您好我正在尝试从perl脚本获取SSL证书。主要目的是检查不受信任的SSL证书,如here所述。但我不确定如何继续。我没有可以检查证书的证书颁发机构,因此即使是有效证书sem的URL也会抛出错误。以下是我写的代码
#!/usr/bin/perl
require LWP::UserAgent;
use Crypt::SSLeay::CTX;
use Crypt::SSLeay::Conn;
use Crypt::SSLeay::X509;
use LWP::Simple qw(get);
$ENV{HTTPS_DEBUG} = 1;
my $ua = LWP::UserAgent->new;
#$ua->ssl_opts(verify_hostname => "true");
$ua->timeout(300);
my $req = HTTP::Request->new(GET => 'https://abcdefxyz.com');
my $res = $ua->request($req);
print $res->headers_as_string . "\n" . $res->status_line;
我这样跑了
perl test2.pm> test
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
这是同样的输出。
Connection: close
Date: Tue, 29 Mar 2011 01:56:44 GMT
Server: Server
Vary: Accept-Encoding,User-Agent
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="abc (Windows) Login"
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1
Client-Date: Tue, 29 Mar 2011 01:56:44 GMT
Client-Peer: 127.0.0.1:5443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com
Client-SSL-Cert-Subject: /C=US/ST=Illinois/L=Chicago/O=abcdefxyz.com /CN=abcdefxyz.com
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Client-Warning: Unsupported authentication scheme 'negotiate'
Title: 401 Authorization Required
X-Pad: avoid browser bug
401 Authorization Required
在没有本地CA文件的情况下,我是否仍然可以获取证书的SSL错误类型。我是这里的新手和perl,所以非常感谢有用的见解。
答案 0 :(得分:1)
升级到LWP::Protocol::https的最新版本。这将自动引入适当的依赖关系,例如,最近的IO::Socket::SSL
和Mozilla::CA
。 LWP v6引入了自动验证CA签名。
您可以制作自己的证书,这些证书都是有效的,有效的CA签名和各种无效证书。请参阅OpenSSL文档中的How do I create a real SSL Certificate? in the Apache httpd documentation,Creating your own CA with OpenSSL(稍微过时)以及rsa
和CA.pl
联机帮助页。