1 #!/usr/local/bin/perl -w
2 # callback.pl - 8.6.1998, Sampo Kellomaki <sampo@iki.fi>
3 # 31.7.1999, fixed callback args, --Sampo
4 # 7.4.2001, adapted to 0.9.6a and numerous bug reports --Sampo
6 # Test and demonstrate verify call back
8 # WARNING! Although this code works, it is by no means stable. Expect
9 # that this stuff may break with newer than 0.9.3a --Sampo
12 use Net::SSLeay qw(die_now die_if_ssl_error);
13 $ENV{RND_SEED} = '1234567890123456789012345678901234567890';
14 Net::SSLeay::randomize();
15 Net::SSLeay::load_error_strings();
16 Net::SSLeay::ERR_load_crypto_strings();
17 Net::SSLeay::SSLeay_add_ssl_algorithms();
19 ($dest_serv, $port, $cert_dir) = @ARGV; # Read command line
21 my $callback_called = 0;
23 $ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
24 #Net::SSLeay::CTX_set_default_verify_paths($ctx);
25 Net::SSLeay::CTX_load_verify_locations($ctx, '', $cert_dir)
26 or die_now("CTX load verify loc=`$cert_dir' $!");
27 Net::SSLeay::CTX_set_verify($ctx, &Net::SSLeay::VERIFY_PEER, \&verify2);
28 die_if_ssl_error('callback: ctx set verify');
30 $port = getservbyname ($port, 'tcp') unless $port =~ /^\d+$/;
31 $dest_ip = gethostbyname ($dest_serv);
33 $dest_serv_params = pack ('S n a4 x8', &AF_INET, $port, $dest_ip);
34 socket (S, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
35 connect (S, $dest_serv_params) or die "connect: $!";
36 select (S); $| = 1; select (STDOUT);
38 # The network connection is now open, lets fire up SSL
40 $ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!");
41 #Net::SSLeay::set_verify ($ssl, &Net::SSLeay::VERIFY_PEER, \&verify);
42 Net::SSLeay::set_fd($ssl, fileno(S));
43 print "callback: starting ssl connect...\n";
44 Net::SSLeay::connect($ssl);
45 die_if_ssl_error('callback: ssl connect');
47 print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n";
48 print Net::SSLeay::dump_peer_certificate($ssl);
50 Net::SSLeay::ssl_write_all($ssl,"\tcallback ok\n");
53 print defined($ra = Net::SSLeay::ssl_read_all($ssl)) ? $ra : '';
55 Net::SSLeay::free ($ssl);
56 Net::SSLeay::CTX_free ($ctx);
59 print $callback_called ? "OK\n" : "ERROR\n";
63 my ($ok, $x509_store_ctx) = @_;
64 print "**** Verify 2 called ($ok)\n";
65 my $x = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx);
67 print "Certificate:\n";
68 print " Subject Name: "
69 . Net::SSLeay::X509_NAME_oneline(
70 Net::SSLeay::X509_get_subject_name($x))
72 print " Issuer Name: "
73 . Net::SSLeay::X509_NAME_oneline(
74 Net::SSLeay::X509_get_issuer_name($x))
82 my ($ok, $x509_store_ctx) = @_;
84 print "**** Verify called ($ok)\n";
85 my $x = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx);
87 print "Certificate:\n";
88 print " Subject Name: "
89 . Net::SSLeay::X509_NAME_oneline(
90 Net::SSLeay::X509_get_subject_name($x))
92 print " Issuer Name: "
93 . Net::SSLeay::X509_NAME_oneline(
94 Net::SSLeay::X509_get_issuer_name($x))
98 return 1; #$ok; # 1=accept cert, 0=reject