1. 首頁
  2. 問答
  3. 試圖獲得SSL證書錯誤

試圖獲得SSL證書錯誤

2011-03-29 77 views
0

嗨我想從一個Perl腳本獲取SSL證書。主要目的是檢查不可信的SSL證書,如here所述。但是我不確定如何繼續。我沒有證書頒發機構,我可以檢查證書,因此甚至可以使用有效證書的URL來引發錯誤。下面是我寫的試圖獲得SSL證書錯誤

#!/usr/bin/perl 

require LWP::UserAgent; 
use Crypt::SSLeay::CTX; 
use Crypt::SSLeay::Conn; 
use Crypt::SSLeay::X509; 
use LWP::Simple qw(get); 

$ENV{HTTPS_DEBUG} = 1; 


my $ua = LWP::UserAgent->new; 
#$ua->ssl_opts(verify_hostname => "true"); 
$ua->timeout(300); 
my $req = HTTP::Request->new(GET => 'https://abcdefxyz.com'); 

my $res = $ua->request($req); 

print $res->headers_as_string . "\n" . $res->status_line;

我跑它這樣

perl的test2.pm>測試

SSL_connect:before/connect initialization 
SSL_connect:SSLv2/v3 write client hello A 
SSL_connect:SSLv3 read server hello A 
SSL_connect:SSLv3 read server certificate A 
SSL_connect:SSLv3 read server key exchange A 
SSL_connect:SSLv3 read server done A 
SSL_connect:SSLv3 write client key exchange A 
SSL_connect:SSLv3 write change cipher spec A 
SSL_connect:SSLv3 write finished A 
SSL_connect:SSLv3 flush data 
SSL_connect:SSLv3 read finished A

這裏是相同輸出的代碼。

Connection: close 
Date: Tue, 29 Mar 2011 01:56:44 GMT 
Server: Server 
Vary: Accept-Encoding,User-Agent 
WWW-Authenticate: Negotiate 
WWW-Authenticate: Basic realm="abc (Windows) Login" 
Content-Length: 401 
Content-Type: text/html; charset=iso-8859-1 
Client-Date: Tue, 29 Mar 2011 01:56:44 GMT 
Client-Peer: 127.0.0.1:5443 
Client-Response-Num: 1 
Client-SSL-Cert-Issuer: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com 
Client-SSL-Cert-Subject: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com 
Client-SSL-Cipher: DHE-RSA-AES256-SHA 
Client-SSL-Warning: Peer certificate not verified 
Client-Warning: Unsupported authentication scheme 'negotiate' 
Title: 401 Authorization Required 
X-Pad: avoid browser bug 

401 Authorization Required

反正我有沒有獲得本地CA文件的SSL證書的錯誤類型的證書。我在這裏是一個新手和perl,所以非常感激有用的見解。

來源

2011-03-29 Arvind

+0

安裝[Mozilla :: CA](http://search.cpan.org/perldoc/Mozilla::CA),看看是否有幫助。 – 2011-03-29 03:15:56

回答

1

升級到LWP::Protocol::https的最新版本。這將自動引入適當的依賴關係,例如最近的IO::Socket::SSLMozilla::CALWP v6介紹自動驗證CA簽名。

您可以製作自己的證書,這兩個證書都是有效的,並且對CA簽名有效並且各種無效。請參閱OpenSSL文檔中的How do I create a real SSL Certificate? in the Apache httpd documentation,Creating your own CA with OpenSSL(略有過時)和rsaCA.pl聯機幫助頁。

來源

2011-03-29 09:03:09 daxim

相關問題

 相關問題