Databases
StackOverflow2013
Postsdbo
POMatch PHP socket SSL options in Perl
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POMatch PHP socket SSL options in Perl
    text
    copied!<p><b>Background:</b></p> <p>In some PHP code dealing with a 3rd party web-service, the following code works:</p> <pre><code>// connect to web-service $remote_addr = "tcp://{$data['ip']}:{$data['port']}"; $socket = stream_socket_client($remote_addr, $errno, $errstr, 30); if (!$socket) throw "Couldn't create socket: $errstr\n"; // configure SSL options on socket stream_context_set_option($socket, 'ssl', 'local_cert', $data['cert']); stream_context_set_option($socket, 'ssl', 'verify_peer', false); stream_context_set_option($socket, 'ssl', 'allow_self_signed', true); stream_context_set_option($socket, 'ssl', 'cafile', $data['cafile']); // do SSL handshake stream_set_blocking ($socket, true); stream_socket_enable_crypto ($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT); stream_set_blocking ($socket, false); //... start talking HTTP </code></pre> <p>We go on to wrap this PHP code in our own JSON-RPC web-service in order to call it from an in-house management system, written in Perl.</p> <p>In profiling this "solution", I've discovered that I could greatly improve performance by removing the Perl-PHP (via HTTP) indirection. I've tried porting the code to Perl but have had issues matching the SSL options.</p> <p>I'm using the <code>$ua->ssl_opts()</code> method of <code>LWP::UserAgent</code> to pass the correct options down to <code>Net::SSL</code> (<code>Crypt::SSLeay</code>). I've been using <code>strace</code> to determine whether the certificates are being read, and it looks like they are. However, I'm not sure whether <code>Net::SSL</code> succeeds in reading the key from the PEM.</p> <p><b>Question:</b></p> <p>What specific <code>$ua->ssl_opts()</code> arguments do I need to match the behaviour of the PHP code?</p> <p><b>Notes:</b> <ul> <li><code>$data['cert']</code> is the full path to a PEM file containing<ul> <li>Our "client" certificate - issued by the 3rd party</li> <li>Our <i>non</i>-encrypted (RSA) private key - issued by the 3rd party</li></ul><br></li> <li><code>$data['cafile']</code> is the full path to the self-signed signing certificate - issued by the 3rd party<br><br></li> <li>I'm <i>not</i> looking for security advice about the plaintext nature of the private key.</li> </ul></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload