NAME

IO::Socket::SSL::Utils -- loading, storing, creating certificates and keys

SYNOPSIS

    use IO::Socket::SSL::Utils;
    my $cert = PEM_file2cert('cert.pem');
    my $string = PEM_cert2string($cert);
    CERT_free($cert);

    my $key = KEY_create_rsa(2048);
    PEM_string2file($key);
    KEY_free($key);

DESCRIPTION

This module provides various utility functions to work with certificates and private keys, shielding some of the complexity of the underlying Net::SSLeay and OpenSSL.

FUNCTIONS

Functions converting between string or file and certificates and keys. They croak if the operation cannot be completed.

PEM_file2cert(file) -> cert

PEM_cert2file(cert,file)

PEM_string2cert(string) -> cert

PEM_cert2string(cert) -> string

PEM_file2key(file) -> key

PEM_key2file(key,file)

PEM_string2key(string) -> key

PEM_key2string(key) -> string
Functions for cleaning up. Each loaded or created cert and key must be freed to not leak memory.

CERT_free(cert)

KEY_free(key)
KEY_create_rsa(bits) -> key

Creates an RSA key pair, bits defaults to 2048.
CERT_asHash(cert) -> hash

Extracts the information from the certificate into a hash:

serial

The serial number

version

Certificate version, usually 2 (x509v3)

subject

Hash with the parts of the subject, e.g. commonName, countryName, organizationName, stateOrProvinceName, localityName.

subjectAltNames

Array with list of alternative names. Each entry in the list is of [type,value], where type can be OTHERNAME, EMAIL, DNS, X400, DIRNAME, EDIPARTY, URI, IP or RID.

not_before, not_after

The time frame, where the certificate is valid, as time_t, e.g. can be converted with localtime or similar functions.
CERT_create(hash) -> (cert,key)

Creates a certificate based on the given hash. If the issuer is not specified the certificate will be self-signed. Additionally to the information described in CERT_asHash the following keys can be given:

CA true|false

if true declare certificate as CA, defaults to false

key key

use given key as key for certificate, otherwise a new one will be generated and returned

issuer_cert cert

set issuer for new certificate

issuer_key key

sign new certificate with given key

issuer [ cert, key ]

Instead of giving issuer_key and issuer_cert as seperate arguments they can be given both together.

digest algorithm

specify the algorithm used to sign the certificate, default SHA-256.

If not all necessary information are given some will have usable defaults, e.g.

not_before defaults to the current time

not_after defaults to 365 days in the future

subject has a default pointing to IO::Socket::SSL

version defaults to 2 (x509v3)

serial will be a random number

AUTHOR

Steffen Ullrich

To install IO::Socket::SSL, copy and paste the appropriate command in to your terminal.

cpanm

cpanm IO::Socket::SSL

CPAN shell

perl -MCPAN -e shell
install IO::Socket::SSL

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

FUNCTIONS

AUTHOR

Module Install Instructions