Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 123934
Status: open
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: wintermte [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Net::SSLeay 1.82 request to expose X509_STORE_CTX_new() and X509_verify_cert()
Date: Fri, 22 Dec 2017 11:04:59 -0600
To: bug-Net-SSLeay [...] rt.cpan.org
From: Daniell Freed <wintermte [...] gmail.com>
Download (untitled) / with headers
text/plain 667b
Feature request: expose X509_STORE_CTX_new() and X509_verify_cert(). As far as I can tell the only way to verify an x509 certificate structure is to do it via a connection to a remote server that is serving the certificate associated with that x509 structure. I’d like to be able to do verification on an x509 structure that was created by reading it in from a PEM file. Looking at the OpenSSL wiki, it appears (but I could be wrong) that the right way to do this is to create an X509_STORE_CTX, add the X509 to it, then use X509_verify_cert(). Unfortunately, neither X509_STORE_CTX_new() nor X509_verify_cert() are exposed in Net::SSLeay. Thanks, Dan Freed
Download signature.asc
application/pgp-signature 488b

Message body not shown because it is not plain text.

Subject: Re: [rt.cpan.org #123934] Net::SSLeay 1.82 request to expose X509_STORE_CTX_new() and X509_verify_cert()
Date: Sat, 23 Dec 2017 07:49:21 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 1.5k
Hello, Thanks. Support for these functions has now been added and is in SVN 512. Perhaps you might like to submit some test code for inclusion in the package? On Saturday, 23 December 2017 03:06:07 AEST you wrote: Show quoted text
> Fri Dec 22 12:06:06 2017: Request 123934 was acted upon. > Transaction: Ticket created by wintermte@gmail.com > Queue: Net-SSLeay > Subject: Net::SSLeay 1.82 request to expose X509_STORE_CTX_new() and > X509_verify_cert() Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: wintermte@gmail.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=123934 > > > > Feature request: expose X509_STORE_CTX_new() and X509_verify_cert(). > > As far as I can tell the only way to verify an x509 certificate structure is > to do it via a connection to a remote server that is serving the > certificate associated with that x509 structure. > > I’d like to be able to do verification on an x509 structure that was created > by reading it in from a PEM file. > > Looking at the OpenSSL wiki, it appears (but I could be wrong) that the > right way to do this is to create an X509_STORE_CTX, add the X509 to it, > then use X509_verify_cert(). Unfortunately, neither X509_STORE_CTX_new() > nor X509_verify_cert() are exposed in Net::SSLeay. > > Thanks, > Dan Freed
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
Subject: Re: [rt.cpan.org #123934] Net::SSLeay 1.82 request to expose X509_STORE_CTX_new() and X509_verify_cert()
Date: Thu, 25 Jan 2018 10:00:18 -0600
To: bug-Net-SSLeay [...] rt.cpan.org
From: Daniell Freed <wintermte [...] gmail.com>
Download (untitled) / with headers
text/plain 1.8k
This didn’t have the effect I was hoping for, and I’ve not had the time to dig into this more. Thanks for adding the call, but I’ve worked around this for now. Thanks, Dan Freed Show quoted text
> On Dec 22, 2017, at 4:14 PM, Mike McCauley via RT <bug-Net-SSLeay@rt.cpan.org> wrote: > > <URL: https://rt.cpan.org/Ticket/Display.html?id=123934 > > > Hello, > > Thanks. > Support for these functions has now been added and is in SVN 512. > > Perhaps you might like to submit some test code for inclusion in the package? > > > On Saturday, 23 December 2017 03:06:07 AEST you wrote:
>> Fri Dec 22 12:06:06 2017: Request 123934 was acted upon. >> Transaction: Ticket created by wintermte@gmail.com >> Queue: Net-SSLeay >> Subject: Net::SSLeay 1.82 request to expose X509_STORE_CTX_new() and >> X509_verify_cert() Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: wintermte@gmail.com >> Status: new >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=123934 > >> >> >> Feature request: expose X509_STORE_CTX_new() and X509_verify_cert(). >> >> As far as I can tell the only way to verify an x509 certificate structure is >> to do it via a connection to a remote server that is serving the >> certificate associated with that x509 structure. >> >> I’d like to be able to do verification on an x509 structure that was created >> by reading it in from a PEM file. >> >> Looking at the OpenSSL wiki, it appears (but I could be wrong) that the >> right way to do this is to create an X509_STORE_CTX, add the X509 to it, >> then use X509_verify_cert(). Unfortunately, neither X509_STORE_CTX_new() >> nor X509_verify_cert() are exposed in Net::SSLeay. >> >> Thanks, >> Dan Freed
> > > -- > Mike McCauley VK4AMM mikem@airspayce.com > Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia > http://www.airspayce.com > Phone +61 7 5598-7474 >
Download signature.asc
application/pgp-signature 488b

Message body not shown because it is not plain text.



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.