| Subject: | Issues with verification in IO::Socket::SSL |
Below you will find the system information, script, and output from the
script.
The script should work, according to the documentation, but it fails
unexpected. It shows there as being no error and not opened.
[kitsune@vixen42]/tmp> uname -a ; perl -v ; lsipkg ca_root_nss ; lsipkg
IO-Socket-SSL ; lsipkg SSLeay
FreeBSD vixen42.vulpes.vvelox.net 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE
#1: Thu Jul 22 22:15:08 UTC 2010
kitsunetemp@vixen42.vulpes.vvelox.net:/usr/obj/usr/src/sys/GENERIC amd64
This is perl, v5.10.1 (*) built for amd64-freebsd-thread-multi
Copyright 1987-2009, Larry Wall
Perl may be copied only under the terms of either the Artistic License
or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
ca_root_nss-3.12.6
p5-IO-Socket-SSL-1.33
p5-Net-SSLeay-1.36
[kitsune@vixen42]/tmp> cat test.pl
#!/usr/bin/perl
use Data::Dumper;
use IO::Socket::SSL;
my $c=IO::Socket::SSL->new("google.com:443",
SSL_verifycn_scheme=>"http",
SSL_ca_file=>"/usr/local/share/certs/ca-root-nss.crt",
SSL_verify_mode=>0x01,
SSL_verifycn_name=>"google.com",
# SSL_verify_callback=>\&{ print Dumper(\@_) },
# SSL_error_trap=>\&{ print Dumper(\@_) }
)
||
warn(IO::Socket::SSL::errstr);
print Dumper(
$c->errstr,
$c->opened,
$c->dump_peer_certificate,
$c->peer_certificate,
$c->peer_certificate("authority"),
$c->peer_certificate("owner"),
$c->peer_certificate("commonName"),
);
[kitsune@vixen42]/tmp> ./test.pl
$VAR1 = '';
$VAR2 = undef;
[kitsune@vixen42]/tmp>