Re: Extract digital signature from HTTPS response

The closest you can get is to verify the hostname and certificate by using the ssl_opts option. Once you have saved the file to disk, there is no way to assure its integrity.

You could sign the file from your program, maybe using gpg, while writing it, but nothing prevents somebody with access to the machine/account to sign other files as well.

Comment on Re: Extract digital signature from HTTPS response

Replies are listed 'Best First'.
Re^2: Extract digital signature from HTTPS response by stringZ (Acolyte) on Feb 25, 2013 at 08:19 UTC
Thanks for the reply. What about IO::Socket::SSL?	[reply]
Re^3: Extract digital signature from HTTPS response by Corion (Patriarch) on Feb 25, 2013 at 08:21 UTC
Once your text file has been written to disk, there is nothing that SSL can do to help you. Maybe you can somehow use the public part of the SSL key of the remote side to sign the file, but that will require understanding of the SSL protocol which I don't have.	[reply]