Thanks - I had looked at that, but it appears only to grab the peer certificate, not verify it. I don't see any difference in the result whether I specify CAfile or not.
To expand on my question a bit, I'm going to be getting a self-signed certificate, and I need to make sure the certificate I get in my http request matches the certificate that I will have saved locally. From what I've read the way to do that seems to be to add it to my cacert.pem file that I point to, which lead to my initial question of it not seeming to work correctly.
Further, using net_ssl_test.pl I can get at the Subject and issuer, but what I think I really need is the certificate signature so I can compare it with what's on file. It seems that Crypt::SSLeay takes care of this by using the cacert.pem (if it works). Otherwise, I haven't found any way in perl to get at the signature so I can compare it myself. With just the cert subject and issuer, can't anybody potentially fake that?
Thanks | [reply] |