/ 
Crypt-OpenSSL-Verify-0.12-TRIAL
River stage one • 2 direct dependents • 2 total dependents
/ Crypt::OpenSSL::Verify

NAME

Crypt::OpenSSL::Verify - OpenSSL Verify certificate verification in XS.

SYNOPSIS

use Crypt::OpenSSL::Verify;
use Crypt::OpenSSL::X509;

my $ca = Crypt::OpenSSL::Verify->new(
              CAfile => 't/cacert.pem',
              CApath => '/etc/ssl/certs',     # Optional
              noCAfile => 1,                  # Optional
              noCApath => 0                   # Optional
              );

OR

# Backward compatible with Crypt::OpenSSL:VerifyX509
my $ca = Crypt::OpenSSL::Verify->new('t/cacert.pem');

AND

my $cert = Crypt::OpenSSL::X509->new(...);
$ca->verify($cert);

DESCRIPTION

Given a CA certificate and another untrusted certificate, will show whether the CA signs the certificate. This is a useful thing to have if you're signing with X509 certificates, but outside of SSL.

A specific example is where you're working with XML signatures, and need to verify that the signing certificate is valid.

METHODS

new() =over ( CAfile => $cafile_path CApath => '/etc/ssl/certs', # Optional noCAfile => 1, # Optional noCApath => 0 # Optional ); =back Constructor. Returns an OpenSSL Verify instance, set up with the given CA.

Arguments:

* CAfile => $cafile_path       - path to a file containing the CA certificate
* CApath => $ca_path           - path to a directory containg hashed CA Certificates
* noCAfile => 0 or 1           - Default CAfile should not be loaded if TRUE
* noCApath => 0 or 1           - Default CApath should not be loaded if TRUE

new('t/cacert.pem');

Constructor. Returns an OpenSSL Verify instance, set up with the given CA. Backward compatible with Crypt::OpenSSL:VerifyX509

Arguments:

* $cafile_path                 - path to a file containing the CA certificate

new_from_x509($catext)

Constructor. Returns an OpenSSL Verify instance, set up with the given CA.

Arguments:

* $ca - Crypt::OpenSSL::X509->new_from_string(base64 certificate string)

verify($cert)

Verify the certificate is signed by the CA. Returns true if so, and croaks with the verification error if not.

Arguments:

* $cert - a Crypt::OpenSSL::X509 object for the certificate to verify.

ctx_error_code($ctx)

Calls the C code to obtain the OpenSSL error code of the verify and returns an integer value

Arguments:

* $ctx - a long unsigned integer containing the  pointer to the
      X509_STORE_CTX that was passed to the callback function
      during the certificate verification

register_verify_cb(\&verify_callback);

Registers a Perl Sub as the callback function for OpenSSL to call during the registration process

Arguments:

* \&verify_callback - a reference to the verify_callback sub

verify_callback($ok, $ctx)

Called directly by OpenSSL and in the case of an acceptable error will change the response to 1 to signify no error

Arguements:

$ok - Error (0) or Success (1) from the OpenSSL certificate verification
      results

$ctx - value of the pointer to the Certificate Store CTX used to access the
      error codes that OpenSSL returned

AUTHOR

Timothy Legge <timlegge@gmail.com>

COPYRIGHT

The following copyright notice applies to all the files provided in this distribution, including binary files, unless explicitly noted otherwise.

Copyright 2020 Timothy Legge

Based on the Original Crypt::OpenSSL::VerifyX509 by

Copyright 2010 Chris Andrews <chrisandrews@venda.com>

Most of the current module is based on the OpenSSL verify.c app and is therefore under Copyright 1999-2020, OpenSSL Software Foundation.

LICENCE

This library is free software; you can redistribute it and/or modify it under the same terms as OpenSSL and is covered by the dual OpenSSL and SSLeay license.