Crypt::NSS::X509 - Perl interface for the certificate handling parts of the NSS api.
use 5.10.1; use Perl6::Slurp; use Crypt::NSS::X509; my $cert = Crypt::X509::NSS::Certificate->new(slurp('derfile')); say $cert->subject(); say $cert->issuer(); my $valid = $cert->verify_cert(); if ( ! $cert->match_name('www.testdomain') ) { # Domain does not match certificate information exit(1); }
Perl interface for the certificate handling parts of the NSS API.
This library exposes a relatively simple API to a the NSS certificate API. It allows a user to load certificates, examine them by getting e.g. the subject, issuer, validity times and other information.
Furthermore, a user can validate a certificate with several of the verification functions provided by NSS.
Please note that this is a very early version of the library, the interface API will change.
This document just describes the NSS class and how to load it; for certificate parsing you probably want to refer to Crypt::NSS::X509::Certificate
None.
The NSS module can be loaded in two different ways. The simplest way is to load the module without any options.
use NSS;
In this case, the NSS library is initialized without any disk based database. It is not possible to load certificates and store them permanently. This mode is primarily useful when no certificate verification is desired.
The second way to load NSS is to specify the path to a database directory at load time. The directory has to exist. If no NSS database exists in the specified directory, it is automatically generated
use NSS (':dpath', $dbdir);
A third option for loading NSS without any initialization is also offered. It should however not be used in normal operation - about the only reason to use it is if you have to switch between several different root-stores while running a script. If you absolutely need it, examine the source :).
Note that all functions are called as functions, not methods.
This function reads a list of pem-formatted certificates from $filename. The certificates are then loaded into the NSS database and marked as valid, trusted root-certificates.
$filename
Note that this function requires a NSS database.
This function adds a specified Crypt::NSS::X509::Certificate to the active NSS database and stores it using the nickname $nick.
Crypt::NSS::X509::Certificate
$nick
This function adds a specified Crypt::NSS::X509::Certificate to the active NSS database and stores it using the nickname c<$nick>. The certificate is marked as trusted for all purposes. Used by Crypt::NSS::X509::load_rootlist to add the certificates.
Crypt::NSS::X509::load_rootlist
This function dumps the current contents of the NSS certificate cache and the NSS temporary certificate store to the standard output
This function shuts down the NSS library and reinitialized it again with the exact same parameters. Do not use this if you do not absolutely know what this encompasses / why it might be necessary.
You can specify several different certificate usages for the verify functions in Crypt::NSS::X509::Certificate.
CA certificate of any kind.
Used to encrypt S/MIME mails.
Used to verify S/MIME email signatures.
Certificate allowed to sign executable code files like jar files.
SSL Certificate Authority certificate.
SSL Client certificate.
SSL Server certificate.
SSL Server certificate, which allows export clients to use strong cryptography.
Used for OCSP responders.
TODO: Find out what those do.
OpenSSL(1), Crypt::X509, Crypt::NSS
Bernhard Amann, <bernhard@icsi.berkeley.edu>
Copyright 2012 by Bernhard Amann
This Library is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
The library contains source code of the Mozilla Network Security Services; for NSS license information please see http://www.mozilla.org/projects/security/pki/nss/.
To install Crypt::NSS::X509, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::NSS::X509
CPAN shell
perl -MCPAN -e shell install Crypt::NSS::X509
For more information on module installation, please visit the detailed CPAN module installation guide.