alokranjan has asked for the wisdom of the Perl Monks concerning the following question:

Hi All, Can anyone please have a look at my cgi script to print the ssl certificate expirt date. I am picking the sitename from a html page and passing to the below cgi: 
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use Net::SSL::ExpireDate;
use strict;

my $sitename;
my $ed;
my $expire_date;

print header;
print start_html("Thank You");
print h2("Thank You");

my %form;
foreach my $p (param()) {
    $form{$p} = param($p);
    print "$p = $form{$p}<br>\n";
    $sitename = $form{$p};
    }

#$sitename = "www.google.com";

chomp($sitename);
$sitename =~ s/^\s+|\s+$//g;

print "\nWebsite name is: $sitename.\n";

$ed = Net::SSL::ExpireDate->new( https => $sitename );
if (defined $ed->expire_date) {
    $expire_date = $ed->expire_date;
    print "$expire_date\n";
    }

print end_html;

[download]
I am wondering why its not working, though a separate Perl script is working fine to get the expiry date. Any help/assistance would be highly appreciated.

Thanks, Alok

Replies are listed 'Best First'.
Re: ssl details cgi script
by noxxi (Pilgrim) on Jul 26, 2015 at 09:29 UTC
    Net::SSL::ExpireDate constructs the SSL handshake by hand and explicitly does a TLS 1.2 only request with only a handful of ciphers. It might be that the site you are trying to reach does not work with TLS 1.2 or does not support the ciphers offered by Net::SSL::ExpireDate. I would recommend that you instead use a library which is commonly used to establish SSL connections and which should work with almost every site. With IO::Socket::SSL you can get the expiration date like this: 
    use strict;
use warnings;
use IO::Socket::SSL;
use IO::Socket::SSL::Utils;

# ignore certificate errors since we only want to get the expiration
# time and not transfer any sensitive data
my $cl = IO::Socket::SSL->new(
    PeerAddr => 'www.google.com:443', 
    SSL_verify => 0
) or die "connect failed: $!, $SSL_ERROR";
my $cert = $cl->peer_certificate or die "no peer certificate";
print "expire=".localtime(CERT_asHash($cert)->{not_after})."\n";

    [download]
[reply]
[d/l]
      use Net::SSL::ExpireDate;

my $site = "www.google.com";
$ed = Net::SSL::ExpireDate->new( https => $site );

if (defined $ed->expire_date) {
      $expire_date = $ed->expire_date; 
      print $expire_date;
      $expired = $ed->is_expired;
    }

      [download]
      Above code is also working fine but not with the cgi. Anyways many thanks for suggesting new solution.

      Thanks

[reply]
[d/l]
      Many thanks, your suggested solution worked like a charm. But I am wondering why my code didn't show expiry date.
[reply]
Re: ssl details cgi script
by afoken (Chancellor) on Jul 25, 2015 at 19:38 UTC
    I am wondering why its not working

    Because it is too lazy.

    If you want a better answer, explain what you mean by "not working".

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
Re: ssl details cgi script
by alokranjan (Acolyte) on Jul 25, 2015 at 19:47 UTC
    Hi,

    Not working means its printing the website name perfectly that I passed from my HTML page but the expiry date is not coming. Though if I am hard coding the value of website name in cgi script, its correctly displaying the expiry date.

    Thanks.
[reply]

      It works for me using this html with www.google.com

      <html>
<head>
</head>
<body>
<form action="cgi-bin/test/expire.pl" method="post">
  <input type="text" name="sitename"/>
  <input type="submit"/>
</form>
</body>
</html>

      [download]
      poj
[reply]
[d/l]
        Is it also showing the expiry date? I used the similar HTML and tried the html suggested by you but still its only showing the website name not the expiry date.

        Thanks

[reply]

Back to Seekers of Perl Wisdom