Click here to get back home

SSLeay and Chained Certs (InstantSSL/Comodo)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 comp.lang.perl.modules    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
SSLeay and Chained Certs (InstantSSL/Comodo) Jim Seymour 12-06-2006
Posted by Jim Seymour on December 6, 2006, 8:29 pm
Please log in for more thread options

I've recently installed a thing called "usermin"
(http://www.webmin.com/index6.html). It is written in Perl and uses
Net::SSLeay. My server certs are provided by InstantSSL/Comodo. Now
the thing about these certs is they're not signed by a root CA, but
instead there's an intermediate cert which is, in turn, signed by a
root CA. These chained certs work with Apache, Postfix' SSL support,
and ipop3d, but not with usermin.

I'm guessing the problem is in SSLeay. The question is: Is there
some trick to using chained certs with SSLeay? I'd be willing to put
the work in, and submit a patch to usermin's maintainer(s), if
somebody could point me in the right direction.

The only thing I've found so far (other than others asking the same
question and apparently not getting an answer) is this:
http://lists.alioth.debian.org/pipermail/net-ssleay-devel/2006-April/000061.html

Can anybody help?

TIA,
Jim
--
Jim Seymour | "There is no expedient to which a man will not
jseymour@LinxNet.com | go to avoid the labor of thinking."
http://jimsun.LinxNet.com | - Thomas A. Edison

Posted by Jim Seymour on December 7, 2006, 3:03 pm
Please log in for more thread options

        jseymour@LinxNet.com (Jim Seymour) writes:
> I've recently installed a thing called "usermin"
> (http://www.webmin.com/index6.html). It is written in Perl and uses
> Net::SSLeay. My server certs are provided by InstantSSL/Comodo. Now
> the thing about these certs is they're not signed by a root CA, but
> instead there's an intermediate cert which is, in turn, signed by a
> root CA. These chained certs work with Apache, Postfix' SSL support,
> and ipop3d, but not with usermin.
[snip]

Disregard. I went to see if I could apply what was at the URL I
mentioned in my previous post to the code, only to find it was
already in there! After a bit of fiddling, I figured out what the
code wanted and gave it to it. Now all's well.

Sorry for pestering y'all needlessly.

--
Jim Seymour | "There is no expedient to which a man will not
jseymour@LinxNet.com | go to avoid the labor of thinking."
http://jimsun.LinxNet.com | - Thomas A. Edison

Similar ThreadsPosted
Is installing Crypt::SSLeay related to SSL Certs and secure sites? August 3, 2006, 4:15 am
Crypt::SSLeay + OpenSSL 0.9.8 July 21, 2006, 5:31 am
Crypt::SSLEay for Windows March 7, 2007, 1:08 am
Net::SSLeay: How to transmit an intermediate CA-Certificate? August 3, 2004, 2:16 pm
Crypt::SSLeay Installation Failure January 28, 2006, 1:07 am
Explicitly telling LWP::UserAgent where Crypt::SSLeay is September 19, 2005, 3:45 pm
SSLeay & OpenSSL problem with install of IO::Socket::SSL June 24, 2005, 9:39 am
Compiled .exe of Perl does not work when using Crypt::SSLeay May 14, 2007, 7:35 pm
Re: Net::SSLeay make failure - openssl error. September 14, 2008, 6:06 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap