You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-commits@perl.apache.org by kb...@apache.org on 2011/11/29 06:39:37 UTC
svn commit: r1207758 - /perl/Apache-Test/trunk/lib/Apache/TestRequest.pm
Author: kbrand
Date: Tue Nov 29 05:39:36 2011
New Revision: 1207758
URL: http://svn.apache.org/viewvc?rev=1207758&view=rev
Log:
Compatibility fixes for SSL requests under LWP 6:
- set SSL_ca_file in user_agent(), if not yet set
(needed for successful verification when verify_hostname is enabled)
- in set_client_cert(), also set the cert via LWP::UserAgent's new ssl_opts
Modified:
perl/Apache-Test/trunk/lib/Apache/TestRequest.pm
Modified: perl/Apache-Test/trunk/lib/Apache/TestRequest.pm
URL: http://svn.apache.org/viewvc/perl/Apache-Test/trunk/lib/Apache/TestRequest.pm?rev=1207758&r1=1207757&r2=1207758&view=diff
==============================================================================
--- perl/Apache-Test/trunk/lib/Apache/TestRequest.pm (original)
+++ perl/Apache-Test/trunk/lib/Apache/TestRequest.pm Tue Nov 29 05:39:36 2011
@@ -159,6 +159,14 @@ sub user_agent {
};
}
+ # in LWP 6, verify_hostname defaults to on, so SSL_ca_file
+ # needs to be set accordingly
+ if ($LWP::VERSION >= 6.0 and not exists $args->{ssl_opts}->{SSL_ca_file}) {
+ my $vars = Apache::Test::vars();
+ $args->{ssl_opts}->{SSL_ca_file} = "$vars->{sslca}/" .
+ "$vars->{sslcaorg}/certs/ca.crt";
+ }
+
eval { $UA ||= __PACKAGE__->new(%$args); };
}
@@ -352,7 +360,7 @@ sub prepare {
}
push @$pass, content => $content;
}
- if ($keep->{cert}) {
+ if (exists $keep->{cert}) {
set_client_cert($keep->{cert});
}
@@ -620,11 +628,18 @@ sub set_client_cert {
if ($name) {
$ENV{HTTPS_CERT_FILE} = "$dir/certs/$name.crt";
$ENV{HTTPS_KEY_FILE} = "$dir/keys/$name.pem";
+ if ($LWP::VERSION >= 6.0) {
+ # LWP 6 no longer honors HTTPS_{CERT,KEY}_FILE
+ user_agent(reset => 1,
+ ssl_opts => { SSL_cert_file => "$dir/certs/$name.crt",
+ SSL_key_file => "$dir/keys/$name.pem" });
+ }
}
else {
for (qw(CERT KEY)) {
delete $ENV{"HTTPS_${_}_FILE"};
}
+ user_agent(reset => 1) if $LWP::VERSION >= 6.0;
}
}
Re: svn commit: r1207758 - /perl/Apache-Test/trunk/lib/Apache/TestRequest.pm
Posted by Torsten Förtsch <to...@gmx.net>.
On Wednesday, 30 November 2011 14:16:59 Kaspar Brand wrote:
> > If now GET itself calls user_agent(reset=>1) via prepare() and
> > set_client_cert() wouldn't that clobber the "requests_redirectable =>
> > 0"
> > setting made by the user?
>
> You're right, indeed - thanks for pointing this out. After further
> testing and experiments, I think that the attached patch should take
> care of this... does this look like an acceptable solution?
Looks good to me.
Torsten Förtsch
--
Need professional modperl support? Hire me! (http://foertsch.name)
Like fantasy? http://kabatinte.net
Re: svn commit: r1207758 - /perl/Apache-Test/trunk/lib/Apache/TestRequest.pm
Posted by Kaspar Brand <ht...@velox.ch>.
On 29.11.2011 11:44, Torsten Förtsch wrote:
> These calls to user_agent(reset=>1) are the actual reason for this mail. I
> think it is wrong to do that here. The user agent keeps a global state that is
> reset if user_agent() is called with reset=>1. set_client_cert() is called by
> prepare() which is called by GET, POST etc.
>
> According to the documentation for Apache::TestRequest the way to make the UA
> not to follow redirects is
>
> Apache::TestRequest::user_agent(reset => 1,
> requests_redirectable => 0);
>
> before calling GET.
>
> If now GET itself calls user_agent(reset=>1) via prepare() and
> set_client_cert() wouldn't that clobber the "requests_redirectable => 0"
> setting made by the user?
You're right, indeed - thanks for pointing this out. After further
testing and experiments, I think that the attached patch should take
care of this... does this look like an acceptable solution?
Kaspar
Re: svn commit: r1207758 - /perl/Apache-Test/trunk/lib/Apache/TestRequest.pm
Posted by Torsten Förtsch <to...@gmx.net>.
On Tuesday, 29 November 2011 05:39:37 kbrand@apache.org wrote:
> @@ -620,11 +628,18 @@ sub set_client_cert {
> if ($name) {
> $ENV{HTTPS_CERT_FILE} = "$dir/certs/$name.crt";
> $ENV{HTTPS_KEY_FILE} = "$dir/keys/$name.pem";
better written as
@ENV{qw/HTTPS_CERT_FILE HTTPS_KEY_FILE/} =
("$dir/certs/$name.crt", "$dir/keys/$name.pem");
> + if ($LWP::VERSION >= 6.0) {
> + # LWP 6 no longer honors HTTPS_{CERT,KEY}_FILE
> + user_agent(reset => 1,
> + ssl_opts => { SSL_cert_file =>
> "$dir/certs/$name.crt",
> + SSL_key_file =>
> "$dir/keys/$name.pem" }); + }
> }
> else {
> for (qw(CERT KEY)) {
> delete $ENV{"HTTPS_${_}_FILE"};
> }
> + user_agent(reset => 1) if $LWP::VERSION >= 6.0;
These calls to user_agent(reset=>1) are the actual reason for this mail. I
think it is wrong to do that here. The user agent keeps a global state that is
reset if user_agent() is called with reset=>1. set_client_cert() is called by
prepare() which is called by GET, POST etc.
According to the documentation for Apache::TestRequest the way to make the UA
not to follow redirects is
Apache::TestRequest::user_agent(reset => 1,
requests_redirectable => 0);
before calling GET.
If now GET itself calls user_agent(reset=>1) via prepare() and
set_client_cert() wouldn't that clobber the "requests_redirectable => 0"
setting made by the user?
Just a thought.
Torsten Förtsch
--
Need professional modperl support? Hire me! (http://foertsch.name)
Like fantasy? http://kabatinte.net