尝试获取 SSL 证书错误
您好,我正在尝试从 perl 脚本获取 SSL 证书。主要目的是检查不可信的 SSL 证书,如所描述的 此处。但是我不确定如何继续。我没有可以检查证书的证书颁发机构,因此即使具有有效证书的 url 也会引发错误。以下是我编写的代码,
#!/usr/bin/perl
require LWP::UserAgent;
use Crypt::SSLeay::CTX;
use Crypt::SSLeay::Conn;
use Crypt::SSLeay::X509;
use LWP::Simple qw(get);
$ENV{HTTPS_DEBUG} = 1;
my $ua = LWP::UserAgent->new;
#$ua->ssl_opts(verify_hostname => "true");
$ua->timeout(300);
my $req = HTTP::Request->new(GET => 'https://abcdefxyz.com');
my $res = $ua->request($req);
print $res->headers_as_string . "\n" . $res->status_line;
我以这种方式运行它
perl test2.pm >test
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
这里是相同的输出。
Connection: close
Date: Tue, 29 Mar 2011 01:56:44 GMT
Server: Server
Vary: Accept-Encoding,User-Agent
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="abc (Windows) Login"
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1
Client-Date: Tue, 29 Mar 2011 01:56:44 GMT
Client-Peer: 127.0.0.1:5443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com
Client-SSL-Cert-Subject: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Client-Warning: Unsupported authentication scheme 'negotiate'
Title: 401 Authorization Required
X-Pad: avoid browser bug
401 Authorization Required
无论如何,我是否可以在没有本地 CA 文件的情况下获取证书的 SSL 错误类型。我是这里和 Perl 的新手,因此非常感谢有用的见解。
Hi I am trying to get SSL certificates from a perl script. The primary purpose is to check for SSL certificates that are untrusted as given described here. However I am unsure as to how to proceed. I do not have a certificate authority that i can check the certificate with and hence even urls with valid certificates sem to throw errors. The following is the code I wrote
#!/usr/bin/perl
require LWP::UserAgent;
use Crypt::SSLeay::CTX;
use Crypt::SSLeay::Conn;
use Crypt::SSLeay::X509;
use LWP::Simple qw(get);
$ENV{HTTPS_DEBUG} = 1;
my $ua = LWP::UserAgent->new;
#$ua->ssl_opts(verify_hostname => "true");
$ua->timeout(300);
my $req = HTTP::Request->new(GET => 'https://abcdefxyz.com');
my $res = $ua->request($req);
print $res->headers_as_string . "\n" . $res->status_line;
I ran it this way
perl test2.pm >test
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
And here is the output for the same.
Connection: close
Date: Tue, 29 Mar 2011 01:56:44 GMT
Server: Server
Vary: Accept-Encoding,User-Agent
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="abc (Windows) Login"
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1
Client-Date: Tue, 29 Mar 2011 01:56:44 GMT
Client-Peer: 127.0.0.1:5443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com
Client-SSL-Cert-Subject: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Client-Warning: Unsupported authentication scheme 'negotiate'
Title: 401 Authorization Required
X-Pad: avoid browser bug
401 Authorization Required
Is there anyway for me to get the SSL error type of the certificate without having a local CA file. I am a newbie here and to perl, so helpful insights would be greatly appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
升级到最新版本的 LWP::Protocol::https。这将自动引入适当的依赖项,例如最近的
IO::Socket::SSL和Mozilla::CA。 LWP v6 引入了 CA 签名的自动验证。您可以制作自己的证书,包括有效的、带 CA 签名的有效的和各种无效的。请参阅如何创建真正的 SSL 证书?在 Apache httpd 文档中,使用 OpenSSL 创建您自己的 CA (稍微过时了)和
rsa< /code>和CA.pl< /a> OpenSSL 文档中的联机帮助页。Upgrade to the most recent version of LWP::Protocol::https. This will automatically pull in the appropriate dependencies, e.g. a recent
IO::Socket::SSLandMozilla::CA. LWP v6 introduced automatic verification of CA signatures.You can make your own certificates, both valid, valid with CA signature and all sorts of invalid. See How do I create a real SSL Certificate? in the Apache httpd documentation, Creating your own CA with OpenSSL (slightly out-of-date) and the
rsaandCA.plmanpages in the OpenSSL documentation.