in reply to Getting an SSL Certificate Expiration Date

My understanding is that you can supply your own callback via LWP::UserAgent to do your own processing at the certificate-validation phase. That would avoid the need for a second connection. This isn't something I have done but the docs suggest it might be a feasible approach.

my $ua = LWP::UserAgent->new (
    ssl_opts => {
        SSL_verify_callback => \&my_handler
    }
);

[download]

🦛

Replies are listed 'Best First'.
Re^2: Getting an SSL Certificate Expiration Date
by haukex (Archbishop) on Feb 08, 2022 at 22:55 UTC

    Good idea, some quick googling found this post by Graham Knop from which I adapted the code:

    use warnings;
use strict;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new(
    ssl_opts => {
        SSL_verify_callback => sub {
            my ($ok, $ctx_store) = @_;
            my $cert = Net::SSLeay::X509_STORE_CTX_get_current_cert($c
+tx_store);
            print Net::SSLeay::P_ASN1_TIME_get_isotime(
                Net::SSLeay::X509_get_notAfter($cert) ), "\n";
            return $ok;
        },
    },
);
$ua->get('https://www.perlmonks.org/');

__END__

2038-01-18T23:59:59Z
2029-08-21T23:59:59Z
2022-09-02T23:59:59Z

    [download]

    Note the documentation also says "The callback will be called for each element in the certificate chain."

    Another post in the above thread points to Net::SSL::ExpireDate.

[reply]
[d/l]

In Section Seekers of Perl Wisdom