POSTing data via SSL

eldritch has asked for the wisdom of the Perl Monks concerning the following question:

I have an application for creating online courses at a university. A professor requests a course on server A. Upon approval by the sysadmin, their data is XMLized and transmitted to the appropriate course server with an authorization code, where the XML is parsed and the course is created. Right now I'm doing this with IO::Socket and everything works great.

The problem is, now I want to create these courses on servers running SSL instead of just HTTP. I would prefer to use IO::Socket::SSL, and just create a secure socket instead of an insecure one, keeping my code mostly the same. But I'm having a very difficult time getting this to work, mostly because I can't find documentation. What I would really like is some example code of what it looks like to open a secure socket, but also some back story to the process. The error I keep getting is unable to create socket: No such file or directory The code I'm using is

my $socket = IO::Socket::SSL->new(
                        PeerAddr => "$remote_host:$remote_port",
                        PeerPort => $remote_port,
                        Proto    => "tcp",       
                        SSL_verify_mode=>0x01
                        ) or die "unable to create socket: $!\n";;
[download]

What file is it missing? Where can I find documentation on the methods for IO::Socket::SSL (they aren't in the README)? Should I give up and use LWP instead? Either way, I seem to be missing something big regarding "having the certificate of the site I'm trying to connect to" (I keep seeing references to that, but I don't know how to do it.)

Any help is humbly and gratefully requested. Thank you.

Comment on POSTing data via SSL Select or Download Code

Replies are listed 'Best First'.
Re: POSTing data via SSL by eldritch (Initiate) on Dec 06, 2001 at 03:47 UTC
I answered my own question (though information others might have on the subject would still be welcome!) Documentation for IO::Socket::SSL is available at http://search.cpan.org/doc/ASPA/IO-Socket-SSL-0.80/lib/IO/Socket/SSL.pm (where I swear to God I looked earlier without finding it) and the solution to all my problems (for now, at least) is `my $socket = IO::Socket::SSL->new( PeerAddr => "$remote_host:$remote_port", PeerPort => $remote_port, Proto => "tcp", SSL_verify_mode=>0x00 ) or die "unable to create socket: $!\n";;` [download] From the documentation: SSL_verify_mode Type of verification process which is to be performed upon a peer certificate. This can be a combination of 0x00 (don't verify), 0x01 (verify peer), 0x02 (fail verification if there's no peer certificate), and 0x04 (verify client once). Default: verify peer.	[reply] [d/l]
Re: Re: POSTing data via SSL by no_slogan (Deacon) on Dec 06, 2001 at 05:08 UTC
Setting the verify mode to "don't verify" leaves you open to a man-in-the-middle attack. Programs like ettercap will be able to intercept and decrypt your traffic. If you're concerned about that, the right solution is to make sure there's a certificate authority file somewhere the script can find it. The IO::Socket::SSL module source contains such a file, but I don't think it's installed automatically. To find out where it's looking for certificates, the strace and truss commands are always useful.	[reply]
Re: POSTing data via SSL by strat (Canon) on Dec 06, 2001 at 15:34 UTC
Maybe you will get a better errormessage if you try $@ instead of $!: `my $socket = IO::Socket::SSL->new( ...) or die "unable to create socket: $@\n";` [download] Best regards, strat	[reply] [d/l]