NAME
Crypt::OpenSSL::Verify - OpenSSL Verify certificate verification in XS.
SYNOPSIS
use Crypt::OpenSSL::Verify;
use Crypt::OpenSSL::X509;
my $ca = Crypt::OpenSSL::Verify->new(
CAfile => 't/cacert.pem',
CApath => '/etc/ssl/certs', # Optional
noCAfile => 1, # Optional
noCApath => 0 # Optional
);
OR
# Backward compatible with Crypt::OpenSSL:VerifyX509
my $ca = Crypt::OpenSSL::Verify->new('t/cacert.pem');
AND
my $cert = Crypt::OpenSSL::X509->new(...);
$ca->verify($cert);DESCRIPTION
Given a CA certificate and another untrusted certificate, will show whether the CA signs the certificate. This is a useful thing to have if you're signing with X509 certificates, but outside of SSL.
A specific example is where you're working with XML signatures, and need to verify that the signing certificate is valid.
METHODS
new()
Constructor. Returns an OpenSSL Verify instance, set up with the given CA.
Arguments:
* CAfile => $cafile_path - path to a file containing the CA certificate
* CApath => $ca_path - path to a directory containg hashed CA Certificates
* noCAfile => 0 or 1 - Default CAfile should not be loaded if TRUE
* noCApath => 0 or 1 - Default CApath should not be loaded if TRUE
* strict_certs => 0 or 1 - Do not override any OpenSSL verify errors
(
CAfile => $cafile_path
CApath => '/etc/ssl/certs', # Optional
noCAfile => 1, # Optional
noCApath => 0, # Optional
strict_certs => 1 # Default (Optional)
);new('t/cacert.pem');
Constructor. Returns an OpenSSL Verify instance, set up with the given CA. Backward compatible with Crypt::OpenSSL:VerifyX509
Arguments:
* $cafile_path - path to a file containing the CA certificatenew_from_x509($catext)
Constructor. Returns an OpenSSL Verify instance, set up with the given CA.
Arguments:
* $ca - Crypt::OpenSSL::X509->new_from_string(base64 certificate string)verify($cert)
Verify the certificate is signed by the CA. Returns true if so, and croaks with the verification error if not.
Arguments:
* $cert - a Crypt::OpenSSL::X509 object for the certificate to verify.ctx_error_code($ctx)
Calls the C code to obtain the OpenSSL error code of the verify and returns an integer value
Arguments:
* $ctx - a long unsigned integer containing the pointer to the
X509_STORE_CTX that was passed to the callback function
during the certificate verificationregister_verify_cb(\&verify_callback);
Registers a Perl Sub as the callback function for OpenSSL to call during the registration process
Arguments:
* \&verify_callback - a reference to the verify_callback subverify_callback($ok, $ctx)
Called directly by OpenSSL and in the case of an acceptable error will change the response to 1 to signify no error
Arguements:
$ok - Error (0) or Success (1) from the OpenSSL certificate verification
results
$ctx - value of the pointer to the Certificate Store CTX used to access the
error codes that OpenSSL returnedAUTHOR
Timothy Legge <timlegge@gmail.com> Wesley Schwengle <waterkip>
COPYRIGHT
The following copyright notice applies to all the files provided in this distribution, including binary files, unless explicitly noted otherwise.
Copyright 2020 Timothy Legge Copyright 2020 Wesley Schwengle
Based on the Original Crypt::OpenSSL::VerifyX509 by
Copyright 2010 Chris Andrews <chrisandrews@venda.com>
Most of the current module is based on the OpenSSL verify.c app and is therefore under Copyright 1999-2020, OpenSSL Software Foundation.
LICENCE
This library is free software; you can redistribute it and/or modify it under the same terms as OpenSSL and is covered by the dual OpenSSL and SSLeay license.