[SP-pm] Soap com ssl e autenticação usando pkcs#12

Daniel de Oliveira Mantovani daniel.oliveira.mantovani at gmail.com
Tue Jan 12 07:36:18 PST 2010


Dúvida, você instalou o Crypt::SSLeay e o Net::SSL ou já estavam instalados ?
Se já tiverem instalados, rode o teste de ambos.

Só não diga que o openssl não está instalado :)

[]'s

2010/1/12 eutsiv :: Geovanny Junio <geovanny em eutsiv.com.br>:
> Olá companheiros,
> Os erros continuam, e eu já fiz tudo possível. Estava num ambiente Linux
> (Debian), resolvi testar no windows XP com o Strawberry, funcionou de
> primeira.
> Acho que agora ficou mais fácil de achar o problema, assim que descobrir
> posto aqui.
> Grato,
> --
> Geovanny Junio
> Consultor de Tecnologia
> geovanny (at) eutsiv.com.br
> +55 31 9422-8885
> +55 31 3393-9132
> www.eutsiv.com.br
>
> Este e-mail pode conter informação privilegiada e confidencial. Se você não
> é destinatário da
> mensagem, por favor apague a mensagem e comunique-nos o fato de imediato.
>
> This e-mail contains information that may be
> privileged and confidential. If you are not the intended recipient, please
> delete the e-mail and notify us immediately.
>
>
> 2010/1/9 Lindolfo "Lorn" Rodrigues <lorn.br em gmail.com>
>>
>> Você está certo, o LWP::UserAgent toma conta do SSL, mas você está usando
>> o HTTP::Response! o LWP já usa ele por você.
>> require LWP::UserAgent;
>>
>>  my $ua = LWP::UserAgent->new;
>> my $response = $ua->get('https://www.submarino.com.br/');
>> print $response->content;
>> Faz o teste com seu post, usando o LWP direto, sem usar o HTTP::Response e
>> ve se da certo
>>
>> 2010/1/9 eutsiv :: Geovanny Junio <geovanny em eutsiv.com.br>
>>>
>>> Olá Daniel, tudo bem?
>>>
>>> Quando a URL inicia com https, o LWP já faz uso do Crypt::SSLeay ou
>>> Net::SSL.
>>> E as duas já estão instaladas, na verdade parece que o handshake é
>>> interrompido no finalzinho.
>>>
>>> Fiz testes e mais testes, acho que minha saída é tentar implementar sem
>>> Lwp (gerar as requisições "na mão"), fazendo chamada ao Net::SSL na hora da
>>> criptografia, e ver onde o processo de handshake pára.
>>>
>>> Grato,
>>>
>>> --
>>> Geovanny Junio
>>> Consultor de Tecnologia
>>> geovanny (at) eutsiv.com.br
>>> +55 31 9422-8885
>>> +55 31 3393-9132
>>> www.eutsiv.com.br
>>>
>>> Este e-mail pode conter informação privilegiada e confidencial. Se você
>>> não é destinatário da
>>> mensagem, por favor apague a mensagem e comunique-nos o fato de imediato.
>>>
>>> This e-mail contains information that may be
>>> privileged and confidential. If you are not the intended recipient,
>>> please
>>> delete the e-mail and notify us immediately.
>>>
>>>
>>> 2010/1/9 Daniel de Oliveira Mantovani
>>> <daniel.oliveira.mantovani em gmail.com>
>>>>
>>>> Olá, talvez você precise usar SSL.
>>>>
>>>> $cpan
>>>> look LWP
>>>> vim README.SSL
>>>> "SSL SUPPORT
>>>> -----------
>>>>
>>>> The libwww-perl package has support for using SSL/TLSv1 with its HTTP
>>>> client and server classes. This support makes it possible to access
>>>> https schemed URLs with LWP. Because of the problematic status of
>>>> encryption software in general and certain encryption algorithms in
>>>> particular, in several countries, libwww-perl package doesn't include
>>>> SSL functionality out-of-the-box.
>>>>
>>>> Encryption support is obtained through the use of Crypt::SSLeay or
>>>> IO::Socket::SSL, which can both be found from CPAN. While libwww-perl
>>>> has "plug-and-play" support for both of these modules (as of v5.45),
>>>> the recommended module to use is Crypt::SSLeay. In addition to
>>>> bringing SSL support to the LWP package, IO::Socket::SSL can be used
>>>> as an object oriented interface to SSL encrypted network sockets.
>>>>
>>>> There is yet another SSL interface for perl called Net::SSLeay. It has
>>>> a more complete SSL interface and can be used for web client
>>>> programming among other things but doesn't directly support LWP.
>>>>
>>>> The underlying SSL support in all of these modules is based on OpenSSL
