IO::SOCKET::SSL rest client requires client certificate can do it with curl but not in perl

aktinide has asked for the wisdom of the Perl Monks concerning the following question:

after some conversion from the keystore it is working fine with curl using a client cert:

curl --cacert CA.pem --cert client.p12 -X GET --header "openid:1234" https://name:32102/rest/

but I am still struggling to get it workin in perl like

 #!/usr/bin/perl
use strict;
use IO::Socket::SSL qw(debug3);


print  $IO::Socket::SSL::VERSION, "\n";


    my $client = IO::Socket::INET->new('name:32102') or die $!;
    IO::Socket::SSL->start_SSL($client,
        # explicitly set hostname we should use for SNI
       SSL_hostname => 'name',
        SSL_verify_mode => SSL_VERIFY_PEER,
        SSL_ca_file => 'CA.pem',
       SSL_key_file => '/client.p12',
  
    ) or die $SSL_ERROR;
print $client "GET /rest/
               openid:1234";
print <$client>;
[download]

The SSL connectin is fine , but the cert is no accepted , not used ? the Application replies with Auth failed.. What do I need to do to make it working like it does with curl ?

Comment on IO::SOCKET::SSL rest client requires client certificate can do it with curl but not in perl Select or Download Code

Replies are listed 'Best First'.
Re: IO::SOCKET::SSL rest client requires client certificate can do it with curl but not in perl by hippo (Archbishop) on Apr 01, 2016 at 09:29 UTC
The SSL connectin is fine , but the cert is no accepted , not used ? If you look closely, you will see that you are not specifying a client cert to use because there is no `SSL_cert_file` attribute in your call to `start_SSL`. Try swapping the `SSL_key_file` for `SSL_cert_file` instead as that should accept a key/cert pair in PKCS#12 format.	[reply] [d/l] [select]
Re: IO::SOCKET::SSL rest client requires client certificate can do it with curl but not in perl by stevieb (Canon) on Mar 31, 2016 at 23:16 UTC
Is the cert really in the root (`/`) directory: `SSL_key_file => '/client.p12'`? I don't know if it isn't if it'd throw a different error or not, so this is just a random guess.	[reply] [d/l] [select]
Re^2: IO::SOCKET::SSL rest client requires client certificate can do it with curl but not in perl by aktinide (Initiate) on Apr 01, 2016 at 07:03 UTC
no, client.p12 is not in (/) I just did shorten the full path, I doublecheked using the same full path in curl and perl .	[reply]