefix}\\..\\c", | |
263 | ); | |
264 | } | |
265 | ||
266 | sub vms_ssl_dirs { | |
267 | return ( | |
268 | '/ssl$root', | |
269 | ); | |
270 | } | |
271 | ||
272 | sub unix_ssl_dirs { | |
273 | return qw( | |
274 | /local | |
275 | /local/ssl | |
276 | /opt/ssl | |
277 | /usr | |
278 | /usr/local | |
279 | /usr/local/ssl | |
280 | /usr/local/openssl | |
281 | ); | |
282 | } | |
283 | ||
284 | sub print_ssl_dir_not_found { | |
285 | my @possible_ssl_dirs = @_; | |
286 | ||
287 | print '=' x 72, "\n"; | |
288 | print <<"INFO"; | |
289 | No installed SSL libraries found in any of the following places. | |
290 | INFO | |
291 | print " $_\n" for @possible_ssl_dirs; | |
292 | print <<"INFO"; | |
293 | You will have to either specify a directory location at the following | |
294 | prompt, or rerun the Makefile.PL program and use the --lib switch | |
295 | to specify the path. If the path in question is considered standard | |
296 | on your platform, please consider filing a bug report in order to | |
297 | have it taken into account in a subsequent version of Crypt::SSLeay. | |
298 | ||
299 | INFO | |
300 | ||
301 | if (-f '/etc/debian_version') { | |
302 | print <<"DEBIAN_INFO"; | |
303 | ||
304 | It looks like this host is running Debian. Crypt::SSLeay needs | |
305 | to be compiled with C headers provided by the libssl-dev package. | |
306 | Please install that package before trying to build this module. | |
307 | (You can always deinstall the package afterwards, once | |
308 | Crypt::SSLeay has been built). | |
309 | DEBIAN_INFO | |
310 | } | |
311 | } | |
312 | ||
313 | sub write_crypt_ssleay_version_h { | |
314 | my $pkg_config = shift; | |
315 | my $prefix = $pkg_config->{prefix}; | |
316 | ||
317 | my @include = map { "#include<$prefix$_>" } | |
318 | qw(ssl.h crypto.h err.h rand.h pkcs12.h); | |
319 | ||
320 | if ($] < 5.005) { | |
321 | print "adding PL_sv_undef symbol for this ancient perl installation"; | |
322 | push @include, ( | |
323 | '/* defining PL_sv_undef for very old perls ($]) */', | |
324 | '#ifndef PL_sv_undef', | |
325 | '#define PL_sv_undef sv_undef', | |
326 | '#endif', | |
327 | '', | |
328 | ); | |
329 | } | |
330 | ||
331 | my $free; | |
332 | if ( $pkg_config->{type} eq 'OpenSSL' | |
333 | and $pkg_config->{ver} !~ /\b0\.9\.[2-5]/ ) { | |
334 | $free = 'OPENSSL_free'; | |
335 | } | |
336 | else { | |
337 | $free = 'free'; | |
338 | } | |
339 | push @include, "#define CRYPT_SSLEAY_free $free"; | |
340 | ||
341 | open INCLUDE, '>crypt_ssleay_version.h' | |
342 | or die "can't open crypt_ssleay_version.h for writing: $!"; | |
343 | ||
344 | print INCLUDE map { "$_\n" } @include; | |
345 | ||
346 | close INCLUDE | |
347 | or die "Cannot close crypt_ssleay_version.h for output: $!\n"; | |
348 | } | |
349 | ||
350 | sub possible_ssl_dirs { | |
351 | if (defined $OPT_LIBPATH) { | |
352 | # explicit from command-line | |
353 | $OPT_DEFAULT = 1; | |
354 | return ($OPT_LIBPATH); | |
355 | } | |
356 | return win32_ssl_dirs() if $^O eq 'MSWin32'; | |
357 | return vms_ssl_dirs() if $^O eq 'VMS'; | |
358 | ||
359 | # Unix and the rest | |
360 | return unix_ssl_dirs(); | |
361 | } | |
362 | ||
363 | sub candidate_ssl_dirs { | |
364 | my %seen; | |
365 | return | |
366 | grep { !$seen{$_->{check}}++ } | |
367 | map { Candidate($_) } | |
368 | @_; | |
369 | } | |
370 | ||
371 | sub select_ssl_dir { | |
372 | my @possible_ssl_dirs = possible_ssl_dirs(); | |
373 | my @candidate = candidate_ssl_dirs( @possible_ssl_dirs ); | |
374 | if (@candidate == 0) { | |
375 | $OPT_DEFAULT = 0; | |
376 | print_ssl_dir_not_found( @possible_ssl_dirs ); | |
377 | } | |
378 | ||
379 | if (@candidate == 1) { | |
380 | return $candidate[0] if $OPT_DEFAULT; | |
381 | print <<"INFO"; | |
382 | ======================================================= | |
383 | Only one $candidate[0]->{type} installation found at $candidate[0]->{dir} | |
384 | Consider running 'perl Makefile.PL --default' the next | |
385 | time Crypt::SSLeay is upgraded to select this directory | |
386 | automatically thereby avoiding the following prompt. | |
387 | ======================================================= | |
388 | INFO | |
389 | ||
390 | } | |
391 | else { | |
392 | print "Found multiple possibilities for OpenSSL\n"; | |
393 | for my $c (@candidate) { | |
394 | print " $c->{dir} ($c->{type} $c->{ver})\n"; | |
395 | } | |
396 | } | |
397 | ||
398 | my %cand = map { $_->{dir} => { %$_ } } @candidate; | |
399 | my $ssl_dir = prompt "Which SSL install path do you want to use?", | |
400 | $candidate[0]->{dir}; | |
401 | ||
402 | return $cand{$ssl_dir} if exists $cand{$ssl_dir}; | |
403 | ||
404 | my $pkg_config = Candidate($ssl_dir); | |
405 | return $pkg_config if $pkg_config; | |
406 | ||
407 | warn <<"INFO"; | |
408 | $ssl_dir does not appear to be an SSL library installation, since | |
409 | the required header files were not found. The build cannot proceed. | |
410 | INFO | |
411 | # avoid failure reports from CPAN Testers when OpenSSL was not found | |
412 | exit 0; | |
413 | } | |
414 | ||
415 | sub inc_flags { | |
416 | return vms_inc_flags( @_ ) if $^O eq 'VMS'; | |
417 | return win32_inc_flags( @_ ) if $^O eq 'MSWin32'; | |
418 | return unix_inc_flags( @_ ); | |
419 | } | |
420 | ||
421 | sub vms_inc_flags { | |
422 | my $pkg_config = shift; | |
423 | return ( "-I$pkg_config->{inc}" ); | |
424 | } | |
425 | ||
426 | sub win32_inc_flags { | |
427 | my $pkg_config = shift; | |
428 | my $ssl_dir = $pkg_config->{dir}; | |
429 | my $inc_dir = $pkg_config->{inc}; | |
430 | ||
431 | return ( | |
432 | "-I$inc_dir", | |
433 | -d "$ssl_dir/inc32" ? "-I$ssl_dir\\inc32" : (), | |
434 | ); | |
435 | } | |
436 | ||
437 | sub unix_inc_flags { | |
438 | my $pkg_config = shift; | |
439 | ||
440 | my @flags = ("-I$pkg_config->{inc}"); | |
441 | # this fix was suggested for building on RedHat 9 | |
442 | push @flags, '-I/usr/kerberos/include' if -d '/usr/kerberos/include'; | |
443 | return @flags; | |
444 | } | |
445 | ||
446 | sub lib_flags { | |
447 | return vms_lib_flags( @_ ) if $^O eq 'VMS'; | |
448 | return win32_lib_flags( @_ ) if $^O eq 'MSWin32'; | |
449 | return unix_lib_flags( @_ ); | |
450 | } | |
451 | ||
452 | sub vms_lib_flags { | |
453 | my $pkg_config = shift; | |
454 | return qw(-L/SYS$SHARE -lSSL$LIBSSL_SHR32 -lSSL$LIBCRYPTO_SHR32); | |
455 | } | |
456 | ||
457 | sub win32_lib_flags { | |
458 | my $pkg_config = shift; | |
459 | my $ssl_dir = $pkg_config->{dir}; | |
460 | ||
461 | my $mingw = $Config{cc} =~ /gcc(?:\.exe)?\z/; | |
462 | $mingw and print "Assuming MingW\n"; | |
463 | ||
464 | my @flags; | |
465 | ||
466 | if ($mingw and -d "$ssl_dir\\lib\\MinGW") { | |
467 | push @flags, "-L$ssl_dir\\lib\\MinGW"; | |
468 | } | |
469 | elsif(-d "$ssl_dir/lib") { | |
470 | push @flags, "-L$ssl_dir\\lib"; | |
471 | } | |
472 | else { | |
473 | my $dir = $OPT_STATIC ? "$ssl_dir\\out32" : "$ssl_dir\\out32dll"; | |
474 | if (-d $dir) { | |
475 | push @flags, "-L$dir"; | |
476 | } | |
477 | else { | |
478 | # Allow developers to point at OpenSSL source... | |
479 | push @flags, "-L$ssl_dir"; | |
480 | } | |
481 | } | |
482 | ||
483 | push @flags, qw(-lssleay32 -llibeay32); | |
484 | push @flags, qw(-lRSAglue -lrsaref) if $pkg_config->{type} ne 'OpenSSL'; | |
485 | return @flags; | |
486 | } | |
487 | ||
488 | sub unix_lib_flags { | |
489 | my $pkg_config = shift; | |
490 | my $dir = $pkg_config->{dir}; | |
491 | ||
492 | my @flags = ( | |
493 | "-L$pkg_config->{lib}", | |
494 | qw(-lssl -lcrypto -lgcc), | |
495 | $pkg_config->{type} ne 'OpenSSL' ? qw(-lRSAglue -lrsaref) : (), | |
496 | ); | |
497 | ||
498 | # ccc on alpha support | |
499 | if ($^O eq 'linux' | |
500 | and `uname -m` =~ /alpha/ | |
501 | and !(system("nm $dir/lib/libssl.a|grep -q 'U _Ots'")>>8) | |
502 | ) { | |
503 | push @flags, '-lots'; | |
504 | } | |
505 | ||
506 | return @flags; | |
507 | } | |
508 | ||
509 | sub write_test_config { | |
510 | my $pkg_config = shift; | |
511 | ||
512 | open OUT, '> test.config' | |
513 | or die "Cannot write test config: $!"; | |
514 | ||
515 | print OUT <<"INFO"; | |
516 | ssl $pkg_config->{type} $pkg_config->{ver} in $pkg_config->{dir}; | |
517 | lib @LIB_FLAGS | |
518 | inc @INC_FLAGS | |
519 | cc $Config{cc} | |
520 | INFO | |
521 | ||
522 | print OUT "network_tests ", is_live_test_wanted() ? 1 : 0, "\n"; | |
523 | close OUT | |
524 | or die "Cannot write test.config: $!"; | |
525 | return; | |
526 | } | |
527 | ||
528 | sub is_live_test_wanted { | |
529 | my $wanted = 'n'; | |
530 | if (not defined $OPT_LIVE_TESTS) { | |
531 | print <<"INFO"; | |
532 | The test suite can attempt to connect to public servers | |
533 | to ensure that the code is working properly. If you are | |
534 | behind a strict firewall or have no network connectivity, | |
535 | these tests may fail (through no fault of the code). | |
536 | INFO | |
537 | $wanted = prompt "Do you want to run the live tests (y/N)?", 'N'; | |
538 | } | |
539 | elsif ($OPT_LIVE_TESTS) { | |
540 | $wanted = 'y'; | |
541 | } | |
542 | ||
543 | return $wanted =~ /\Ay(?:es)?/i; | |
544 | } | |
545 | ||
546 | sub fix_win32_paths { | |
547 | my $pkg_config = shift; | |
548 | ||
549 | for my $dir ($pkg_config->{dir}, $pkg_config->{inc}) { | |
550 | # external tools probably expect \ and not / for path separators | |
551 | $dir =~ tr{/}{\\}; | |
552 | ||
553 | # default to drive C: if no drive or relative path | |
554 | unless ( $dir =~ m{\A(?:[A-Za-z]:|\.\.[\\/])} ) { | |
555 | $dir = "c:$dir"; | |
556 | } | |
557 | } | |
558 | return; | |
559 | } | |
560 | ||
561 | sub show_build_information { | |
562 | my ($pkg_config, $inc_flags, $lib_flags) = @_; | |
563 | print <<"INFO"; | |
564 | ||
565 | BUILD INFORMATION | |
566 | ================================================ | |
567 | ssl library: $pkg_config->{type} $pkg_config->{ver} in $pkg_config->{dir} | |
568 | ssl header: $pkg_config->{prefix}ssl.h | |
