Skip Menu |

This queue is for tickets about the Net-SSL-ExpireDate CPAN distribution.

Report information
The Basics
Id: 94573
Status: resolved
Priority: 0/
Queue: Net-SSL-ExpireDate
People
Owner: hirose31 [...] gmail.com
Requestors: chad-bitcard.org [...] superfrink.net
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.11
Fixed in: 1.12

History Show all quoted text
  Wed Apr 09 14:31:44 2014 chad-bitcard.org [...] superfrink.net - Ticket created
Subject: HTTPS Server Name Indication support
Hi, I came across a server where both Chrome and IE showed one certificate while Net::SSL::ExpireDate showed the expiry date for another certificate. This was due to the browsers using TLS Server Name Indication aka SNI. I determined the problem by running openssl s_client with and without the -servername parameter. Eg: $ echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -text It would be useful if Net::SSL::ExpireDate used SNI by default and perhaps had an option to not use SNI. Thank you. Cheers, Chad
  Thu May 01 04:53:32 2014 MCARDWELL [...] cpan.org - Correspondence added
I just came here to request this same functionality. If it helps for testing, I have a site which uses SNI here: https://emailprivacytester.com/ This openssl command which uses SNI gives me the SSL cert for emailprivacytester.com: openssl s_client -servername emailprivacytester.com -connect emailprivacytester.com:443 Without the SNI, I get the cert for grepular.com instead: openssl s_client -connect emailprivacytester.com:443 Which is the same result that I get from Net::SSL::ExpireDate
  Thu May 01 04:53:33 2014 The RT System itself - Status changed from 'new' to 'open'
  Tue Jun 03 23:31:47 2014 hirose31 [...] gmail.com - Correspondence added
I'v released Net::SSL::ExpireDate 1.12 that supports SNI! - https://metacpan.org/pod/Net::SSL::ExpireDate Show quoted text
>Chad
Could you try Net::SSL::ExpireDate 1.12? Show quoted text
>MCARDWELL
Your URL helps me extremely!!
  Tue Jun 03 23:32:10 2014 hirose31 [...] gmail.com - Status changed from 'open' to 'resolved'
  Tue Jun 03 23:33:06 2014 hirose31 [...] gmail.com - Taken
  Tue Jun 03 23:33:06 2014 hirose31 [...] gmail.com - Fixed in 1.12 added
  Sat Jun 07 11:45:12 2014 chad-bitcard.org [...] superfrink.net - Correspondence added
From: chad-bitcard.org [...] superfrink.net
Thanks for the update! Show quoted text
> Could you try Net::SSL::ExpireDate 1.12?
Sorry but we changed our server to not have the second https site. I no longer have a server to test with.