http://qs321.pair.com?node_id=603328


in reply to Re: Multiplexing HTTPS server, peer cert authentication problem.
in thread Multiplexing HTTPS server, peer cert authentication problem.

I'm not sure I understand.

I do understand that you're saying I should split the (SSL) accept() into a non-SSL accept() and a start_SSL().
What I don't understand is what problem that solves :)

From what I have read, SSL_startHandshake makes sure that start_SSL is non-blocking (doesn't re-bless socket until it succeeds or fails).
So, is your suggestion that the peer certificate authentication goes awry somehow, because I'm still blocking?

-David.
  • Comment on Re^2: Multiplexing HTTPS server, peer cert authentication problem.

Replies are listed 'Best First'.
Re^3: Multiplexing HTTPS server, peer cert authentication problem.
by Thelonius (Priest) on Mar 06, 2007 at 18:10 UTC
    Well, I am suggesting it because the documentation recommends it.

    I tried it out and it seems to work, with one change, that it needs SSL_server => 1 here:

      my $sslaccept = IO::Socket::SSL->start_SSL($acceptsock, 
       {SSL_startHandshake => 0,
        SSL_server       => 1,
        SSL_use_cert     => 1,
        SSL_verify_depth => 1,
        SSL_verify_mode  => 0x03,
       });

    [download]
    Otherwise it will try to authenticate as a client.

    Here's a restructured program:

    Read more... (7 kB)
[reply]
[d/l]
[select]
      Hi Thelonius,

      Excellent! It works. Thank-you very much.

      I'll reply at the top-level with a summary so that others may benefit from your research.
      -David.
[reply]

In Section Seekers of Perl Wisdom