Re: POSTing data via SSL

I answered my own question (though information others might have on the subject would still be welcome!) Documentation for IO::Socket::SSL is available at http://search.cpan.org/doc/ASPA/IO-Socket-SSL-0.80/lib/IO/Socket/SSL.pm (where I swear to God I looked earlier without finding it) and the solution to all my problems (for now, at least) is

my $socket = IO::Socket::SSL->new(
                          PeerAddr => "$remote_host:$remote_port",
                          PeerPort => $remote_port,
                          Proto    => "tcp",       
                          SSL_verify_mode=>0x00
                          ) or die "unable to create socket: $!\n";;
[download]

From the documentation:

SSL_verify_mode
Type of verification process which is to be performed upon a peer certificate. This can be a combination of 0x00 (don't verify), 0x01 (verify peer), 0x02 (fail verification if there's no peer certificate), and 0x04 (verify client once). Default: verify peer.

Comment on Re: POSTing data via SSL Download Code

Replies are listed 'Best First'.
Re: Re: POSTing data via SSL by no_slogan (Deacon) on Dec 06, 2001 at 05:08 UTC
Setting the verify mode to "don't verify" leaves you open to a man-in-the-middle attack. Programs like ettercap will be able to intercept and decrypt your traffic. If you're concerned about that, the right solution is to make sure there's a certificate authority file somewhere the script can find it. The IO::Socket::SSL module source contains such a file, but I don't think it's installed automatically. To find out where it's looking for certificates, the strace and truss commands are always useful.	[reply]

Replies are listed 'Best First'.

Re: Re: POSTing data via SSL
by no_slogan (Deacon) on Dec 06, 2001 at 05:08 UTC

ettercap

[reply]