++ed by:
ETHER MMUSGROVE MELO ARISTOTLE DOHERTY

20 PAUSE user(s)
3 non-PAUSE user(s).

Steffen Ullrich

NAME

IO::Socket::SSL::Utils -- loading, storing, creating certificates and keys

SYNOPSIS

    use IO::Socket::SSL::Utils;
    my $cert = PEM_file2cert('cert.pem');
    my $string = PEM_cert2string($cert);
    CERT_free($cert);

    my $key = KEY_create_rsa(2048);
    PEM_string2file($key);
    KEY_free($key);

DESCRIPTION

This module provides various utility functions to work with certificates and private keys, shielding some of the complexity of the underlying Net::SSLeay and OpenSSL.

FUNCTIONS

  • Functions converting between string or file and certificates and keys. They croak if the operation cannot be completed.

    PEM_file2cert(file) -> cert
    PEM_cert2file(cert,file)
    PEM_string2cert(string) -> cert
    PEM_cert2string(cert) -> string
    PEM_file2key(file) -> key
    PEM_key2file(key,file)
    PEM_string2key(string) -> key
    PEM_key2string(key) -> string
  • Functions for cleaning up. Each loaded or created cert and key must be freed to not leak memory.

    CERT_free(cert)
    KEY_free(key)
  • KEY_create_rsa(bits) -> key

    Creates an RSA key pair, bits defaults to 2048.

  • CERT_asHash(cert) -> hash

    Extracts the information from the certificate into a hash:

    serial

    The serial number

    version

    Certificate version, usually 2 (x509v3)

    subject

    Hash with the parts of the subject, e.g. commonName, countryName, organizationName, stateOrProvinceName, localityName.

    subjectAltNames

    Array with list of alternative names. Each entry in the list is of [type,value], where type can be OTHERNAME, EMAIL, DNS, X400, DIRNAME, EDIPARTY, URI, IP or RID.

    not_before, not_after

    The time frame, where the certificate is valid, as time_t, e.g. can be converted with localtime or similar functions.

  • CERT_create(hash) -> (cert,key)

    Creates a certificate based on the given hash. If the issuer is not specified the certificate will be self-signed. Additionally to the information described in CERT_asHash the following keys can be given:

    CA true|false

    if true declare certificate as CA, defaults to false

    key key

    use given key as key for certificate, otherwise a new one will be generated and returned

    issuer_cert cert

    set issuer for new certificate

    issuer_key key

    sign new certificate with given key

    issuer [ cert, key ]

    Instead of giving issuer_key and issuer_cert as seperate arguments they can be given both together.

    digest algorithm

    specify the algorithm used to sign the certificate, default SHA-256.

    If not all necessary information are given some will have usable defaults, e.g.

    not_before defaults to the current time
    not_after defaults to 365 days in the future
    subject has a default pointing to IO::Socket::SSL
    version defaults to 2 (x509v3)
    serial will be a random number

AUTHOR

Steffen Ullrich