569 | libraries: @$lib_flags | |
570 | include dir: @$inc_flags | |
571 | ================================================ | |
572 | INFO | |
573 | return; | |
574 | } |
0 | NAME | |
1 | Crypt::SSLeay - OpenSSL glue that provides LWP https support | |
2 | ||
3 | SYNOPSIS | |
4 | lwp-request https://www.example.com | |
5 | ||
6 | use LWP::UserAgent; | |
7 | my $ua = new LWP::UserAgent; | |
8 | my $req = new HTTP::Request('GET', 'https://www.example.com'); | |
9 | my $res = $ua->request($req); | |
10 | print $res->code."\n"; | |
11 | ||
12 | # PROXY SUPPORT | |
13 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
14 | ||
15 | # PROXY_BASIC_AUTH | |
16 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
17 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
18 | ||
19 | # DEBUGGING SWITCH / LOW LEVEL SSL DIAGNOSTICS | |
20 | $ENV{HTTPS_DEBUG} = 1; | |
21 | ||
22 | # DEFAULT SSL VERSION | |
23 | $ENV{HTTPS_VERSION} = '3'; | |
24 | ||
25 | # CLIENT CERT SUPPORT | |
26 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
27 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
28 | ||
29 | # CA CERT PEER VERIFICATION | |
30 | $ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt'; | |
31 | $ENV{HTTPS_CA_DIR} = 'certs/'; | |
32 | ||
33 | # CLIENT PKCS12 CERT SUPPORT | |
34 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
35 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
36 | ||
37 | DESCRIPTION | |
38 | This perl module provides support for the https protocol under LWP, so | |
39 | that a LWP::UserAgent can make https GET & HEAD & POST requests. Please | |
40 | see perldoc LWP for more information on POST requests. | |
41 | ||
42 | The Crypt::SSLeay package contains Net::SSL, which is automatically | |
43 | loaded by LWP::Protocol::https on https requests, and provides the | |
44 | necessary SSL glue for that module to work via these deprecated modules: | |
45 | ||
46 | Crypt::SSLeay::CTX | |
47 | Crypt::SSLeay::Conn | |
48 | Crypt::SSLeay::X509 | |
49 | ||
50 | Work on Crypt::SSLeay has been continued only to provide https support | |
51 | for the LWP - libwww perl libraries. If you want access to the OpenSSL | |
52 | API via perl, check out Sampo's Net::SSLeay. | |
53 | ||
54 | INSTALL | |
55 | OpenSSL | |
56 | You must have OpenSSL or SSLeay installed before compiling this module. | |
57 | You can get the latest OpenSSL package from: | |
58 | ||
59 | http://www.openssl.org | |
60 | ||
61 | On Debian systems, you will need to install the libssl-dev package, | |
62 | at least for the duration of the build (it may be removed afterwards). | |
63 | ||
64 | Other package-based systems may require something similar. The key is | |
65 | that Crypt::SSLeay makes calls to the OpenSSL library, and how to do | |
66 | so is specified in the C header files that come with the library. | |
67 | Some systems break out the header files into a separate package from | |
68 | that of the libraries. Once the program has been built, you don't | |
69 | need the headers any more. | |
70 | ||
71 | When installing openssl make sure your config looks like: | |
72 | ||
73 | ./config --openssldir=/usr/local/openssl | |
74 | or | |
75 | ./config --openssldir=/usr/local/ssl | |
76 | ||
77 | If you are planning on upgrading the default OpenSSL libraries on a | |
78 | system like RedHat, not that I would recommend this, then you might try | |
79 | something like: | |
80 | ||
81 | ./config --openssldir=/usr --shared | |
82 | ||
83 | The --shared option to config will set up building the .so shared | |
84 | libraries which is important for such systems. | |
85 | ||
86 | then | |
87 | make | |
88 | make test | |
89 | make install | |
90 | ||
91 | This way Crypt::SSLeay will pick up the includes and libraries | |
92 | automatically. If your includes end up going into a separate directory | |
93 | like /usr/local/include, then you may need to symlink | |
94 | /usr/local/openssl/include to /usr/local/include | |
95 | ||
96 | Crypt::SSLeay | |
97 | The latest Crypt::SSLeay can be found at your nearest CPAN, and also: | |
98 | ||
99 | http://www.perl.com/CPAN-local/modules/by-module/Crypt/ | |
100 | ||
101 | Once you have downloaded it, Crypt::SSLeay installs easily using the | |
102 | make or nmake commands as shown below. | |
103 | ||
104 | perl Makefile.PL | |
105 | make | |
106 | make test | |
107 | make install | |
108 | ||
109 | * use nmake or dmake for win32 | |
110 | ||
111 | For unattended (batch) installations, to be absolutely certain that | |
112 | F<Makefile.PL> does not prompt for questions on STDIN, set the | |
113 | following environment variable beforehand: | |
114 | ||
115 | PERL_MM_USE_DEFAULT=1 | |
116 | ||
117 | (This is true for any CPAN module that uses C<ExtUtils::MakeMaker>). | |
118 | ||
119 | Windows | |
120 | For Activestate users, the ActiveState company does not have a permit | |
121 | from the Canadian Federal Government to distribute cryptographic | |
122 | software. This prevents "Crypt::SSLeay" from being distributed as a PPM | |
123 | package from their repository. See | |
124 | <http://aspn.activestate.com/ASPN/docs/ActivePerl/5.8/faq/ActivePerl-faq2.html#crypto_packages> | |
125 | for more information on this issue. | |
126 | ||
127 | You may download it from Randy Kobes's PPM repository by using the | |
128 | following command: | |
129 | ||
130 | ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd | |
131 | ||
132 | An alternative is to add the uwinnipeg.ca PPM repository to your local | |
133 | installation. See <http://cpan.uwinnipeg.ca/htdocs/faqs/ppm.html> for | |
134 | more details. | |
135 | ||
136 | PROXY SUPPORT | |
137 | LWP::UserAgent and Crypt::SSLeay have their own versions of proxy | |
138 | support. Please read these sections to see which one may be right for | |
139 | you. | |
140 | ||
141 | LWP::UserAgent Proxy Support | |
142 | LWP::UserAgent has its own methods of proxying which may work for you | |
143 | and is likely incompatible with Crypt::SSLeay proxy support. To use | |
144 | LWP::UserAgent proxy support, try something like: | |
145 | ||
146 | my $ua = new LWP::UserAgent; | |
147 | $ua->proxy([qw( https http )], "$proxy_ip:$proxy_port"); | |
148 | ||
149 | At the time of this writing, libwww v5.6 seems to proxy https requests | |
150 | fine with an Apache mod_proxy server. It sends a line like: | |
151 | ||
152 | GET https://www.example.com HTTP/1.1 | |
153 | ||
154 | to the proxy server, which is not the CONNECT request that some proxies | |
155 | would expect, so this may not work with other proxy servers than | |
156 | mod_proxy. The CONNECT method is used by Crypt::SSLeay's internal proxy | |
157 | support. | |
158 | ||
159 | Crypt::SSLeay Proxy Support | |
160 | For native Crypt::SSLeay proxy support of https requests, you need to | |
161 | set an environment variable HTTPS_PROXY to your proxy server & port, as | |
162 | in: | |
163 | ||
164 | # PROXY SUPPORT | |
165 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
166 | $ENV{HTTPS_PROXY} = '127.0.0.1:8080'; | |
167 | ||
168 | Use of the HTTPS_PROXY environment variable in this way is similar to | |
169 | LWP::UserAgent->env_proxy() usage, but calling that method will likely | |
170 | override or break the Crypt::SSLeay support, so do not mix the two. | |
171 | ||
172 | Basic auth credentials to the proxy server can be provided this way: | |
173 | ||
174 | # PROXY_BASIC_AUTH | |
175 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
176 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
177 | ||
178 | For an example of LWP scripting with Crypt::SSLeay native proxy support, | |
179 | please see the source of the eg/lwp-ssl-test script in the Crypt::SSLeay | |
180 | distribution. | |
181 | ||
182 | CLIENT CERTIFICATE SUPPORT | |
183 | Certificate support is new provided by patches from Tobias Manthey. Is | |
184 | ALPHA as of .25, but looking pretty stable as of .29. | |
185 | ||
186 | PEM encoded certificate and private key files may be used like this: | |
187 | ||
188 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
189 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
190 | ||
191 | You may test your files with the eg/net-ssl-test program by issuing a | |
192 | command like: | |
193 | ||
194 | perl eg/net-ssl-test -cert=certs/notacacert.pem -key=certs/notacakeynopass.pem -d GET $HOST_NAME | |
195 | ||
196 | Additionally, if you would like to tell the client where the CA file is, | |
197 | you may set these. These *CA* configs are ALPHA as of version .29. | |
198 | ||
199 | $ENV{HTTPS_CA_FILE} = "some_file"; | |
200 | $ENV{HTTPS_CA_DIR} = "some_dir"; | |
201 | ||
202 | There is no sample CA cert file at this time for testing, but you may | |
203 | configure eg/net_ssl_test to use your CA cert with the -CAfile option. | |
204 | ||
205 | Creating a Test Certificate | |
206 | To create simple test certificates with openssl, you may: | |
207 | ||
208 | /usr/local/openssl/bin/openssl req -config /usr/local/openssl/openssl.cnf -new -days 365 -newkey rsa:1024 -x509 -keyout notacakey.pem -out notacacert.pem | |
209 | ||
210 | To remove the pass phrase from the key file, execute this: | |
211 | /usr/local/openssl/bin/openssl rsa -in notacakey.pem -out | |
212 | notacakeynopass.pem | |
213 | ||
214 | PKCS12 | |
215 | New as of version .45 is PKCS12 certificate support thanks to Daisuke | |
216 | Kuroda The directives for enabling use of these certificates is: | |
217 | ||
218 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
219 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
220 | ||
221 | Use of this type of certificate will take precedence over previous | |
222 | certificate settings described. | |
223 | ||
224 | SSL VERSIONS | |
225 | Crypt::SSLeay tries very hard to connect to ANY SSL web server trying to | |
226 | accomodate servers that are buggy, old or simply not standards | |
