Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 105733
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: leonerd-cpan [...] leonerd.org.uk
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: 2.016
Fixed in: (no value)



Subject: Add an API for servers to get at their own certificate
Download (untitled) / with headers
text/plain 1.1k
The ->get_fingerprint and various related methods allow easy access from an SSL *client* to access information about the certificate the server presented them. However, on the server side of the socket there's no easy way to get at my own cert. I have some server code in which I have to get the fingerprint of the certificate being used to talk to a client, and currently it has to do the following ugly hackery: my $ssl = $sock->_get_ssl_object; # gut-wrench my $cert = Net::SSLeay::get_certificate( $ssl ); my $algo = "sha256"; my $fingerprint = Net::SSLeay::X509_digest( $cert, Net::SSLeay::EVP_get_digestbyname( $algo ) ); I don't so much object to calling documented Net::SSLeay functions to get the fingerprint of a given certificate, but I couldn't work out how to get at my own certificate out of the socket object in the first place, hence the first two lines. Maybe there could be a method added similar to ->peer_certificate, which could simplify this to my $cert = $sock->get_self_certificate; Or maybe steal the peer/sock naming pair convention from lower levels of the socket stack and call it my $cert = $sock->get_sock_certificate; -- Paul Evans
Download (untitled) / with headers
text/plain 428b
On Tue Jul 07 14:43:24 2015, PEVANS wrote: Show quoted text
> ... > my $cert = $sock->get_sock_certificate;
Thanks for your suggestion. In https://github.com/noxxi/p5-io-socket-ssl/commit/d13935277c6459292b18bd34791866084cb00b7a I've added a method sock_certificate similar to peer_certificate and also improved the functions get_fingerprint and get_fingerprint_bin so that one can use it to get the fingerprint for the local certificate too.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.