RE: [Crypt::SSLeay] Compile problems on Solaris - Resolved

The self-signed certificate was the problem. Used a regular Server
Certificate signed by a CA and used the signer CA certificate with
HTTPS_CA_FILE on the Perl script and everything just works !!!

Ran a test with the s_client module of openssl using the self-signed
certificate and verify returns an error 18. The Windows version SSLeay.dll
we used to test does not have a problem handling self-signed certificates.
We used the version distributed by the Univ. of Winnipeg and so my guess is
they probably added/modfied code to handle the error 18 that gets returned
for self-signed certificates.
-R-
Saju Panikulam
-----Original Message-----
From: Saju [mailto:saju.paul@messageway.com]
Sent: Saturday, November 04, 2006 7:36 AM
To: 'lawrence@cluon.com'; 'libwww@perl.org'
Subject: RE: [Crypt::SSLeay] Compile problems on Solaris

Thanks. Read about the fix to SSLeay.xs before I got your reply. Added
SSL_library_init() at line #125. That change resolved the 'make test'
failure; now both tests work and the install phase completes too.

But I'm not able to successfully complete a SSL handshake for a https
session using Crypt::SSLeay. The other Perl module that I installed is
IO::Socket::SSL. The odd thing is if I remove the Perl module Crypt::SSLeay
with ppm (Perl Package Manager part of the Perl distribution from Active
State) the https connection is made and everything works fine but it does
not appear to be validating the X509 certificate it is sent from the server
with the CA certificate. In our Perl script we setup the environment
variable HTTPS_CA_FILE and it points to a self-signed X509 certificate file.
The same self-signed certificate file and it's private key is used on the
Server side. This method seems to work perfectly well on a Windows box
using the SSLeay.DLL but is causing a SSL negotiation failure on our Sun
machine. Thoughts... Is there anyway I can trace the handshake to see
where it might be failing.
Thanks & Regards,
Saju Panikulam
-----Original Message-----
From: lawrence@cluon.com [mailto:lawrence@cluon.com]
Sent: Friday, November 03, 2006 9:11 AM
To: libwww@perl.org
Cc: Saju Paul
Subject: Re: [Crypt::SSLeay] Compile problems on Solaris

> Hello Joshua,
> Attempting to build and install Crypt::SSLeay with cpan on my Sun machine.
> Solaris 9 is the OS and the compile environment is the SunStudio11; the C
> (cc) and C++ (CC ) compiler version are Sun C 5.8. Version of OpenSSL
> installed on the system 0.9.8d. If there is any other information that I
> have not included let me know and I'll send them along.
>
> Thanks & Regards,
> Saju Panikulam
>


I posted about this a few days ago -- you need to make a minor change
in work with the latest OpenSSL libraries.

Near line 107 of SSLeay.xs, either change SSLeay_add_all_algorithms() to
SSLeay_add_ssl_algorithms() or add a call to SSL_library_init()

make; make test

Marvel at how it now works.




This message (including any attachments) contains confidential
and/or proprietary information intended only for the addressee.
Any unauthorized disclosure, copying, distribution or reliance on
the contents of this information is strictly prohibited and may
constitute a violation of law. If you are not the intended
recipient, please notify the sender immediately by responding to
this e-mail, and delete the message from your system. If you
have any questions about this e-mail please notify the sender
immediately.