Re^3: Issue with LWP loading client certificate

Yes, this should work with a privatekey in PEM format. It needs to be unencrypted, though.

UPDATE:
You may as well put the cert and the privkey in PEM format into the certfile or you may use a PKCS#12 as certfile. And you may give a callback sub to provide the passphrase for the private key via SSL_password_cb. See IO::Socket::SSL.

Greetings,
-jo

$gryYup$d0ylprbpriprrYpkJl2xyl~rzg??P~5lp2hyl0p$

Comment on Re^3: Issue with LWP loading client certificate Download Code

Replies are listed 'Best First'.
Re^4: Issue with LWP loading client certificate by ffrost (Acolyte) on Jun 20, 2021 at 13:06 UTC
Further down the rabbit hole we go. Open one door and another presents itself. We cannot have unencrypted .pfx files for the private key on the server. But, there's notation stating the password for the private key can get passed into the IO::Socket with a subroutine. This part doesn't make sense to me. From what I've found this is how it's put together, but it's still failing. `use LWP::UserAgent; use Data::Dumper; use IO::Socket::SSL qw(debug4); IO::Socket::SSL::set_defaults(passwd_cb => sub { "passwordvaluehere" } +); $endpoint = 'https://omit/commotest'; $ua = LWP::UserAgent->new; $ua->ssl_opts(SSL_cert_file => 'der.cer'); $ua->ssl_opts(SSL_key_file => 'privatekey.pfx'); $ua->ssl_opts(SSL_use_cert => '1'); $response = $ua->get($endpoint); if ($response->is_success) { print Dumper $response; } else { print "Error: " . $response->status_line, "\n"; }` [download] But now I'm getting the following response ... We're using a simple passphrase for now to test with, no symbols. Research online showed other users had issues with complex passphrases and the decryption. `DEBUG: .../IO/Socket/SSL.pm:2411: Failed to load key from file (no PEM + or DER) SSL error: 4824: 1 - error:0606F076:digital envelope routines:EVP_PKCS +82PKEY:unsupported private key algorithm SSL error: 4824: 2 - error:140B000D:SSL routines:SSL_CTX_use_PrivateKe +y_file:ASN1 lib` [download]	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^4: Issue with LWP loading client certificate
by ffrost (Acolyte) on Jun 20, 2021 at 13:06 UTC

Further down the rabbit hole we go. Open one door and another presents itself.

We cannot have unencrypted .pfx files for the private key on the server. But, there's notation stating the password for the private key can get passed into the IO::Socket with a subroutine. This part doesn't make sense to me. From what I've found this is how it's put together, but it's still failing.

 
use LWP::UserAgent;
use Data::Dumper; 
use IO::Socket::SSL qw(debug4); 

IO::Socket::SSL::set_defaults(passwd_cb => sub { "passwordvaluehere" }
+); 
$endpoint = 'https://omit/commotest'; 
$ua = LWP::UserAgent->new; 
$ua->ssl_opts(SSL_cert_file => 'der.cer'); 
$ua->ssl_opts(SSL_key_file => 'privatekey.pfx'); 
$ua->ssl_opts(SSL_use_cert => '1'); 
$response = $ua->get($endpoint); 
if ($response->is_success) { 
  print Dumper $response;
} 
else { 
  print "Error: " . $response->status_line, "\n"; 
}
[download]

But now I'm getting the following response ... We're using a simple passphrase for now to test with, no symbols. Research online showed other users had issues with complex passphrases and the decryption.

 
DEBUG: .../IO/Socket/SSL.pm:2411: Failed to load key from file (no PEM
+ or DER) 
SSL error: 4824: 1 - error:0606F076:digital envelope routines:EVP_PKCS
+82PKEY:unsupported private key algorithm 
SSL error: 4824: 2 - error:140B000D:SSL routines:SSL_CTX_use_PrivateKe
+y_file:ASN1 lib
[download]

[reply]
[d/l]
[select]