SSL client certificate appears to persist across web requests, but only under mod

batmobile1 has asked for the wisdom of the Perl Monks concerning the following question:

I have code that makes two web service calls over SSL using SOAP::Lite, each to a different endpoint. The first requires an SSL client certificate, for which I set environment variables for Crypt::SSLeay ($ENV{HTTPS_CERT_FILE}, $ENV{HTTPS_KEY_FILE}, $ENV{HTTPS_CA_FILE}). The second does not require a client certificate, but SSL negotiation fails, apparently because the certificate is still being used.

I've tried to solve this by unsetting the environment variables after the first call. With this added logic, the second web service call works perfectly when I run the code from command-line Perl, but it still fails when it runs under mod_perl.

Why is the behavior different under mod_perl?

Comment on SSL client certificate appears to persist across web requests, but only under mod_perl

Replies are listed 'Best First'.
Re: SSL client certificate appears to persist across web requests, but only under mod_perl by kyle (Abbot) on Sep 26, 2008 at 15:29 UTC
With a little searching around, I found this: C Libraries Don't See `%ENV` Entries Set by Perl Code.	[reply] [d/l]
Re^2: SSL client certificate appears to persist across web requests, but only under mod_perl by Anonymous Monk on Sep 27, 2008 at 03:58 UTC
Interesting. I see in http://search.cpan.org/src/DLAND/Crypt-SSLeay-0.57_01/SSLeay.xs `SV* SSL_CTX_set_verify(ctx) SSL_CTX* ctx PREINIT: char* CAfile; char* CAdir; CODE: CAfile=getenv("HTTPS_CA_FILE"); CAdir =getenv("HTTPS_CA_DIR");` [download] should be using PerlEnv_getenv() instead of getenv()	[reply] [d/l]