asked on
File does not exist: Can’t verify SSL peers without knowning which Certificate Authorities to trustI sent an email to the author of the script and he says it is not his script which is at fault and pointed me to this page: http://sysops.ie/blog/2011/03/21/cant-verify-ssl-peers-without-knowning-which-certificate-authorities-to-trust/
This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE envirionment variable or by installing the Mozilla::CA module.
To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME envirionment variable to 0. If you do this you can’t be sure that you communicate with the expected peer.
ASKER
ASKER
Using Your Perl Module(s)So I have added that at the bottom of the cgi script (although the author of the script said his script was faultless).
You will need to add /home/kidspart/perl to the include path.
You can do this by adding the following code to your script:
BEGIN {
my $base_module_dir = (-d '/home/kidspart/perl' ? '/home/kidspart/perl' : ( getpwuid($>) )[7] . '/perl/');
unshift @INC, map { $base_module_dir . $_ } @INC;
}
ASKER
ASKER
Perl is a high-level, general-purpose, interpreted, dynamic programming languages with over 25 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large-scale development projects. Perl gained widespread popularity as a Common Gateway Interface (CGI) scripting language, in part due to its regular expression and string parsing abilities. In addition to CGI, Perl is used for graphics programming, system administration, network programming, finance, bioinformatics, and other applications.
TRUSTED BY
1) are you talking to the right counter party (validation of endpoints)
2) is the connection confidential... (encryption is used)
@2) the key for this connection is determined during 1
@1) during the first phase certificates are exchanged, certificates describe aspects of the endpoint..
For a user mostly an email address, for a server mostly a username...
A certificate exists of the subject (above description), a private key (mostly protected with a pass phrase) and a public key. If the private key is used to encrypt some thing, then the public key can be used to decrypt it again. (and the other way around).
Using a known thing encrypt it and let the other decrypt it can verify one party, doing it both ways can authenticate both partners.
Now the validity of the keys still is not verified... for this we can request a third party to underwrite the validity and sign a certificate. That means a checksum of the certificate is encrypted by the third party
and if we have the public key of that 3rd party we can decrypt and verify the checksum.
Now how to verify that third party... well it can be a chain ... but it needs to be anchored somewhere.
That is what is called a Trusted Third Party. (or CA Certificate Authority) well known brands are:
Verisign, Global Trust. Open Source is CACert.
Those parties are mentioned is a special file/directory (depending on verify library) then the library can accept a certificate that is signed by such a party. (In that directory /file the public key is stored).