use strict;
use warnings;
BEGIN {
eval "use LWP";
if ( $@ ) {
print "1..0 # no LWP\n";
exit
}
}
use Net::SSLGlue::LWP;
use LWP::Simple;
my $capath = '/etc/ssl/certs/'; # unix?
-d $capath or do {
print "1..0 # cannot find system CA-path\n";
exit
};
Net::SSLGlue::LWP->import( SSL_ca_path => $capath );
#
# first check everything directly with IO::Socket::SSL
#
# signin.ebay.de has a certificate, which is for signin.ebay.com
# but where signin.ebay.de is a subjectAltName
IO::Socket::SSL->new(
PeerAddr => 'signin.ebay.de:443',
SSL_ca_path => $capath,
SSL_verify_mode => 1,
SSL_verifycn_scheme => 'http'
) or do {
print "1..0 # ssl connect signin.ebay.de failed\n";
exit
};
# www.fedora.org has a certificate which has nothing in common
# with the hostname
my $sock = IO::Socket::INET->new( 'www.fedora.org:443' ) or do {
print "1..0 # connect to www.fedora.org failed\n";
exit
};
IO::Socket::SSL->start_SSL( $sock,
SSL_ca_path => $capath,
SSL_verify_mode => 1,
SSL_verifycn_scheme => 'http'
) and do {
print "1..0 # certificate for www.fedora.org unexpectly correct\n";
exit
};
#
# and than check, that LWP uses the same checks
#
print "1..3\n";
# signin.ebay.de -> should succeed
my $content = get( 'https://signin.ebay.de' );
print $content ? "ok\n": "not ok # lwp connect signin.ebay.de: $@\n";
# www.fedora.org -> should fail
$content = get( 'https://www.fedora.org' );
print $content ? "not ok # lwp ssl connect www.fedora.org should fail\n": "ok\n";
# www.fedora.org -> should succeed if verify mode is 0
{
local %Net::SSLGlue::LWP::SSLopts = %Net::SSLGlue::LWP::SSLopts;
$Net::SSLGlue::LWP::SSLopts{SSL_verify_mode} = 0;
$content = get( 'https://www.fedora.org' );
print $content ? "ok\n": "not ok # lwp ssl www.fedora.org w/o ssl verify\n";
}