For Programmers: Free Programming Magazines  


Home > Archive > LDAP > November 2005 > Extract certificate from SSL connection









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Extract certificate from SSL connection
Eric Nichols

2005-11-08, 7:04 pm

I am using Net::LDAPS to connect to a server (no problems). How can I get the
actual x.509 server certificate that is being used for the connection? I
found a lib called Crypt::X509 which can decode the certificate.

My goal is to halt the program if the server certificate is expired.
Many thanks
Eric
Chris Ridd

2005-11-08, 7:04 pm

On 8/11/05 8:16, Eric Nichols <eric@dirwiz.com> wrote:

> I am using Net::LDAPS to connect to a server (no problems). How can I get the
> actual x.509 server certificate that is being used for the connection? I
> found a lib called Crypt::X509 which can decode the certificate.

If you call $ldap->certificate(), you get an X509_Certificate object which
is documented in IO::Socket::SSL. (Or was when I wrote the LDAPS code :-)

> My goal is to halt the program if the server certificate is expired.
> Many thanks

I'd have hoped that OpenSSL's standard certificate verification would notice
an expired cert!

Cheers,

Chris


Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com