Subject: | LWP::Protocol::Coro::http ignores client certificate and private-key |
Date: | Fri, 16 Feb 2018 17:26:57 +0300 |
To: | bug-LWP-Protocol-Coro-http [...] rt.cpan.org |
From: | Ph0enix <dotuist [...] mail.ru> |
Hello.
If I use client authentication providing SSL_cert_file and SSL_key_file in ssl_opts with LWP::Protocol::Coro::http, then my connection does not success.
For example:
use IO::Socket::SSL qw(debug3);
use HTTP::Request;
use LWP::Protocol::Coro::http;
my $opts = {
PeerHost =>'test.test.ru',
PeerPort =>'8088',
SSL_version => "TLSv1",
SSL_use_cert => 1,
SSL_cert_file =>'cert.pem',
SSL_key_file => 'key.pem',
verify_hostname => 0,
};
my $cli = LWP::UserAgent->new(ssl_opts => $opts, timeout=>25) ;
my $url = ' https://test.test.ru:8088 ';
my $req = HTTP::Request->new(POST => $url);
$req->content('<XMl></XML>');
my $rsp = $cli->request($req);
print "DEBUG:CONNECT:".$rsp."|".$rsp->content()."|".$rsp->code()."|".$rsp->status_line()."|".$rsp->as_string()."|\n";
I think it happens because LWP/Protocol/Coro/http.pm does not copy these parameters (like in SSL_ca_file case):
Original code:
my %tls_ctx;
# Convert various ssl_opts values to corresponding AnyEvent::TLS tls_ctx values.
$tls_ctx{ verify } = $ssl_opts{SSL_verify_mode};
$tls_ctx{ verify_peername } = 'http' if defined($ssl_opts{SSL_verifycn_scheme}) && $ssl_opts{SSL_verifycn_scheme} eq 'www';
$tls_ctx{ ca_file } = $ssl_opts{SSL_ca_file} if exists($ssl_opts{SSL_ca_file});
$tls_ctx{ ca_path } = $ssl_opts{SSL_ca_path} if exists($ssl_opts{SSL_ca_path});
if ($ssl_opts{verify_hostname}) {
Patched code:
my %tls_ctx;
# Convert various ssl_opts values to corresponding AnyEvent::TLS tls_ctx values.
$tls_ctx{ verify } = $ssl_opts{SSL_verify_mode};
$tls_ctx{ verify_peername } = 'http' if defined($ssl_opts{SSL_verifycn_scheme}) && $ssl_opts{SSL_verifycn_scheme} eq 'www';
$tls_ctx{ ca_file } = $ssl_opts{SSL_ca_file} if exists($ssl_opts{SSL_ca_file});
$tls_ctx{ ca_path } = $ssl_opts{SSL_ca_path} if exists($ssl_opts{SSL_ca_path});
$tls_ctx{ cert_file } = $ssl_opts{SSL_cert_file} if exists($ssl_opts{SSL_cert_file});
$tls_ctx{ key_file } = $ssl_opts{SSL_key_file} if exists($ssl_opts{SSL_key_file});
if ($ssl_opts{verify_hostname}) {
I prepared patch-file. You can see it in attachment.
Sincerely yours, Tsvetkov Alexey.
Message body is not shown because sender requested not to inline it.