227 | compliant. To this effect, this module will try SSL connections in this | |
228 | order: | |
229 | ||
230 | SSL v23 - should allow v2 & v3 servers to pick their best type | |
231 | SSL v3 - best connection type | |
232 | SSL v2 - old connection type | |
233 | ||
234 | Unfortunately, some servers seem not to handle a reconnect to SSL v3 | |
235 | after a failed connect of SSL v23 is tried, so you may set before using | |
236 | LWP or Net::SSL: | |
237 | ||
238 | $ENV{HTTPS_VERSION} = 3; | |
239 | ||
240 | so that a SSL v3 connection is tried first. At this time only a SSL v2 | |
241 | connection will be tried after this, as the connection attempt order | |
242 | remains unchanged by this setting. | |
243 | ||
244 | COMPATIBILITY | |
245 | This module has been compiled on the following platforms: | |
246 | ||
247 | PLATFORM CPU SSL PERL VER DATE WHO | |
248 | -------- --- --- ---- --- ---- --- | |
249 | Linux 2.4.7 x86 OpenSSL 0.9.7 5.00800 .51 2003-06-10 Joshua Chamas | |
250 | Linux 2.4.7 x86 OpenSSL 0.9.6g 5.00800 .49 2003-01-29 Joshua Chamas | |
251 | Win2000 SP2 x86 OpenSSL 0.9.7 5.00601 .49 2003-01-29 Joshua Chamas | |
252 | WinNT SP6 x86 OpenSSL 0.9.6a 5.00601 .45 2002-08-01 Joshua Chamas | |
253 | Linux 2.4.7 x86 OpenSSL 0.9.6d 5.00800 .45 2002-08-01 Joshua Chamas | |
254 | Linux 2.4.7 x86 OpenSSL 0.9.6 5.00601 .39 2002-06-23 Joshua Chamas | |
255 | Solaris 2.8 Sparc ? 5.00503 .37 2002-05-31 Christopher Biow | |
256 | OpenBSD 2.8 Sparc ? 5.00600 .25 2001-04-11 Tim Ayers | |
257 | Linux 2.2.14 x86 OpenSSL 0.9.6 5.00503 .25 2001-04-10 Joshua Chamas | |
258 | WinNT SP6 x86 OpenSSL 0.9.4 5.00404 .25 2001-04-10 Joshua Chamas | |
259 | Solaris 2.7 Sparc OpenSSL 0.9.6 5.00503 .22 2001-03-01 Dave Paris | |
260 | AIX 4.3.2 RS/6000 OpenSSL 0.9.6 5.6.0 .19 2001-01-08 Peter Heimann | |
261 | Solaris 2.6 x86 OpenSSL 0.9.5a 5.00501 .17 2000-09-04 Joshua Chamas | |
262 | Linux 2.2.12 x86 OpenSSL 0.9.5a 5.00503 .16 2000-07-13 David Harris | |
263 | FreeBSD 3.2 ?x86 OpenSSL 0.9.2b 5.00503 ? 1999-09-29 Rip Toren | |
264 | Solaris 2.6 ?Sparc OpenSSL 0.9.4 5.00404 ? 1999-08-24 Patrick Killelea | |
265 | FreeBSD 2.2.5 x86 OpenSSL 0.9.3 5.00404 ? 1999-08-19 Andy Lee | |
266 | Solaris 2.5.1 USparc OpenSSL 0.9.4 5.00503 ? 1999-08-18 Marek Rouchal | |
267 | Solaris 2.6 x86 SSLeay 0.8.0 5.00501 ? 1999-08-12 Joshua Chamas | |
268 | Linux 2.2.10 x86 OpenSSL 0.9.4 5.00503 ? 1999-08-11 John Barrett | |
269 | WinNT SP4 x86 SSLeay 0.9.2 5.00404 ? 1999-08-10 Joshua Chamas | |
270 | ||
271 | BUILD NOTES | |
272 | Win32, WinNT, Win2000, can't build | |
273 | If you cannot get it to build on your windows box, try ActiveState perl, | |
274 | at least their builds 522 & 618 are known to have a ppm install of | |
275 | Crypt::SSLeay available. Please see http://www.activestate.com for more | |
276 | info. | |
277 | ||
278 | AIX 4.3.2 - Symbol Error: __umoddi3 : referenced symbol not found | |
279 | The __umoddi3 problem applies here as well when compiling with gcc. | |
280 | ||
281 | Alternative solution: In Makefile.PL, prepend "-L"/usr/local/<path to | |
282 | your gcc lib>/<version> to the $LIBS value. Add after line 82: | |
283 | ||
284 | $LIBS = '-L' . dirname(`gcc -print-libgcc-file-name`) . ' ' . $LIBS; | |
285 | ||
286 | Solaris x86 - Symbol Error: __umoddi3 : referenced symbol not found | |
287 | Problem: | |
288 | ||
289 | On Solaris x86, the default PERL configuration, and preferred, is to use | |
290 | the ld linker that comes with the OS, not gcc. Unfortunately during the | |
291 | OpenSSL build process, gcc generates in libcrypto.a, from bn_word.c, the | |
292 | undefined symbol __umoddi3, which is supposed to be later resolved by | |
293 | gcc from libgcc.a | |
294 | ||
295 | The system ld linker does not know about libgcc.a by default, so when | |
296 | building Crypt::SSLeay, there is a linker error for __umoddi3 | |
297 | ||
298 | Solution: | |
299 | ||
300 | The fix for this symlink your libgcc.a to some standard directory like | |
301 | /usr/local/lib, so that the system linker, ld, can find it when building | |
302 | Crypt::SSLeay. | |
303 | ||
304 | FreeBSD 2.x.x / Solaris - ... des.h:96 #error _ is defined ... | |
305 | If you encounter this error: "...des.h:96: #error _ is defined, but some | |
306 | strange definition the DES library cannot handle that...," then you need | |
307 | to edit the des.h file and comment out the "#error" line. | |
308 | ||
309 | Its looks like this error might be common to other operating systems, | |
310 | and that occurs with OpenSSL 0.9.3. Upgrades to 0.9.4 seem to fix this | |
311 | problem. | |
312 | ||
313 | SunOS 4.1.4, Perl 5.004_04 - ld.so: Undefined symbol: _CRYPT_mem_ctrl | |
314 | Problems: (initial build was fine, but execution of Perl scripts had | |
315 | problems) | |
316 | ||
317 | Got a message "ld.so: Undefined symbol: _CRYPT_mem_ctrl" solution: In | |
318 | the Makefile, comment out the line with "-fpic" (also try changing to | |
319 | "-fPIC", and this works also, not sure if one is preferred). | |
320 | ||
321 | OTHER MODULES | |
322 | ||
323 | A number of CPAN modules list Crypt-SSLeay as a pre-requisite. As of | |
324 | March 2007, this list included | |
325 | ||
326 | Acme-SDUM-Renew ROOT | |
327 | ASNMTAP ASNMTAP | |
328 | Business-Billing-TMobile-UK SRSHAH | |
329 | Business-OnlinePayment-Protx TEEJAY | |
330 | Business-PayPal-IPN SHERZODR | |
331 | Finance-Bank-CreditMut CBOUVI | |
332 | Finance-Bank-Fubon-TW AUTRIJUS | |
333 | Finance-Bank-HDFC ROHAN | |
334 | Finance-Quote HAMPTON | |
335 | Finance-SE-PPM ERWAN | |
336 | GMail-IMAPD KRS | |
337 | Google-Checkout DZHUO | |
338 | Hey-heyPass WILSOND | |
339 | HTTP-QuickBase CVONROES | |
340 | Mail-Webmail-Gmail MINCUS | |
341 | Module-Release BDFOY | |
342 | Net-Artera IVAN | |
343 | Net-eBay ICHUDOV | |
344 | Net-SMS-MessageNet DDICK | |
345 | Net-SMS-MessageNet DDICK | |
346 | Net-SMS-O2 AWRIGLEY | |
347 | Net-SMS-Optimus ROOT | |
348 | Net-SMS-PChome SNOWFLY | |
349 | Net-UPS SHERZODR | |
350 | Net-XRC IVAN | |
351 | o2sms MACKERS | |
352 | WebService-CIA IMALPASS | |
353 | WWW-FleXtel NICOLAW | |
354 | WWW-GMail XANTUS | |
355 | WWW-Hotmail XANTUS | |
356 | WWW-Mail15 REFLOG | |
357 | WWW-Myspace GRANTG | |
358 | WWW-Postini PGUZIS | |
359 | WWW-RIPE-LIRPortal RIPENCC | |
360 | WWW-Scraper-Gmail KASTNER | |
361 | WWW-Yahoo-Groups SPOON | |
362 | Yahoo-Marketing JLAVALLEE | |
363 | ||
364 | NOTES | |
365 | Many thanks to Gisle Aas for the original writing of this module and | |
366 | many others including libwww for perl. The web will never be the same :) | |
367 | ||
368 | Ben Laurie deserves kudos for his excellent patches for better error | |
369 | handling, SSL information inspection, and random seeding. | |
370 | ||
371 | Thanks to Dongqiang Bai for host name resolution fix when using a proxy. | |
372 | ||
373 | Thanks to Stuart Horner of Core Communications, Inc. who found the need | |
374 | for building --shared OpenSSL libraries. | |
375 | ||
376 | Thanks to Pavel Hlavnicka for a patch for freeing memory when using a | |
377 | pkcs12 file, and for inspiring more robust read() behavior. | |
378 | ||
379 | James Woodyatt is a champ for finding a ridiculous memory leak that has | |
380 | been the bane of many a Crypt::SSLeay user. | |
381 | ||
382 | Thanks to Bryan Hart for his patch adding proxy support, and thanks to | |
383 | Tobias Manthey for submitting another approach. | |
384 | ||
385 | Thanks to Alex Rhomberg for Alpha linux ccc patch. | |
386 | ||
387 | Thanks to Tobias Manthey for his patches for client certificate support. | |
388 | ||
389 | Thanks to Gamid Isayev for CA cert support and insight into error | |
390 | messaging. | |
391 | ||
392 | Thanks to Jeff Long for working through a tricky CA cert SSLClientVerify | |
393 | issue. | |
394 | ||
395 | Thanks to Chip Turner for patch to build under perl 5.8.0 | |
396 | ||
397 | Thanks to Joshua Chamas for the time he spent maintaining the | |
398 | module. | |
399 | ||
400 | SUPPORT | |
401 | For use of Crypt::SSLeay & Net::SSL with perl's LWP, please send email | |
402 | to libwww@perl.org . | |
403 | ||
404 | For OpenSSL or general SSL support please email the openssl user mailing | |
405 | list at openssl-users@openssl.org . This includes issues associated with | |
406 | building and installing OpenSSL on one's system. | |
407 | ||
408 | Please report all bugs at | |
409 | L<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay>. | |
410 | ||
411 | This module was originally written by Gisle Aas, and was subsequently | |
412 | maintained by Joshua Chamas. It is currently maintained by David | |
413 | Landgren. | |
414 | ||
415 | COPYRIGHT | |
416 | Copyright (c) 2006-2007 David Landgren. | |
417 | Copyright (c) 1999-2003 Joshua Chamas. | |
418 | Copyright (c) 1998 Gisle Aas. | |
419 | ||
420 | This program is free software; you can redistribute it and/or modify it | |
421 | under the same terms as Perl itself. | |
422 | ||
0 | NAME | |
1 | Crypt::SSLeay - OpenSSL support for LWP | |
2 | ||
3 | SYNOPSIS | |
4 | lwp-request https://www.example.com | |
5 | ||
6 | use LWP::UserAgent; | |
7 | my $ua = LWP::UserAgent->new; | |
8 | my $response = $ua->get('https://www.example.com/'); | |
9 | print $response->content, "\n"; | |
10 | ||
11 | DESCRIPTION | |
12 | This Perl module provides support for the HTTPS protocol under LWP, to | |
13 | allow an "LWP::UserAgent" object to perform GET, HEAD and POST requests. | |
14 | Please see LWP for more information on POST requests. | |
15 | ||
16 | The "Crypt::SSLeay" package provides "Net::SSL", which is loaded by | |
17 | "LWP::Protocol::https" for https requests and provides the necessary SSL | |
18 | glue. | |
19 | ||
20 | This distribution also makes following deprecated modules available: | |
21 | ||
22 | Crypt::SSLeay::CTX | |
23 | Crypt::SSLeay::Conn | |
