[SP-pm] Soap com ssl e autenticação usando pkcs#12

Sat Jan 9 10:58:57 PST 2010

Olá Daniel, tudo bem?

Quando a URL inicia com https, o LWP já faz uso do Crypt::SSLeay ou
Net::SSL.
E as duas já estão instaladas, na verdade parece que o handshake é
interrompido no finalzinho.

Fiz testes e mais testes, acho que minha saída é tentar implementar sem Lwp
(gerar as requisições "na mão"), fazendo chamada ao Net::SSL na hora da
criptografia, e ver onde o processo de handshake pára.

Grato,

--
Geovanny Junio
Consultor de Tecnologia
geovanny (at) eutsiv.com.br
+55 31 9422-8885
+55 31 3393-9132
www.eutsiv.com.br

Este e-mail pode conter informação privilegiada e confidencial. Se você não
é destinatário da
mensagem, por favor apague a mensagem e comunique-nos o fato de imediato.

This e-mail contains information that may be
privileged and confidential. If you are not the intended recipient, please
delete the e-mail and notify us immediately.

2010/1/9 Daniel de Oliveira Mantovani <daniel.oliveira.mantovani at gmail.com>

> Olá, talvez você precise usar SSL.
>
> $cpan
> look LWP
> vim README.SSL
> "SSL SUPPORT
> -----------
>
> The libwww-perl package has support for using SSL/TLSv1 with its HTTP
> client and server classes. This support makes it possible to access
> https schemed URLs with LWP. Because of the problematic status of
> encryption software in general and certain encryption algorithms in
> particular, in several countries, libwww-perl package doesn't include
> SSL functionality out-of-the-box.
>
> Encryption support is obtained through the use of Crypt::SSLeay or
> IO::Socket::SSL, which can both be found from CPAN. While libwww-perl
> has "plug-and-play" support for both of these modules (as of v5.45),
> the recommended module to use is Crypt::SSLeay. In addition to
> bringing SSL support to the LWP package, IO::Socket::SSL can be used
> as an object oriented interface to SSL encrypted network sockets.
>
> There is yet another SSL interface for perl called Net::SSLeay. It has
> a more complete SSL interface and can be used for web client
> programming among other things but doesn't directly support LWP.
>
> The underlying SSL support in all of these modules is based on OpenSSL
> <http://www.openssl.org/> (formerly SSLeay). For WWW-server side SSL
> support (e.g. CGI/FCGI scripts) in Apache see <http://www.modssl.org/>."
>
> Da uma olhada:
> Crypt::SSLeay  =>
> http://search.cpan.org/~dland/Crypt-SSLeay-0.57/SSLeay.pm<http://search.cpan.org/%7Edland/Crypt-SSLeay-0.57/SSLeay.pm>
>
> *Eu não sei se é esse o problema*
>
> 2010/1/8 eutsiv :: Geovanny Junio <geovanny at eutsiv.com.br>:
> > Olá companheiros(as), tudo bem?
> > Estou trabalhando em um módulo para a NFSe, mas estou com problemas no
> > acesso ao webservice,
> > segue o código:
> > $ENV{HTTPS_DEBUG} = 1;
> > # Client PKCS12 cert support
> > $ENV{HTTPS_PKCS12_FILE} = 'mycert.pfx';
> > $ENV{HTTPS_PKCS12_PASSWORD} = 'mypass'';
> > my $userAgent = LWP::UserAgent->new();
> > my $request = HTTP::Request->new(POST =>
> > 'https://bhisshomologa.pbh.gov.br/bhiss-ws/nfse?wsdl'<https://bhisshomologa.pbh.gov.br/bhiss-ws/nfse?wsdl%27>
> );
> > $request->content($message);
> > $request->content_type("text/xml; charset=utf-8");
> > my $response = $userAgent->request($request);
> > if($response->code == 200) {
> > print $response->as_string;
> > }
> > else {
> > print $response->error_as_HTML;
> > }
> >
> >
> > Mas sempre o obtenho o seguinte erro:
> > SSL_connect:before/connect initialization
> > SSL_connect:SSLv3 write client hello A
> > SSL_connect:SSLv3 read server hello A
> > SSL_connect:SSLv3 read server certificate A
> > SSL_connect:SSLv3 read server key exchange A
> > SSL_connect:SSLv3 read server done A
> > SSL_connect:SSLv3 write client key exchange A
> > SSL_connect:SSLv3 write change cipher spec A
> > SSL_connect:SSLv3 write finished A
> > SSL_connect:SSLv3 flush data
> > SSL_connect:SSLv3 read finished A
> > <html>
> > <head><title>An Error Occurred</title></head>
> > <body>
> > <h1>An Error Occurred</h1>
> > <p>500 SSL read timeout: </p>
> > </body>
> > </html>
> > Já pesquisei, alterei o tempo de timeout, mas nada. Alguém sabe o caminho
> > das pedras?
> > Desde já grato.
> > --
> > Geovanny Junio
> > Consultor de Tecnologia
> > geovanny (at) eutsiv.com.br
> > +55 31 9422-8885
> > +55 31 3393-9132
> > www.eutsiv.com.br
> >
> > Este e-mail pode conter informação privilegiada e confidencial. Se você
> não
> > é destinatário da
> > mensagem, por favor apague a mensagem e comunique-nos o fato de imediato.
> >
> > This e-mail contains information that may be
> > privileged and confidential. If you are not the intended recipient,
> please
> > delete the e-mail and notify us immediately.
> >
> > _______________________________________________
> > SaoPaulo-pm mailing list
> > SaoPaulo-pm at pm.org
> > http://mail.pm.org/mailman/listinfo/saopaulo-pm
> >
>
>
>
> --
> If you’ve never written anything thoughtful, then you’ve never had any
> difficult, important, or interesting thoughts. That’s the secret:
> people who don’t write, are people who don’t think.
> _______________________________________________
> SaoPaulo-pm mailing list
> SaoPaulo-pm at pm.org
> http://mail.pm.org/mailman/listinfo/saopaulo-pm
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/saopaulo-pm/attachments/20100109/9d8205ab/attachment-0001.html>