>>>> <http://www.openssl.org/> (formerly SSLeay). For WWW-server side SSL
>>>> support (e.g. CGI/FCGI scripts) in Apache see <http://www.modssl.org/>."
>>>>
>>>> Da uma olhada:
>>>> Crypt::SSLeay  =>
>>>> http://search.cpan.org/~dland/Crypt-SSLeay-0.57/SSLeay.pm
>>>>
>>>> *Eu não sei se é esse o problema*
>>>>
>>>> 2010/1/8 eutsiv :: Geovanny Junio <geovanny em eutsiv.com.br>:
>>>> > Olá companheiros(as), tudo bem?
>>>> > Estou trabalhando em um módulo para a NFSe, mas estou com problemas no
>>>> > acesso ao webservice,
>>>> > segue o código:
>>>> > $ENV{HTTPS_DEBUG} = 1;
>>>> > # Client PKCS12 cert support
>>>> > $ENV{HTTPS_PKCS12_FILE} = 'mycert.pfx';
>>>> > $ENV{HTTPS_PKCS12_PASSWORD} = 'mypass'';
>>>> > my $userAgent = LWP::UserAgent->new();
>>>> > my $request = HTTP::Request->new(POST =>
>>>> > 'https://bhisshomologa.pbh.gov.br/bhiss-ws/nfse?wsdl');
>>>> > $request->content($message);
>>>> > $request->content_type("text/xml; charset=utf-8");
>>>> > my $response = $userAgent->request($request);
>>>> > if($response->code == 200) {
>>>> > print $response->as_string;
>>>> > }
>>>> > else {
>>>> > print $response->error_as_HTML;
>>>> > }
>>>> >
>>>> >
>>>> > Mas sempre o obtenho o seguinte erro:
>>>> > SSL_connect:before/connect initialization
>>>> > SSL_connect:SSLv3 write client hello A
>>>> > SSL_connect:SSLv3 read server hello A
>>>> > SSL_connect:SSLv3 read server certificate A
>>>> > SSL_connect:SSLv3 read server key exchange A
>>>> > SSL_connect:SSLv3 read server done A
>>>> > SSL_connect:SSLv3 write client key exchange A
>>>> > SSL_connect:SSLv3 write change cipher spec A
>>>> > SSL_connect:SSLv3 write finished A
>>>> > SSL_connect:SSLv3 flush data
>>>> > SSL_connect:SSLv3 read finished A
>>>> > <html>
>>>> > <head><title>An Error Occurred</title></head>
>>>> > <body>
>>>> > <h1>An Error Occurred</h1>
>>>> > <p>500 SSL read timeout: </p>
>>>> > </body>
>>>> > </html>
>>>> > Já pesquisei, alterei o tempo de timeout, mas nada. Alguém sabe o
>>>> > caminho
>>>> > das pedras?
>>>> > Desde já grato.
>>>> > --
>>>> > Geovanny Junio
>>>> > Consultor de Tecnologia
>>>> > geovanny (at) eutsiv.com.br
>>>> > +55 31 9422-8885
>>>> > +55 31 3393-9132
>>>> > www.eutsiv.com.br
>>>> >
>>>> > Este e-mail pode conter informação privilegiada e confidencial. Se
>>>> > você não
>>>> > é destinatário da
>>>> > mensagem, por favor apague a mensagem e comunique-nos o fato de
>>>> > imediato.
>>>> >
>>>> > This e-mail contains information that may be
>>>> > privileged and confidential. If you are not the intended recipient,
>>>> > please
>>>> > delete the e-mail and notify us immediately.
>>>> >
>>>> > _______________________________________________
>>>> > SaoPaulo-pm mailing list
>>>> > SaoPaulo-pm em pm.org
>>>> > http://mail.pm.org/mailman/listinfo/saopaulo-pm
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> If you’ve never written anything thoughtful, then you’ve never had any
>>>> difficult, important, or interesting thoughts. That’s the secret:
>>>> people who don’t write, are people who don’t think.
>>>> _______________________________________________
>>>> SaoPaulo-pm mailing list
>>>> SaoPaulo-pm em pm.org
>>>> http://mail.pm.org/mailman/listinfo/saopaulo-pm
>>>
>>>
>>> _______________________________________________
>>> SaoPaulo-pm mailing list
>>> SaoPaulo-pm em pm.org
>>> http://mail.pm.org/mailman/listinfo/saopaulo-pm
>>
>>
>>
>> --
>> lorn at lornlab dot org
>> Lindolfo "Lorn" Rodrigues
>>
>>
>> _______________________________________________
>> SaoPaulo-pm mailing list
>> SaoPaulo-pm em pm.org
>> http://mail.pm.org/mailman/listinfo/saopaulo-pm
>
>
> _______________________________________________
> SaoPaulo-pm mailing list
> SaoPaulo-pm em pm.org
> http://mail.pm.org/mailman/listinfo/saopaulo-pm
>



-- 
"If you’ve never written anything thoughtful, then you’ve never had
any difficult, important, or interesting thoughts. That’s the secret:
people who don’t write, are people who don’t think."


More information about the SaoPaulo-pm mailing list