24 | Crypt::SSLeay::X509 | |
25 | ||
26 | Work on Crypt::SSLeay has been continued only to provide https support | |
27 | for the LWP (libwww-perl) libraries. | |
28 | ||
29 | ENVIRONMENT VARIABLES | |
30 | The following environment variables change the way "Crypt::SSLeay" and | |
31 | "Net::SSL" behave. | |
32 | ||
33 | # proxy support | |
34 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
35 | ||
36 | # proxy_basic_auth | |
37 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
38 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
39 | ||
40 | # debugging (SSL diagnostics) | |
41 | $ENV{HTTPS_DEBUG} = 1; | |
42 | ||
43 | # default ssl version | |
44 | $ENV{HTTPS_VERSION} = '3'; | |
45 | ||
46 | # client certificate support | |
47 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
48 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
49 | ||
50 | # CA cert peer verification | |
51 | $ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt'; | |
52 | $ENV{HTTPS_CA_DIR} = 'certs/'; | |
53 | ||
54 | # Client PKCS12 cert support | |
55 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
56 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
57 | ||
58 | INSTALL | |
59 | OpenSSL | |
60 | You must have OpenSSL or SSLeay installed before compiling this module. | |
61 | You can get the latest OpenSSL package from <http://www.openssl.org/>. | |
62 | ||
63 | On Debian systems, you will need to install the "libssl-dev" package, at | |
64 | least for the duration of the build (it may be removed afterwards). | |
65 | ||
66 | Other package-based systems may require something similar. The key is | |
67 | that "Crypt::SSLeay" makes calls to the OpenSSL library, and how to do | |
68 | so is specified in the C header files that come with the library. Some | |
69 | systems break out the header files into a separate package from that of | |
70 | the libraries. Once the program has been built, you don't need the | |
71 | headers any more. | |
72 | ||
73 | When installing openssl make sure your config looks like: | |
74 | ||
75 | ./config --openssldir=/usr/local/openssl | |
76 | ||
77 | or | |
78 | ||
79 | ./config --openssldir=/usr/local/ssl | |
80 | ||
81 | If you are planning on upgrading the default OpenSSL libraries on a | |
82 | system like RedHat, (not recommended), then try something like: | |
83 | ||
84 | ./config --openssldir=/usr --shared | |
85 | ||
86 | The "--shared" option to config will set up building the .so shared | |
87 | libraries which is important for such systems. This is followed by: | |
88 | ||
89 | make | |
90 | make test | |
91 | make install | |
92 | ||
93 | This way "Crypt::SSLeay" will pick up the includes and libraries | |
94 | automatically. If your includes end up going into a separate directory | |
95 | like /usr/local/include, then you may need to symlink | |
96 | /usr/local/openssl/include to /usr/local/include | |
97 | ||
98 | Crypt::SSLeay | |
99 | The latest Crypt::SSLeay can be found at your nearest CPAN, as well as | |
100 | <http://search.cpan.org/dist/Crypt-SSLeay/> | |
101 | ||
102 | Once you have downloaded it, Crypt::SSLeay installs easily using the | |
103 | "make" * commands as shown below. | |
104 | ||
105 | perl Makefile.PL | |
106 | make | |
107 | make test | |
108 | make install | |
109 | ||
110 | On Windows systems, both Strawberry Perl and ActiveState (as a separate | |
111 | download via ppm) projects include a MingW based compiler distribution | |
112 | and "dmake" which can be used to build both OpenSSL and "Crypt-SSLeay". | |
113 | If you have such a set up, use "dmake" above. | |
114 | ||
115 | For unattended (batch) installations, to be absolutely certain that | |
116 | Makefile.PL does not prompt for questions on STDIN, set the following | |
117 | environment variable beforehand: | |
118 | ||
119 | PERL_MM_USE_DEFAULT=1 | |
120 | ||
121 | (This is true for any CPAN module that uses "ExtUtils::MakeMaker"). | |
122 | ||
123 | To skip live tests, you can use | |
124 | ||
125 | perl Makefile.PL --no-live-tests | |
126 | ||
127 | and to force live tests, you can use | |
128 | ||
129 | perl Makefile.PL --live-tests | |
130 | ||
131 | Windows | |
132 | "Crypt::SSLeay" builds correctly with Strawberry Perl. | |
133 | ||
134 | For ActiveState Perl users, the ActiveState company does not have a | |
135 | permit from the Canadian Federal Government to distribute cryptographic | |
136 | software. This prevents "Crypt::SSLeay" from being distributed as a PPM | |
137 | package from their repository. See | |
138 | <http://aspn.activestate.com/ASPN/docs/ActivePerl/5.8/faq/ActivePerl-faq | |
139 | 2.html#crypto_packages> for more information on this issue. | |
140 | ||
141 | You may download it from Randy Kobes's PPM repository by using the | |
142 | following command: | |
143 | ||
144 | ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd | |
145 | ||
146 | An alternative is to add the uwinnipeg.ca PPM repository to your local | |
147 | installation. See <http://cpan.uwinnipeg.ca/htdocs/faqs/ppm.html> for | |
148 | more details. | |
149 | ||
150 | VMS | |
151 | It is assumed that the OpenSSL installation is located at /ssl$root. | |
152 | Define this logical to point to the appropriate place in the filesystem. | |
153 | ||
154 | PROXY SUPPORT | |
155 | LWP::UserAgent and Crypt::SSLeay have their own versions of proxy | |
156 | support. Please read these sections to see which one is appropriate. | |
157 | ||
158 | LWP::UserAgent proxy support | |
159 | "LWP::UserAgent" has its own methods of proxying which may work for you | |
160 | and is likely to be incompatible with "Crypt::SSLeay" proxy support. To | |
161 | use "LWP::UserAgent" proxy support, try something like: | |
162 | ||
163 | my $ua = LWP::UserAgent->new; | |
164 | $ua->proxy([qw( https http )], "$proxy_ip:$proxy_port"); | |
165 | ||
166 | At the time of this writing, libwww v5.6 seems to proxy https requests | |
167 | fine with an Apache mod_proxy server. It sends a line like: | |
168 | ||
169 | GET https://www.example.com HTTP/1.1 | |
170 | ||
171 | to the proxy server, which is not the "CONNECT" request that some | |
172 | proxies would expect, so this may not work with other proxy servers than | |
173 | mod_proxy. The "CONNECT" method is used by "Crypt::SSLeay"'s internal | |
174 | proxy support. | |
175 | ||
176 | Crypt::SSLeay proxy support | |
177 | For native "Crypt::SSLeay" proxy support of https requests, you need to | |
178 | set the environment variable "HTTPS_PROXY" to your proxy server and | |
179 | port, as in: | |
180 | ||
181 | # proxy support | |
182 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
183 | $ENV{HTTPS_PROXY} = '127.0.0.1:8080'; | |
184 | ||
185 | Use of the "HTTPS_PROXY" environment variable in this way is similar to | |
186 | "LWP::UserAgent-"env_proxy()> usage, but calling that method will likely | |
187 | override or break the "Crypt::SSLeay" support, so do not mix the two. | |
188 | ||
189 | Basic auth credentials to the proxy server can be provided this way: | |
190 | ||
191 | # proxy_basic_auth | |
192 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
193 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
194 | ||
195 | For an example of LWP scripting with "Crypt::SSLeay" native proxy | |
196 | support, please look at the eg/lwp-ssl-test script in the | |
197 | "Crypt::SSLeay" distribution. | |
198 | ||
199 | CLIENT CERTIFICATE SUPPORT | |
200 | Client certificates are supported. PEM encoded certificate and private | |
201 | key files may be used like this: | |
202 | ||
203 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
204 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
205 | ||
206 | You may test your files with the eg/net-ssl-test program, bundled with | |
207 | the distribution, by issuing a command like: | |
208 | ||
209 | perl eg/net-ssl-test -cert=certs/notacacert.pem \ | |
210 | -key=certs/notacakeynopass.pem -d GET $HOST_NAME | |
211 | ||
212 | Additionally, if you would like to tell the client where the CA file is, | |
213 | you may set these. | |
214 | ||
215 | $ENV{HTTPS_CA_FILE} = "some_file"; | |
216 | $ENV{HTTPS_CA_DIR} = "some_dir"; | |
217 | ||
218 | Note that, if specified, $ENV{HTTPS_CA_FILE} must point to the actual | |
219 | certificate file. That is, $ENV{HTTPS_CA_DIR} is *not* the path were | |
220 | $ENV{HTTPS_CA_FILE} is located. | |
221 | ||
222 | For certificates in $ENV{HTTPS_CA_DIR} to be picked up, follow the | |
223 | instructions on | |
224 | <http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html> | |
225 | ||
226 | There is no sample CA cert file at this time for testing, but you may | |
227 | configure eg/net-ssl-test to use your CA cert with the -CAfile option. | |
228 | (TODO: then what is the ./certs directory in the distribution?) | |
229 | ||
230 | Creating a test certificate | |
231 | To create simple test certificates with OpenSSL, you may run the | |
232 | following command: | |
233 | ||
234 | openssl req -config /usr/local/openssl/openssl.cnf \ | |
235 | -new -days 365 -newkey rsa:1024 -x509 \ | |
236 | -keyout notacakey.pem -out notacacert.pem | |
237 | ||
238 | To remove the pass phrase from the key file, run: | |
239 | ||
240 | openssl rsa -in notacakey.pem -out notacakeynopass.pem | |
241 | ||
242 | PKCS12 support | |
243 | The directives for enabling use of PKCS12 certificates is: | |
244 | ||
245 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
246 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
247 | ||
248 | Use of this type of certificate takes precedence over previous | |
249 | certificate settings described. (TODO: unclear? Meaning "the presence of | |
250 | this type of certificate"?) | |
251 | ||
252 | SSL versions | |
253 | "Crypt::SSLeay" tries very hard to connect to *any* SSL web server | |
254 | accomodating servers that are buggy, old or simply not | |
