We had a bit of trouble getting Perl’s World-Wide Web Library (LWP) to work through a Squid proxy when accessing HTTPS resources, but I narrowed it down. This small sample works for me:

#!/usr/bin/perl

# PROXY SUPPORT
$ENV{HTTPS_PROXY} = 'http://squid.example.com:3128';

# PROXY_BASIC_AUTH
$ENV{HTTPS_PROXY_USERNAME} = 'user';
$ENV{HTTPS_PROXY_PASSWORD} = 'pass';

# DEFAULT SSL VERSION
$ENV{HTTPS_VERSION} = '3';

# DEBUGGING SWITCH / LOW LEVEL SSL DIAGNOSTICS
$ENV{HTTPS_DEBUG} = 0;

# this must contain the CA's root cert
$ENV{HTTPS_CA_FILE}   = '/shared/ca.crt';

# CLIENT PKCS12 CERT SUPPORT [untested]
$ENV{HTTPS_PKCS12_FILE}     = 'certs/pkcs12.p12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';

use LWP::UserAgent;

my $ua = new LWP::UserAgent;
my $req = new HTTP::Request('GET', 'https://some.place.on.web/');
my $res = $ua->request($req);
print $res->code." " . $res->as_string . "\n";

If the CA_FILE doesn’t contain the Certification Authority’s root certificate, my version of squid complains that it cannot access the domain; the error-message is wrong, but the intention is clear. In fact squid’s logs show it trying to access itself. Just ensure you have the certificate in the bundle.

Apache and Security :: 08 Mar 2007 :: e-mail

Comments

blog comments powered by Disqus