We had a bit of trouble getting Perl's World-Wide Web Library (LWP) to work through a Squid proxy when accessing HTTPS resources, but I narrowed it down. This small sample works for me:

#!/usr/bin/perl

# PROXY SUPPORT
$ENV{HTTPS_PROXY} = 'http://squid.example.com:3128';

# PROXY_BASIC_AUTH
$ENV{HTTPS_PROXY_USERNAME} = 'user';
$ENV{HTTPS_PROXY_PASSWORD} = 'pass';

# DEFAULT SSL VERSION
$ENV{HTTPS_VERSION} = '3';

# DEBUGGING SWITCH / LOW LEVEL SSL DIAGNOSTICS
$ENV{HTTPS_DEBUG} = 0;

# this must contain the CA's root cert
$ENV{HTTPS_CA_FILE}   = '/shared/ca.crt';

# CLIENT PKCS12 CERT SUPPORT [untested]
$ENV{HTTPS_PKCS12_FILE}     = 'certs/pkcs12.p12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';

use LWP::UserAgent;

my $ua = new LWP::UserAgent;
my $req = new HTTP::Request('GET', 'https://some.place.on.web/');
my $res = $ua->request($req);
print $res->code." " . $res->as_string . "\n";

If the CA_FILE doesn't contain the Certification Authority's root certificate, my version of squid complains that it cannot access the domain; the error-message is wrong, but the intention is clear. In fact squid's logs show it trying to access itself. Just ensure you have the certificate in the bundle.

Flattr this
Apache and Security :: 08 Mar 2007 :: e-mail

Comments

blog comments powered by Disqus