Comments (5)
The example server only requests a certificate from the client if option --ca
is set because only then the certificate can be verified. And if no certificate is requested the client will not send one. I've updated the code to make this more clear in the usage description.
from p5-io-socket-ssl.
Thanks, with --ca
option works.
Can't understand how to get client certificate without verify and not specify client CA. It is possible?
So if i have my own self signed certificate which i want to check on server side. What i must to do?
from p5-io-socket-ssl.
Can't understand how to get client certificate without verify and not specify client CA. It is possible?
As documented the certificate is requested if SSL_verify_mode
is set to SSL_VERIFY_PEER
. But the way the example programs works is that SSL_VERIFY_PEER
is only used if option --ca
is given. This is just an example program and not a full featured test server.
from p5-io-socket-ssl.
Oh, my question is not relevant for this example.
For example i have server with SSL_verify_mode
option. How can i do client request with self signed certificate?
#!/usr/bin/perl
use Mojo::Base -strict;
use IO::Socket::SSL;
use DDP;
my $server = IO::Socket::SSL->new(
# where to listen
LocalAddr => '127.0.0.1',
LocalPort => 3000,
Listen => 10,
# which certificate to offer
# with SNI support there can be different certificates per hostname
SSL_cert_file => 'tls/cert.pem',
SSL_key_file => 'tls/key.pem',
SSL_verify_mode => SSL_VERIFY_PEER
) or die "failed to listen: $!";
# accept client
my $client = $server->accept or die
"failed to accept or ssl handshake: $!,$SSL_ERROR";
warn p $client->peer_certificates;
In this example i get certificate verify failed
, because certificate is self signed.
from p5-io-socket-ssl.
Oh, very thanks. Found answer in your documentation. Need to set SSL_verify_callback
option to validate.
from p5-io-socket-ssl.
Related Issues (20)
- CERT_asHash() returns certificate validity date out by local UTC offset HOT 7
- TLS-SRP (client) support HOT 1
- Support Net::LibIDN2? HOT 1
- Issue with failing t/cert_formats.t for OpenSSL 3.0.0 HOT 3
- .../IO/Socket/SSL.pm:1177: global error: Undefined SSL object HOT 5
- start_SSL causes debug error "Undefined SSL object" HOT 1
- OpenSSL-3.0.0 support HOT 4
- "no cipher match" after upgrade to IO::Socket::SSL 2.073 HOT 2
- Test set_curves.t appears to be sensitive to timing HOT 6
- Failed to compile perl-IO-Socket-SSL-1.94-7 HOT 1
- IO-Socket-SSL fails tests on OpenBSD HOT 4
- When will 2.075 hit CPAN? HOT 2
- Two test failures on threaded debugging perl HOT 4
- Self-signed certificate allowed for any IP address HOT 4
- Default SSL_version should be restricted to TLS 1.2+ HOT 4
- IPv6 iPAddress subjectAltName verification fails without SSL_verifycn_name HOT 1
- Scan Flagged Potential Compliance Issue with these Certs -- Need to confirm HOT 1
- t/external/ocsp.t: Failing external test HOT 1
- Use of uninitialized value $2 in concatenation (.) or string at /usr/local/lib/perl5/site_perl/IO/Socket/SSL.pm line 792. HOT 2
- SSL Handshake fails with smtp.office365.com HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from p5-io-socket-ssl.