develooper Front page | perl.libwww | Postings from April 2003

PATCH: Add Win32 SSL support (no OpenSSL/Crypt::SSLeay required)

Thread Next
Johnny Lee
April 15, 2003 12:33
PATCH: Add Win32 SSL support (no OpenSSL/Crypt::SSLeay required)
Message ID:
Windows includes SSL code (unless you've removed IE and WinHttp).

The attached zip file contains files (perl-only) to use the Windows SSL code 
in LWP.

Code was tested on ActivePerl 5.8. The code should work if you have LWP 

Thanks to Jacques Poulin for testing the code.

------------------ - goes in your %PERL%\site\lib\lwp\Protocol directory - can replace your %PERL%\site\lib\lwp\
UserAgent_20030415b.diff - unified diff of my changes to, if 
you want to patch instead of replacing it

What works (stuff that I've tested)

The code also supports using a proxy server.
I tested with

Modifying behaviour

Set PERL_LWP_MSHTTPS_USE_WININET env. variable to a non-empty value
   to force Wininet to be used

Set PERL_LWP_MSHTTPS_DONT_IGNORE_SSL_ERRORS env. variable to a non-empty 
   to NOT ignore SSL certificate errors

What's not supported?
- Passing in a CODE reference for the content of a request.
- The size hint as 3rd param to a request call is essentially ignored. The 
  response content is returned in one huge block due to a limitation in one
  of the APIs used.

SSL websites tested
---------------------- [SSL Cert errors]

Some OS configurations prevent the perl code from turning off SSL errors. In 
those cases, any SSL error may cause the request to fail. This occurs esp. 
when using the Wininet DLL.

This is not a common problem from my testing on different machines.

Most secure sites do not have SSL errors when you visit them, esp.
if they use a well-known CA.

LWP calls in to the protocol handlers (http, https, ftp, etc.) to handle

The modifications to catch any failure to create a https
handler. If we're on Win32, we'll try to create an mshttps protocol handler
and use that to handle the https request. If we succeed in creating the
mshttps handle, we'll use that for https requests from now on.

The mshttps handler uses the WinHttp COM object via Win32::OLE
or the Wininet DLL via Win32::Internet if WinHttp is not found.

The new MSN 8: advanced junk mail protection and 2 months FREE*

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About