[Crypt::SSLeay] Client Cert Support?

[Crypt::SSLeay] Client Cert Support?

am 25.04.2005 21:34:52 von robindarby

Hello,
Can anyone tell me what 'CLIENT CERT SUPPORT', as in:
# CLIENT CERT SUPPORT
$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
(from http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm) does
(or point me @ a nice url or something)?

I went on a adventure today writing a little (perl) script to send xml
requests over ssl to an apache server.
Basically i wanted to grant access/reject requests depending on the
presents of a cert (from the client).
I assumed that's what a client cert did or is that CA CERT PEER
VERIFICATION?
The script works, but I think i've implemented the wrong solution (d'oh
:)

I've:
- Been on a google (got even more confused).
- Been reading the RFC's & Spec's (got very bored).
- Been drinking to forget.

Apologies if this is a really simple/silly question: Cost of losing
face - Nothing!

Thanks
Robin...

Re: [Crypt::SSLeay] Client Cert Support?

am 26.04.2005 01:01:39 von jarich

Robin Darby wrote:
> Hello,
> Can anyone tell me what 'CLIENT CERT SUPPORT', as in:
> # CLIENT CERT SUPPORT
> $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
> $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
> (from http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm) does
> (or point me @ a nice url or something)?

These environment variables provide the path to the client cert which you want
to *send* to the *server* as your credentials. This allows LWP programs to use
certificate based authentication when connecting.

> Basically i wanted to grant access/reject requests depending on the
> presents of a cert (from the client).

I can't properly remember how to do this. However, as far as I know,
authentication is usually done via Apache (with mod_ssl or whatever webserver
you're using) and thus if your client connects and authenticates correctly
*then* your program runs.

You can still get their details from environment variables.

All the best,

Jacinta

--
("`-''-/").___..--''"`-._ | Jacinta Richardson |
`6_ 6 ) `-. ( ).`-.__.`) | Perl Training Australia |
(_Y_.)' ._ ) `._ `. ``-..-' | +61 3 9354 6001 |
_..`--'_..-_/ /--'_.' ,' | contact@perltraining.com.au |
(il),-'' (li),' ((!.-' | www.perltraining.com.au |