table of contents
| IO::Socket::SSL::Utils(3) | User Contributed Perl Documentation | IO::Socket::SSL::Utils(3) |
NAME¶
IO::Socket::SSL::Utils -- loading, storing, creating certificates and keys
SYNOPSIS¶
use IO::Socket::SSL::Utils;
my $cert = PEM_file2cert('cert.pem');
my $string = PEM_cert2string($cert);
CERT_free($cert);
my $key = KEY_create_rsa(2048);
PEM_string2file($key);
KEY_free($key);
DESCRIPTION¶
This module provides various utility functions to work with certificates and private keys, shielding some of the complexity of the underlying Net::SSLeay and OpenSSL.
FUNCTIONS¶
- •
- Functions converting between string or file and certificates and keys. They croak if the operation cannot be completed.
- •
- Functions for cleaning up. Each loaded or created cert and key must be freed to not leak memory.
- KEY_create_rsa(bits) -> key
Creates an RSA key pair, bits defaults to 1024.
- CERT_asHash(cert) -> hash
Extracts the information from the certificate into a hash:
- serial
- The serial number
- version
- Certificate version, usually 2 (x509v3)
- subject
- Hash with the parts of the subject, e.g. commonName, countryName, organizationName, stateOrProvinceName, localityName.
- subjectAltNames
- Array with list of alternative names. Each entry in the list is of "[type,value]", where "type" can be OTHERNAME, EMAIL, DNS, X400, DIRNAME, EDIPARTY, URI, IP or RID.
- not_before, not_after
- The time frame, where the certificate is valid, as time_t, e.g. can be converted with localtime or similar functions.
- •
- CERT_create(hash) -> cert
Creates a certificate based on the given hash. Additionally to the information described in "CERT_asHash" the following keys can be given:
- CA true|false
- if true declare certificate as CA, defaults to false
- key key
- use given key as key for certificate, otherwise a new one will be generated
- issuer_cert cert
- set issuer for new certificate
- issuer_key key
- sign new certificate with given key
If not all necessary information are given some will have usable defaults, e.g.
- not_before defaults to the current time
- not_after defaults to 365 days in the future
- subject has a default pointing to IO::Socket::SSL
- version defaults to 2 (x509v3)
- serial will be a random number
AUTHOR¶
Steffen Ullrich
| 2018-04-13 | perl v5.16.3 |