pjsmith has asked for the wisdom of the Perl Monks concerning the following question:

I am currently working on a script to automatically log in to a web application on my company's web site. There are several pages that are part of the login process. One page asks the user for a digital certificate.

I can handle all of the other pages with LWP::UserAgent. As far as I can tell, Net::SSLeay and Crypt::SSLeay are the modules that can handle certificates. Since Net::SSLeay is not an LWP module, I'd like to use Crypt::SSLeay if possible.

According to the documentation for Crypt::SSLeay, this is how you include PEM encoded certificate and private key files: 

$ENV{HTTPS_CERT_FILE} = 'cert.pem';
$ENV{HTTPS_KEY_FILE}  = 'key.pem';

[download]

It looks like the PEM files that I have aren't being loaded, because when I use nonexistent filenames, it doesn't give me any errors.

Here's a snippet of the code I'm using to make my request: 

my $cookie_jar = HTTP::Cookies->new;

my $ua = new LWP::UserAgent;
if ( $proxy ne "" ) {
  $ua->proxy(['http', 'https'], $proxy);
}

my $request = new HTTP::Request("POST", $url);
$request->content_type('application/x-www-form-urlencoded');
$request->content($content);
$ua->agent("Mozilla/4.7");

$cookie_jar->add_cookie_header($request);

my $response = $ua->request($request);

$cookie_jar->extract_cookies($response);

[download]

$content is the data that I'm posting (user name and password). Of course, I've set $url to the URL I'm trying to post to, and $proxy is the proxy server. With a little bit of extra code to handle timeouts, this is the same code that I've used for other POSTs.

I've got OpenSSL version 0.9.6b installed, all the latest versions of the LWP modules, and version 0.29 of Crypt::SSLeay.

Am I using Crypt:SSLeay correctly? Do I need to add code to my request? Or should I be using Net:SSLeay, or some other module?

Thanks in advance.
P.J.

Replies are listed 'Best First'.
Re: Sending a certificate with an https request
by shotgunefx (Parson) on Jul 27, 2001 at 03:57 UTC
    Read README.SSL that comes with the install for LWP for instructions to enable SSL in LWP

    Excerpt:
    "SSL SUPPORT -----------

    The libwww-perl package has support for using SSL/TLSv1 with its HTTP client and server classes. This support makes it possible to access https schemed URLs with LWP. Because of the problematic status of encryption software in general and certain encryption algorithms in particular, in several countries, libwww-perl package doesn't include SSL functionality out-of-the-box."

    -Lee

    "To be civilized is to deny one's nature."
[reply]
Re: Sending a certificate with an https request
by Anonymous Monk on Jul 27, 2001 at 10:25 UTC
    Also, you may have to set the Environment variables for the proxy. 
    For proxying web requests, like with LWP::UserAgent->proxy(), or lwp-r
+equest -p ..., you need to set an environment variable HTTPS_PROXY to
+ your proxy server & port, as in: 

  # PROXY SUPPORT
  $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
  $ENV{HTTPS_PROXY} = '127.0.0.1:8080';


Use of the HTTPS_PROXY environment variable in this way is compatible 
+with LWP::UserAgent->env_proxy() usage. 

If we could find the current LWP object executing while in Net::SSL co
+ntext, then we could support proxy() method too, but it does not seem
+ feasible to do so at this time. 

Basic auth credentials to the proxy server can be provided this way: 

  # PROXY_BASIC_AUTH
  $ENV{HTTPS_PROXY_USERNAME} = 'username';
  $ENV{HTTPS_PROXY_PASSWORD} = 'password';

    [download]
[reply]
[d/l]
Re: Sending a certificate with an https request
by pjsmith (Monk) on Jul 27, 2001 at 19:01 UTC
    Thanks for the suggestions so far.

    First, the easy suggestion to respond to - adding the proxy environment variable didn't seem to make a difference. Since it appears to have done no harm, I'll leave it in for now.

    Second, shotgunefx - I read through the README.SSL file that came with libwww-perl-5.53. It sounds like LWP should work with https once you install Crypt::SSLeay, which requires OpenSSL. I've had no problems accessing https URLs, I've just had problems passing certificates to these URLs.

    I've re-installed OpenSSL, and Crypt::SSLeay. I did discover that I had been pointing to an older version of OpenSSL, but even after I changed the OpenSSL path, my script still doesn't seem to be working.

    Am I missing something in the README.SSL file? Any other ideas?

    Thanks,
    P.J.

[reply]

Back to Seekers of Perl Wisdom