255 | standards-compliant. To this effect, this module will try SSL | |
256 | connections in this order: | |
257 | ||
258 | SSL v23 | |
259 | should allow v2 and v3 servers to pick their best type | |
260 | ||
261 | SSL v3 | |
262 | best connection type | |
263 | ||
264 | SSL v2 | |
265 | old connection type | |
266 | ||
267 | Unfortunately, some servers seem not to handle a reconnect to SSL v3 | |
268 | after a failed connect of SSL v23 is tried, so you may set before using | |
269 | LWP or Net::SSL: | |
270 | ||
271 | $ENV{HTTPS_VERSION} = 3; | |
272 | ||
273 | to force a version 3 SSL connection first. At this time only a version 2 | |
274 | SSL connection will be tried after this, as the connection attempt order | |
275 | remains unchanged by this setting. | |
276 | ||
277 | ACKNOWLEDGEMENTS | |
278 | Many thanks to the following individuals who helped improve | |
279 | "Crypt-SSLeay": | |
280 | ||
281 | *Gisle Aas* for writing this module and many others including libwww, | |
282 | for perl. The web will never be the same :) | |
283 | ||
284 | *Ben Laurie* deserves kudos for his excellent patches for better error | |
285 | handling, SSL information inspection, and random seeding. | |
286 | ||
287 | *Dongqiang Bai* for host name resolution fix when using a proxy. | |
288 | ||
289 | *Stuart Horner* of Core Communications, Inc. who found the need for | |
290 | building "--shared" OpenSSL libraries. | |
291 | ||
292 | *Pavel Hlavnicka* for a patch for freeing memory when using a pkcs12 | |
293 | file, and for inspiring more robust "read()" behavior. | |
294 | ||
295 | *James Woodyatt* is a champ for finding a ridiculous memory leak that | |
296 | has been the bane of many a Crypt::SSLeay user. | |
297 | ||
298 | *Bryan Hart* for his patch adding proxy support, and thanks to *Tobias | |
299 | Manthey* for submitting another approach. | |
300 | ||
301 | *Alex Rhomberg* for Alpha linux ccc patch. | |
302 | ||
303 | *Tobias Manthey* for his patches for client certificate support. | |
304 | ||
305 | *Daisuke Kuroda* for adding PKCS12 certificate support. | |
306 | ||
307 | *Gamid Isayev* for CA cert support and insights into error messaging. | |
308 | ||
309 | *Jeff Long* for working through a tricky CA cert SSLClientVerify issue. | |
310 | ||
311 | *Chip Turner* for a patch to build under perl 5.8.0. | |
312 | ||
313 | *Joshua Chamas* for the time he spent maintaining the module. | |
314 | ||
315 | *Jeff Lavallee* for help with alarms on read failures (CPAN bug #12444). | |
316 | ||
317 | *Guenter Knauf* for significant improvements in configuring things in | |
318 | Win32 and Netware lands and Jan Dubois for various suggestions for | |
319 | improvements. | |
320 | ||
321 | and *many others* who provided bug reports, suggestions, fixes and | |
322 | patches. | |
323 | ||
324 | SEE ALSO | |
325 | Net::SSL | |
326 | If you have downloaded this distribution as of a dependency of | |
327 | another distribution, it's probably due to this module (which is | |
328 | included in this distribution). | |
329 | ||
330 | Net::SSLeay | |
331 | Net::SSLeay provides access to the OpenSSL API directly from Perl. | |
332 | See <http://search.cpan.org/dist/Net-SSLeay/>. | |
333 | ||
334 | OpenSSL binary packages for Windows | |
335 | See <http://www.openssl.org/related/binaries.html>. | |
336 | ||
337 | SUPPORT | |
338 | For use of Crypt::SSLeay & Net::SSL with Perl's LWP, please send email | |
339 | to libwww@perl.org <mailto:libwww@perl.org>. | |
340 | ||
341 | For OpenSSL or general SSL support, including issues associated with | |
342 | building and installing OpenSSL on your system, please email the OpenSSL | |
343 | users mailing list at openssl-users@openssl.org | |
344 | <mailto:openssl-users@openssl.org>. See | |
345 | <http://www.openssl.org/support/community.html> for other mailing lists | |
346 | and archives. | |
347 | ||
348 | Please report all bugs at | |
349 | "/rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay"" in "http:. | |
350 | ||
351 | AUTHORS | |
352 | This module was originally written by Gisle Aas, and was subsequently | |
353 | maintained by Joshua Chamas, David Landgren, brian d foy and Sinan Unur. | |
354 | ||
355 | COPYRIGHT | |
356 | Copyright (c) 2010 A. Sinan Unur | |
357 | ||
358 | Copyright (c) 2006-2007 David Landgren | |
359 | ||
360 | Copyright (c) 1999-2003 Joshua Chamas | |
361 | ||
362 | Copyright (c) 1998 Gisle Aas | |
363 | ||
364 | LICENSE | |
365 | This program is free software; you can redistribute it and/or modify it | |
366 | under the same terms as Perl itself. | |
367 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use vars '$VERSION'; |
4 | $VERSION = '0.57'; | |
4 | $VERSION = '0.58'; | |
5 | 5 | |
6 | 6 | eval { |
7 | 7 | require XSLoader; |
47 | 47 | |
48 | 48 | =head1 SYNOPSIS |
49 | 49 | |
50 | lwp-request https://www.example.com | |
51 | ||
52 | use LWP::UserAgent; | |
53 | my $ua = LWP::UserAgent->new; | |
54 | my $req = HTTP::Request->new('GET', 'https://www.example.com/'); | |
55 | my $res = $ua->request($req); | |
56 | print $res->content, "\n"; | |
50 | lwp-request https://www.example.com | |
51 | ||
52 | use LWP::UserAgent; | |
53 | my $ua = LWP::UserAgent->new; | |
54 | my $response = $ua->get('https://www.example.com/'); | |
55 | print $response->content, "\n"; | |
57 | 56 | |
58 | 57 | =head1 DESCRIPTION |
59 | 58 | |
60 | This document describes C<Crypt::SSLeay> version 0.57, released | |
61 | 2007-09-17. | |
62 | ||
63 | This perl module provides support for the https protocol under LWP, | |
59 | This Perl module provides support for the HTTPS protocol under LWP, | |
64 | 60 | to allow an C<LWP::UserAgent> object to perform GET, HEAD and POST |
65 | 61 | requests. Please see LWP for more information on POST requests. |
66 | 62 | |
70 | 66 | |
71 | 67 | This distribution also makes following deprecated modules available: |
72 | 68 | |
73 | Crypt::SSLeay::CTX | |
74 | Crypt::SSLeay::Conn | |
75 | Crypt::SSLeay::X509 | |
69 | Crypt::SSLeay::CTX | |
70 | Crypt::SSLeay::Conn | |
71 | Crypt::SSLeay::X509 | |
76 | 72 | |
77 | 73 | Work on Crypt::SSLeay has been continued only to provide https |
78 | 74 | support for the LWP (libwww-perl) libraries. |
82 | 78 | The following environment variables change the way |
83 | 79 | C<Crypt::SSLeay> and C<Net::SSL> behave. |
84 | 80 | |
85 | # proxy support | |
86 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
87 | ||
88 | # proxy_basic_auth | |
89 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
90 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
91 | ||
92 | # debugging (SSL diagnostics) | |
93 | $ENV{HTTPS_DEBUG} = 1; | |
94 | ||
95 | # default ssl version | |
96 | $ENV{HTTPS_VERSION} = '3'; | |
97 | ||
98 | # client certificate support | |
99 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
100 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
101 | ||
102 | # CA cert peer verification | |
103 | $ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt'; | |
104 | $ENV{HTTPS_CA_DIR} = 'certs/'; | |
105 | ||
106 | # Client PKCS12 cert support | |
107 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
108 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
81 | # proxy support | |
82 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
83 | ||
84 | # proxy_basic_auth | |
85 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
86 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
87 | ||
88 | # debugging (SSL diagnostics) | |
89 | $ENV{HTTPS_DEBUG} = 1; | |
90 | ||
91 | # default ssl version | |
92 | $ENV{HTTPS_VERSION} = '3'; | |
93 | ||
94 | # client certificate support | |
95 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
96 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
97 | ||
98 | # CA cert peer verification | |
99 | $ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt'; | |
100 | $ENV{HTTPS_CA_DIR} = 'certs/'; | |
101 | ||
102 | # Client PKCS12 cert support | |
103 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
104 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
109 | 105 | |
110 | 106 | =head1 INSTALL |
111 | 107 | |
112 | 108 | =head2 OpenSSL |
113 | 109 | |
114 | You must have OpenSSL or SSLeay installed before compiling | |
115 | this module. You can get the latest OpenSSL package from: | |
116 | ||
117 | http://www.openssl.org/ | |
118 | ||
119 | On Debian systems, you will need to install the libssl-dev package, | |
110 | You must have OpenSSL or SSLeay installed before compiling this module. | |
111 | You can get the latest OpenSSL package from | |
112 | L<http://www.openssl.org/>. | |
113 | ||
114 | On Debian systems, you will need to install the C<libssl-dev> package, | |
120 | 115 | at least for the duration of the build (it may be removed afterwards). |
121 | 116 | |
122 | Other package-based systems may require something similar. The key | |
123 | is that Crypt::SSLeay makes calls to the OpenSSL library, and how | |
124 | to do so is specified in the C header files that come with the | |
125 | library. Some systems break out the header files into a separate | |
126 | package from that of the libraries. Once the program has been built, | |
127 | you don't need the headers any more. | |
117 | Other package-based systems may require something similar. The key is | |
118 | that C<Crypt::SSLeay> makes calls to the OpenSSL library, and how to do | |
119 | so is specified in the C header files that come with the library. Some | |
120 | systems break out the header files into a separate package from that of | |
121 | the libraries. Once the program has been built, you don't need the | |
122 | headers any more. | |
128 | 123 | |
129 | 124 | When installing openssl make sure your config looks like: |
130 | 125 | |
131 | ./config --openssldir=/usr/local/openssl | |
132 | or | |
133 | ./config --openssldir=/usr/local/ssl | |
126 | ./config --openssldir=/usr/local/openssl | |
127 | ||
128 | or | |
129 | ||
130 | ./config --openssldir=/usr/local/ssl | |
134 | 131 | |
135 | 132 | If you are planning on upgrading the default OpenSSL libraries on |
136 | 133 | a system like RedHat, (not recommended), then try something like: |
137 | 134 | |
138 | ./config --openssldir=/usr --shared | |
139 | ||
140 | The --shared option to config will set up building the .so | |
135 | ./config --openssldir=/usr --shared | |
136 | ||
137 | The C<--shared> option to config will set up building the .so | |
141 | 138 | shared libraries which is important for such systems. This is |
142 | 139 | followed by: |
143 | 140 | |
144 | make | |
145 | make test | |
146 | make install | |
147 | ||
148 | This way Crypt::SSLeay will pick up the includes and | |
141 | make | |
142 | make test | |
143 | make install | |
144 | ||
145 | This way C<Crypt::SSLeay> will pick up the includes and | |
149 | 146 | libraries automatically. If your includes end up |
150 | going into a separate directory like /usr/local/include, | |
151 | then you may need to symlink /usr/local/openssl/include | |
152 | to /usr/local/include | |
147 | going into a separate directory like F</usr/local/include>, | |
148 | then you may need to symlink F</usr/local/openssl/include> | |
149 | to F</usr/local/include> | |
153 | 150 | |
154 | 151 | =head2 Crypt::SSLeay |
155 | 152 | |
156 | 153 | The latest Crypt::SSLeay can be found at your nearest CPAN, |
157 | as well as: | |
158 | ||
159 | http://search.cpan.org/dist/Crypt-SSLeay/ | |
160 | ||
161 | Once you have downloaded it, Crypt::SSLeay installs easily | |
162 | using the C<make> * commands as shown below. | |
163 | ||
164 | perl Makefile.PL | |
165 | make | |
166 | make test | |
167 | make install | |
168 | ||
169 | * use nmake or dmake on Win32 | |
154 | as well as L<http://search.cpan.org/dist/Crypt-SSLeay/> | |
155 | ||
156 | Once you have downloaded it, Crypt::SSLeay installs easily | |
157 | using the C<make> * commands as shown below. | |
158 | ||
159 | perl Makefile.PL | |
160 | make | |
161 | make test | |
162 | make install | |
163 | ||
164 | On Windows systems, both Strawberry Perl and ActiveState (as a separate | |
165 | download via ppm) projects include a MingW based compiler distribution and | |
166 | C<dmake> which can be used to build both OpenSSL and C<Crypt-SSLeay>. If you | |
167 | have such a set up, use C<dmake> above. | |
170 | 168 | |
171 | 169 | For unattended (batch) installations, to be absolutely certain that |
172 | 170 | F<Makefile.PL> does not prompt for questions on STDIN, set the |
173 | 171 | following environment variable beforehand: |
174 | 172 | |
175 | PERL_MM_USE_DEFAULT=1 | |
173 | PERL_MM_USE_DEFAULT=1 | |
176 | 174 | |
177 | 175 | (This is true for any CPAN module that uses C<ExtUtils::MakeMaker>). |
178 | 176 | |
177 | To skip live tests, you can use | |
178 | ||
179 | perl Makefile.PL --no-live-tests | |
180 | ||
181 | and to force live tests, you can use | |
182 | ||
183 | perl Makefile.PL --live-tests | |
184 | ||
179 | 185 | =head3 Windows |
180 | 186 | |
181 | 187 | C<Crypt::SSLeay> builds correctly with Strawberry Perl. |
182 | 188 | |
183 | For Activestate users, the ActiveState company does not have a | |
189 | For ActiveState Perl users, the ActiveState company does not have a | |
184 | 190 | permit from the Canadian Federal Government to distribute cryptographic |
185 | software. This prevents C<Crypt::SSLeay> from being distributed as | |
186 | a PPM package from their repository. See | |
191 | software. This prevents C<Crypt::SSLeay> from being distributed as a PPM | |
192 | package from their repository. See | |
187 | 193 | L<http://aspn.activestate.com/ASPN/docs/ActivePerl/5.8/faq/ActivePerl-faq2.html#crypto_packages> |
188 | 194 | for more information on this issue. |
189 | 195 | |
190 | 196 | You may download it from Randy Kobes's PPM repository by using |
191 | 197 | the following command: |
192 | 198 | |
193 | ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd | |
199 | ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd | |
194 | 200 | |
195 | 201 | An alternative is to add the uwinnipeg.ca PPM repository to your |
196 | 202 | local installation. See L<http://cpan.uwinnipeg.ca/htdocs/faqs/ppm.html> |
199 | 205 | =head3 VMS |
200 | 206 | |
201 | 207 | It is assumed that the OpenSSL installation is located at |
202 | C</ssl$root>. Define this logical to point to the appropriate | |
208 | F</ssl$root>. Define this logical to point to the appropriate | |
203 | 209 | place in the filesystem. |
204 | 210 | |
205 | 211 | =head1 PROXY SUPPORT |
206 | 212 | |
207 | LWP::UserAgent and Crypt::SSLeay have their own versions of | |
213 | L<LWP::UserAgent> and L<Crypt::SSLeay> have their own versions of | |
208 | 214 | proxy support. Please read these sections to see which one |
209 | 215 | is appropriate. |
210 | 216 | |
211 | 217 | =head2 LWP::UserAgent proxy support |
212 | 218 | |
213 | LWP::UserAgent has its own methods of proxying which may work for | |
214 | you and is likely to be incompatible with Crypt::SSLeay proxy support. | |
215 | To use LWP::UserAgent proxy support, try something like: | |
216 | ||
217 | my $ua = new LWP::UserAgent; | |
218 | $ua->proxy([qw( https http )], "$proxy_ip:$proxy_port"); | |
219 | ||
220 | At the time of this writing, libwww v5.6 seems to proxy https | |
221 | requests fine with an Apache mod_proxy server. It sends a line like: | |
222 | ||
223 | GET https://www.example.com HTTP/1.1 | |
224 | ||
225 | to the proxy server, which is not the CONNECT request that | |
226 | some proxies would expect, so this may not work with other | |
227 | proxy servers than mod_proxy. The CONNECT method is used | |
228 | by Crypt::SSLeay's internal proxy support. | |
219 | C<LWP::UserAgent> has its own methods of proxying which may work for you | |
220 | and is likely to be incompatible with C<Crypt::SSLeay> proxy support. | |
221 | To use C<LWP::UserAgent> proxy support, try something like: | |
222 | ||
223 | my $ua = LWP::UserAgent->new; | |
224 | $ua->proxy([qw( https http )], "$proxy_ip:$proxy_port"); | |
225 | ||
226 | At the time of this writing, libwww v5.6 seems to proxy https requests | |
227 | fine with an Apache F<mod_proxy> server. It sends a line like: | |
228 | ||
229 | GET https://www.example.com HTTP/1.1 | |
230 | ||
231 | to the proxy server, which is not the C<CONNECT> request that some | |
232 | proxies would expect, so this may not work with other proxy servers than | |
233 | F<mod_proxy>. The C<CONNECT> method is used by C<Crypt::SSLeay>'s | |
234 | internal proxy support. | |
229 | 235 | |
230 | 236 | =head2 Crypt::SSLeay proxy support |
231 | 237 | |
232 | For native Crypt::SSLeay proxy support of https requests, | |
233 | you need to set the environment variable C<HTTPS_PROXY> to your | |
238 | For native C<Crypt::SSLeay> proxy support of https requests, | |
239 | you need to set the environment variable C<HTTPS_PROXY> to your | |
234 | 240 | proxy server and port, as in: |
235 | 241 | |
236 | # proxy support | |
237 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
238 | $ENV{HTTPS_PROXY} = '127.0.0.1:8080'; | |
239 | ||
240 | Use of the C<HTTPS_PROXY> environment variable in this way | |
242 | # proxy support | |
243 | $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port'; | |
244 | $ENV{HTTPS_PROXY} = '127.0.0.1:8080'; | |
245 | ||
246 | Use of the C<HTTPS_PROXY> environment variable in this way | |
241 | 247 | is similar to C<LWP::UserAgent->env_proxy()> usage, but calling |
242 | that method will likely override or break the Crypt::SSLeay | |
248 | that method will likely override or break the C<Crypt::SSLeay> | |
243 | 249 | support, so do not mix the two. |
244 | 250 | |
245 | Basic auth credentials to the proxy server can be provided | |
251 | Basic auth credentials to the proxy server can be provided | |
246 | 252 | this way: |
247 | 253 | |
248 | # proxy_basic_auth | |
249 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
250 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
254 | # proxy_basic_auth | |
255 | $ENV{HTTPS_PROXY_USERNAME} = 'username'; | |
256 | $ENV{HTTPS_PROXY_PASSWORD} = 'password'; | |
251 | 257 | |
252 | 258 | For an example of LWP scripting with C<Crypt::SSLeay> native proxy |
253 | support, please look at the F<eg/lwp-ssl-test> script in the | |
259 | support, please look at the F<eg/lwp-ssl-test> script in the | |
254 | 260 | C<Crypt::SSLeay> distribution. |
255 | 261 | |
256 | 262 | =head1 CLIENT CERTIFICATE SUPPORT |
257 | 263 | |
258 | Client certificates are supported. PEM0encoded certificate and | |
264 | Client certificates are supported. PEM encoded certificate and | |
259 | 265 | private key files may be used like this: |
260 | 266 | |
261 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
262 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
267 | $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem'; | |
268 | $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem'; | |
263 | 269 | |
264 | 270 | You may test your files with the F<eg/net-ssl-test> program, |
265 | 271 | bundled with the distribution, by issuing a command like: |
266 | 272 | |
267 | perl eg/net-ssl-test -cert=certs/notacacert.pem \ | |
268 | -key=certs/notacakeynopass.pem -d GET $HOST_NAME | |
273 | perl eg/net-ssl-test -cert=certs/notacacert.pem \ | |
274 | -key=certs/notacakeynopass.pem -d GET $HOST_NAME | |
269 | 275 | |
270 | 276 | Additionally, if you would like to tell the client where |
271 | 277 | the CA file is, you may set these. |
272 | 278 | |
273 | $ENV{HTTPS_CA_FILE} = "some_file"; | |
274 | $ENV{HTTPS_CA_DIR} = "some_dir"; | |
279 | $ENV{HTTPS_CA_FILE} = "some_file"; | |
280 | $ENV{HTTPS_CA_DIR} = "some_dir"; | |
281 | ||
282 | Note that, if specified, C<$ENV{HTTPS_CA_FILE}> must point to the actual | |
283 | certificate file. That is, C<$ENV{HTTPS_CA_DIR}> is *not* the path were | |
284 | C<$ENV{HTTPS_CA_FILE}> is located. | |
285 | ||
286 | For certificates in C<$ENV{HTTPS_CA_DIR}> to be picked up, follow the | |
287 | instructions on | |
288 | L<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html> | |
275 | 289 | |
276 | 290 | There is no sample CA cert file at this time for testing, |
277 | 291 | but you may configure F<eg/net-ssl-test> to use your CA cert |
278 | with the -CAfile option. (TODO: then what is the ./certs | |
292 | with the -CAfile option. (TODO: then what is the F<./certs> | |
279 | 293 | directory in the distribution?) |
280 | 294 | |
281 | 295 | =head2 Creating a test certificate |
283 | 297 | To create simple test certificates with OpenSSL, you may |
284 | 298 | run the following command: |
285 | 299 | |
286 | openssl req -config /usr/local/openssl/openssl.cnf \ | |
287 | -new -days 365 -newkey rsa:1024 -x509 \ | |
288 | -keyout notacakey.pem -out notacacert.pem | |
300 | openssl req -config /usr/local/openssl/openssl.cnf \ | |
301 | -new -days 365 -newkey rsa:1024 -x509 \ | |
302 | -keyout notacakey.pem -out notacacert.pem | |
289 | 303 | |
290 | 304 | To remove the pass phrase from the key file, run: |
291 | 305 | |
292 | openssl rsa -in notacakey.pem -out notacakeynopass.pem | |
306 | openssl rsa -in notacakey.pem -out notacakeynopass.pem | |
293 | 307 | |
294 | 308 | =head2 PKCS12 support |
295 | 309 | |
296 | 310 | The directives for enabling use of PKCS12 certificates is: |
297 | 311 | |
298 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
299 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
312 | $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12'; | |
313 | $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD'; | |
300 | 314 | |
301 | 315 | Use of this type of certificate takes precedence over previous |
302 | 316 | certificate settings described. (TODO: unclear? Meaning "the |
303 | presence of this type of certificate??) | |
317 | presence of this type of certificate"?) | |
304 | 318 | |
305 | 319 | =head1 SSL versions |
306 | 320 | |
307 | Crypt::SSLeay tries very hard to connect to I<any> SSL web server | |
308 | accomodating servers that are buggy, old or simply | |
309 | not standards-compliant. To this effect, this module will | |
310 | try SSL connections in this order: | |
311 | ||
312 | SSL v23 - should allow v2 and v3 servers to pick their best type | |
313 | SSL v3 - best connection type | |
314 | SSL v2 - old connection type | |
315 | ||
316 | Unfortunately, some servers seem not to handle a reconnect | |
317 | to SSL v3 after a failed connect of SSL v23 is tried, | |
318 | so you may set before using LWP or Net::SSL: | |
319 | ||
320 | $ENV{HTTPS_VERSION} = 3; | |
321 | C<Crypt::SSLeay> tries very hard to connect to I<any> SSL web server | |
322 | accomodating servers that are buggy, old or simply not | |
323 | standards-compliant. To this effect, this module will try SSL | |
324 | connections in this order: | |
325 | ||
326 | =over 4 | |
327 | ||
328 | =item SSL v23 | |
329 | ||
330 | should allow v2 and v3 servers to pick their best type | |
331 | ||
332 | =item SSL v3 | |
333 | ||
334 | best connection type | |
335 | ||
336 | =item SSL v2 | |
337 | ||
338 | old connection type | |
339 | ||
340 | =back | |
341 | ||
342 | Unfortunately, some servers seem not to handle a reconnect to SSL v3 after a | |
343 | failed connect of SSL v23 is tried, so you may set before using LWP or | |
344 | Net::SSL: | |
345 | ||
346 | $ENV{HTTPS_VERSION} = 3; | |
321 | 347 | |
322 | 348 | to force a version 3 SSL connection first. At this time only a |
323 | 349 | version 2 SSL connection will be tried after this, as the connection |
325 | 351 | |
326 | 352 | =head1 ACKNOWLEDGEMENTS |
327 | 353 | |
328 | Many thanks to Gisle Aas for writing this module and many others | |
329 | including libwww, for perl. The web will never be the same :) | |
330 | ||
331 | Ben Laurie deserves kudos for his excellent patches for better error | |
354 | Many thanks to the following individuals who helped improve | |
355 | C<Crypt-SSLeay>: | |
356 | ||
357 | I<Gisle Aas> for writing this module and many others including libwww, for | |
358 | perl. The web will never be the same :) | |
359 | ||
360 | I<Ben Laurie> deserves kudos for his excellent patches for better error | |
332 | 361 | handling, SSL information inspection, and random seeding. |
333 | 362 | |
334 | Thanks to Dongqiang Bai for host name resolution fix when using a | |
335 | proxy. | |
336 | ||
337 | Thanks to Stuart Horner of Core Communications, Inc. who found the | |
338 | need for building --shared OpenSSL libraries. | |
339 | ||
340 | Thanks to Pavel Hlavnicka for a patch for freeing memory when using | |
341 | a pkcs12 file, and for inspiring more robust read() behavior. | |
342 | ||
343 | James Woodyatt is a champ for finding a ridiculous memory leak that | |
363 | I<Dongqiang Bai> for host name resolution fix when using a proxy. | |
364 | ||
365 | I<Stuart Horner> of Core Communications, Inc. who found the need for | |
366 | building C<--shared> OpenSSL libraries. | |
367 | ||
368 | I<Pavel Hlavnicka> for a patch for freeing memory when using a pkcs12 | |
369 | file, and for inspiring more robust C<read()> behavior. | |
370 | ||
371 | I<James Woodyatt> is a champ for finding a ridiculous memory leak that | |
344 | 372 | has been the bane of many a Crypt::SSLeay user. |
345 | 373 | |
346 | Thanks to Bryan Hart for his patch adding proxy support, | |
347 | and thanks to Tobias Manthey for submitting another approach. | |
348 | ||
349 | Thanks to Alex Rhomberg for Alpha linux ccc patch. | |
350 | ||
351 | Thanks to Tobias Manthey for his patches for client certificate | |
352 | support. | |
353 | ||
354 | Thanks to Daisuke Kuroda for adding PKCS12 certificate support. | |
355 | ||
356 | Thanks to Gamid Isayev for CA cert support and insights into error | |
357 | messaging. | |
358 | ||
359 | Thanks to Jeff Long for working through a tricky CA cert SSLClientVerify | |
360 | issue. | |
361 | ||
362 | Thanks to Chip Turner for patch to build under perl 5.8.0. | |
363 | ||
364 | Thanks to Joshua Chamas for the time he spent maintaining the | |
365 | module. | |
366 | ||
367 | Thanks to Jeff Lavallee for help with alarms on read failures (CPAN | |
368 | bug #12444). | |
369 | ||
370 | Thanks to Guenter Knauf for significant improvements in configuring | |
371 | things in Win32 and Netware lands and Jan Dubois for various | |
372 | suggestions for improvements. | |
374 | I<Bryan Hart> for his patch adding proxy support, and thanks to I<Tobias | |
375 | Manthey> for submitting another approach. | |
376 | ||
377 | I<Alex Rhomberg> for Alpha linux ccc patch. | |
378 | ||
379 | I<Tobias Manthey> for his patches for client certificate support. | |
380 | ||
381 | I<Daisuke Kuroda> for adding PKCS12 certificate support. | |
382 | ||
383 | I<Gamid Isayev> for CA cert support and insights into error messaging. | |
384 | ||
385 | I<Jeff Long> for working through a tricky CA cert SSLClientVerify issue. | |
386 | ||
387 | I<Chip Turner> for a patch to build under perl 5.8.0. | |
388 | ||
389 | I<Joshua Chamas> for the time he spent maintaining the module. | |
390 | ||
391 | I<Jeff Lavallee> for help with alarms on read failures (CPAN bug #12444). | |
392 | ||
393 | I<Guenter Knauf> for significant improvements in configuring things in | |
394 | Win32 and Netware lands and Jan Dubois for various suggestions for | |
395 | improvements. | |
396 | ||
397 | and I<many others> who provided bug reports, suggestions, fixes and | |
398 | patches. | |
373 | 399 | |
374 | 400 | =head1 SEE ALSO |
375 | 401 | |
377 | 403 | |
378 | 404 | =item Net::SSL |
379 | 405 | |
380 | If you have downloaded this distribution as of a dependency | |
381 | of another distribution, it's probably due to this module | |
382 | (which is included in this distribution). | |
406 | If you have downloaded this distribution as of a dependency of another | |
407 | distribution, it's probably due to this module (which is included in | |
408 | this distribution). | |
383 | 409 | |
384 | 410 | =item Net::SSLeay |
385 | 411 | |
386 | A module that offers access to the OpenSSL API directly from Perl. | |
387 | ||
388 | http://search.cpan.org/dist/Net_SSLeay.pm/ | |
389 | ||
390 | =item http://www.openssl.org/related/binaries.html | |
391 | ||
392 | Pointers on where to find OpenSSL binary packages (Windows). | |
412 | L<Net::SSLeay|Net::SSLeay> provides access to the OpenSSL API directly | |
413 | from Perl. See L<http://search.cpan.org/dist/Net-SSLeay/>. | |
414 | ||
415 | =item OpenSSL binary packages for Windows | |
416 | ||
417 | See L<http://www.openssl.org/related/binaries.html>. | |
393 | 418 | |
394 | 419 | =back |
395 | 420 | |
396 | 421 | =head1 SUPPORT |
397 | 422 | |
398 | For use of Crypt::SSLeay & Net::SSL with perl's LWP, please | |
399 | send email to C<libwww@perl.org>. | |
400 | ||
401 | For OpenSSL or general SSL support please email the | |
402 | openssl user mailing list at C<openssl-users@openssl.org>. | |
403 | This includes issues associated with building and installing | |
404 | OpenSSL on one's system. | |
423 | For use of Crypt::SSLeay & Net::SSL with Perl's LWP, please | |
424 | send email to L<libwww@perl.org|mailto:libwww@perl.org>. | |
425 | ||
426 | For OpenSSL or general SSL support, including issues associated with | |
427 | building and installing OpenSSL on your system, please email the OpenSSL | |
428 | users mailing list at | |
429 | L<openssl-users@openssl.org|mailto:openssl-users@openssl.org>. See | |
430 | L<http://www.openssl.org/support/community.html> for other mailing lists | |
431 | and archives. | |
405 | 432 | |
406 | 433 | Please report all bugs at |
407 | L<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay>. | |
434 | L<"http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay">. | |
435 | ||
436 | =head1 AUTHORS | |
408 | 437 | |
409 | 438 | This module was originally written by Gisle Aas, and was subsequently |
410 | maintained by Joshua Chamas. It is currently maintained by David | |
411 | Landgren. | |
439 | maintained by Joshua Chamas, David Landgren, brian d foy and Sinan Unur. | |
412 | 440 | |
413 | 441 | =head1 COPYRIGHT |
414 | 442 | |
415 | Copyright (c) 2006-2007 David Landgren. | |
416 | Copyright (c) 1999-2003 Joshua Chamas. | |
417 | Copyright (c) 1998 Gisle Aas. | |
418 | ||
419 | This program is free software; you can redistribute | |
420 | it and/or modify it under the same terms as Perl itself. | |
443 | Copyright (c) 2010 A. Sinan Unur | |
444 | ||
445 | Copyright (c) 2006-2007 David Landgren | |
446 | ||
447 | Copyright (c) 1999-2003 Joshua Chamas | |
448 | ||
449 | Copyright (c) 1998 Gisle Aas | |
450 | ||
451 | =head1 LICENSE | |
452 | ||
453 | This program is free software; you can redistribute it and/or modify it | |
454 | under the same terms as Perl itself. | |
421 | 455 | |
422 | 456 | =cut |
41 | 41 | |
42 | 42 | static void InfoCallback(const SSL *s,int where,int ret) |
43 | 43 | { |
44 | char *str; | |
44 | const char *str; | |
45 | 45 | int w; |
46 | 46 | |
47 | 47 | w = where & ~SSL_ST_MASK; |
0 | 0 | TODO for Crypt::SSLeay |
1 | 1 | |
2 | 1. Clear out the remaining CPAN bugs. | |
2 | 1. Look at the modules that use Crypt::SSLeay, and see if any useful tests can | |
3 | be created to test functionality they depend on. | |
3 | 4 | |
4 | 2. Possible typo? | |
5 | ||
6 | =head1 CLIENT CERTIFICATE SUPPORT | |
7 | ||
8 | Client certificates are supported. PEM0encoded certificate and | |
9 | ||
10 | -> should this read "PEM-encoded"? Check backpan. | |
11 | ||
12 | 3. Look at the modules that use Crypt::SSLeay, and see if any | |
13 | useful tests can be created to test functionality they depend on. | |
5 | 2. Threading support (bug #41007 and more). |
0 | 0 | #!/usr/bin/perl |
1 | 1 | |
2 | 2 | use strict; |
3 | use vars qw($opt_p $opt_n $opt_bench $opt_debug $opt_version | |
3 | use vars qw($opt_p $opt_n $opt_bench $opt_debug $opt_version | |
4 | 4 | $opt_v $opt_help |
5 | 5 | $opt_cert $opt_key $opt_cafile $opt_cadir |
6 | 6 | ); |
10 | 10 | use Benchmark; |
11 | 11 | |
12 | 12 | use Getopt::Long; |
13 | &GetOptions ('p:s' => \$opt_p, | |
14 | 'proxy:s' => \$opt_p, | |
15 | 'bench:n' => $opt_bench, | |
13 | &GetOptions ('p:s' => \$opt_p, | |
14 | 'proxy:s' => \$opt_p, | |
15 | 'bench:n' => \$opt_bench, | |
16 | 16 | 'd' => \$opt_debug, |
17 | 17 | 'version:i' => \$opt_version, |
18 | 18 | 'v:i' => \$opt_version, |
28 | 28 | |
29 | 29 | # define sub first, in case you are reading the source :) |
30 | 30 | sub help { |
31 | ||
31 | ||
32 | 32 | print <<HELP; |
33 | 33 | Usage: $basename [-d] [-b=NNN] [-h] [-p proxy_name:port] [-CAfile=FILE] [GET|HEAD] [ssl_server_name] [port] |
34 | 34 | |
40 | 40 | -cert client certificate file |
41 | 41 | -key private key file |
42 | 42 | |
43 | -CAfile CA certificates file, use certs/ca-bundle.crt for primary root certs | |
44 | ||
43 | -CAfile CA certificates file, use certs/ca-bundle.crt for primary root certs | |
44 | ||
45 | 45 | method defaults to HEAD |
46 | 46 | ssl_server_name defaults to www.nodeworks.com |
47 | 47 | port defaults to 443 |
48 | 48 | |
49 | 49 | These are equivalent: |
50 | ||
50 | ||
51 | 51 | ./net_ssl_test |
52 | 52 | ./net_ssl_test HEAD www.nodeworks.com 443 |
53 | 53 | |
55 | 55 | |
56 | 56 | ./net_ssl_test -d -p http://proxy_name:80 www.nodeworks.com |
57 | 57 | |
58 | Note http:// on proxy hostname is stripped off, and is | |
58 | Note http:// on proxy hostname is stripped off, and is | |
59 | 59 | meaningless to Crypt::SSLeay. |
60 | 60 | |
61 | 61 | HELP |
79 | 79 | $host = shift || "www.nodeworks.com"; |
80 | 80 | } |
81 | 81 | if($host =~ m|^(https://)?([^/:]+)(:(\d+))?(/.*)?$|) { |
82 | ($host, $port, $path) = ($2, $4, $5); | |
82 | ($host, $port, $path) = ($2, $4, $5); | |
83 | 83 | } |
84 | 84 | |
85 | 85 | $port ||= shift || 443; |
105 | 105 | unless(eval { &ssl_connect() }) { |
106 | 106 | print <<OUT; |
107 | 107 | == FAILED TO CONNECT == |
108 | Error: $@ | |
108 | Error: $@ | |
109 | 109 | |
110 | If you need to use a proxy, please pass it in as an argument like | |
110 | If you need to use a proxy, please pass it in as an argument like | |
111 | 111 | |
112 | 112 | ./net_ssl_test -p 127.0.0.1:8080 |
113 | 113 | |
118 | 118 | } |
119 | 119 | |
120 | 120 | if($opt_bench) { |
121 | timethis($opt_bench, sub { &ssl_connect() }); | |
121 | timethis($opt_bench, sub { &ssl_connect() }); | |
122 | 122 | } |
123 | ||
123 | ||
124 | 124 | |
125 | 125 | sub ssl_connect { |
126 | 126 | my $sock = Net::SSL->new( |
132 | 132 | $sock || ($@ ||= "no Net::SSL connection established"); |
133 | 133 | my $error = $@; |
134 | 134 | $error && die("Can't connect to $host:$port; $error; $!"); |
135 | ||
135 | ||
136 | 136 | my $out; |
137 | 137 | $out .= "WEB SITE : $host:$port\n"; |
138 | 138 | $out .= "CIPHER : ".$sock->get_cipher."\n"; |
5 | 5 | use Carp; |
6 | 6 | |
7 | 7 | use vars qw(@ISA $VERSION $NEW_ARGS); |
8 | $VERSION = '2.84'; | |
8 | $VERSION = '2.85'; | |
9 | 9 | |
10 | 10 | require IO::Socket; |
11 | 11 | @ISA=qw(IO::Socket::INET); |
105 | 105 | } |
106 | 106 | } |
107 | 107 | else { |
108 | *$self->{io_socket_peername}=@_ == 1 ? $_[0] : IO::Socket::sockaddr_in(@_); | |
108 | *$self->{io_socket_peername}=@_ == 1 ? $_[0] : IO::Socket::sockaddr_in(@_); | |
109 | 109 | if(!$self->SUPER::connect(@_)) { |
110 | 110 | # better to die than return here |
111 | 111 | $@ = "Connect failed: $@; $!"; |
132 | 132 | if (not defined $rv or $rv <= 0) { |
133 | 133 | _alarm_set(0); |
134 | 134 | $ssl = undef; |
135 | my %args = (%$new_arg, %$arg); | |
135 | # See RT #59312 | |
136 | my %args = (%$arg, %$new_arg); | |
136 | 137 | if(*$self->{ssl_version} == 23) { |
137 | 138 | $args{SSL_Version} = 3; |
138 | 139 | # the new connect might itself be overridden with a REAL SSL |
168 | 169 | } |
169 | 170 | |
170 | 171 | # Delegate these calls to the Crypt::SSLeay::Conn object |
171 | sub get_peer_certificate { | |
172 | sub get_peer_certificate { | |
172 | 173 | my $self = shift; |
173 | 174 | $self = $REAL{$self} || $self; |
174 | 175 | *$self->{ssl_ssl}->get_peer_certificate(@_); |
180 | 181 | *$self->{ssl_peer_verify}; |
181 | 182 | } |
182 | 183 | |
183 | sub get_shared_ciphers { | |
184 | sub get_shared_ciphers { | |
184 | 185 | my $self = shift; |
185 | 186 | $self = $REAL{$self} || $self; |
186 | 187 | *$self->{ssl_ssl}->get_shared_ciphers(@_); |
187 | 188 | } |
188 | 189 | |
189 | sub get_cipher { | |
190 | sub get_cipher { | |
190 | 191 | my $self = shift; |
191 | 192 | $self = $REAL{$self} || $self; |
192 | 193 | *$self->{ssl_ssl}->get_cipher(@_); |
310 | 311 | |
311 | 312 | my $proxy_addr = gethostbyname($proxy_host); |
312 | 313 | $proxy_addr || croak("can't resolve proxy server name: $proxy_host, $!"); |
313 | ||
314 | ||
314 | 315 | my($peer_port, $peer_addr) = (*$self->{ssl_peer_port}, *$self->{ssl_peer_addr}); |
315 | 316 | $peer_addr || croak("no peer addr given"); |
316 | 317 | $peer_port || croak("no peer port given"); |
331 | 332 | || croak("proxy connect to $proxy_host:$proxy_port failed: $!"); |
332 | 333 | } |
333 | 334 | else { |
334 | $self->SUPER::connect($peer_port, $peer_addr) | |
335 | # see RT #57836 | |
336 | my $peer_addr_packed = gethostbyname($peer_addr); | |
337 | $self->SUPER::connect($peer_port, $peer_addr_packed) | |
335 | 338 | || croak("proxy bypass to $peer_addr:$peer_addr failed: $!"); |
336 | 339 | } |
337 | 340 | |
341 | 344 | my $pass = $ENV{"HTTPS_PROXY_PASSWORD"}; |
342 | 345 | |
343 | 346 | my $credentials = encode_base64("$user:$pass", ""); |
344 | $connect_string = join($CRLF, | |
347 | $connect_string = join($CRLF, | |
345 | 348 | "CONNECT $peer_addr:$peer_port HTTP/1.0", |
346 | 349 | "Proxy-authorization: Basic $credentials" |
347 | 350 | ); |
360 | 363 | |
361 | 364 | $connect_string .= $CRLF; |
362 | 365 | $self->SUPER::send($connect_string); |
363 | my $header; | |
364 | my $n = $self->SUPER::sysread($header, 8192); | |
366 | ||
367 | my $timeout; | |
368 | my $header = ''; | |
369 | # See RT #33954 | |
370 | while ( $header !~ m{HTTP/\d+\.\d+\s+200\s+.*$CRLF$CRLF}s ) { | |
371 | $timeout = $self->timeout(5) unless length $header; | |
372 | my $n = $self->SUPER::sysread($header, 8192, length $header); | |
373 | last if $n <= 0; | |
374 | } | |
375 | ||
376 | $self->timeout($timeout) if defined $timeout; | |
365 | 377 | my $conn_ok = ($header =~ /HTTP\/\d+\.\d+\s+200\s+/is) ? 1 : 0; |
366 | 378 | |
367 | 379 | if (not $conn_ok) { |
372 | 384 | } |
373 | 385 | |
374 | 386 | # code adapted from LWP::UserAgent, with $ua->env_proxy API |
387 | # see also RT #57836 | |
375 | 388 | sub proxy { |
389 | my $self = shift; | |
376 | 390 | my $proxy_server = $ENV{HTTPS_PROXY} || $ENV{https_proxy}; |
377 | 391 | return unless $proxy_server; |
392 | ||
393 | my($peer_port, $peer_addr) = ( | |
394 | *$self->{ssl_peer_port}, | |
395 | *$self->{ssl_peer_addr} | |
396 | ); | |
397 | $peer_addr || croak("no peer addr given"); | |
398 | $peer_port || croak("no peer port given"); | |
399 | ||
400 | # see if the proxy should be bypassed | |
401 | my @no_proxy = split( /\s*,\s*/, | |
402 | $ENV{NO_PROXY} || $ENV{no_proxy} || '' | |
403 | ); | |
404 | my $is_proxied = 1; | |
405 | for my $domain (@no_proxy) { | |
406 | if ($peer_addr =~ /\Q$domain\E\z/) { | |
407 | return; | |
408 | } | |
409 | } | |
378 | 410 | |
379 | 411 | $proxy_server =~ s|\Ahttps?://||i; |
380 | 412 | $proxy_server; |
414 | 446 | croak("Private key and certificate do not match"); |
415 | 447 | } |
416 | 448 | } |
417 | ||
449 | ||
418 | 450 | $count; # number of successful cert loads/checks |
419 | 451 | } |
420 | 452 |