Ubuntu Manpage: IO::Socket::SSL::Utils -- loading, storing, creating certificates and keys

Provided by: libio-socket-ssl-perl_1.965-1ubuntu1_all

NAME

       IO::Socket::SSL::Utils -- loading, storing, creating certificates and keys

SYNOPSIS

           use IO::Socket::SSL::Utils;
           my $cert = PEM_file2cert('cert.pem');
           my $string = PEM_cert2string($cert);
           CERT_free($cert);

           my $key = KEY_create_rsa(2048);
           PEM_string2file($key);
           KEY_free($key);

DESCRIPTION

       This module provides various utility functions to work with certificates and private keys,
       shielding some of the complexity of the underlying Net::SSLeay and OpenSSL.

FUNCTIONS

       •   Functions converting between string or file and certificates and keys.  They croak if
           the operation cannot be completed.

           PEM_file2cert(file) -> cert
           PEM_cert2file(cert,file)
           PEM_string2cert(string) -> cert
           PEM_cert2string(cert) -> string
           PEM_file2key(file) -> key
           PEM_key2file(key,file)
           PEM_string2key(string) -> key
           PEM_key2string(key) -> string
       •   Functions for cleaning up.  Each loaded or created cert and key must be freed to not
           leak memory.

           CERT_free(cert)
           KEY_free(key)
       •   KEY_create_rsa(bits) -> key

           Creates an RSA key pair, bits defaults to 1024.

       •   CERT_asHash(cert) -> hash

           Extracts the information from the certificate into a hash:

           serial  The serial number

           version Certificate version, usually 2 (x509v3)

           subject Hash with the parts of the subject, e.g. commonName, countryName,
                   organizationName, stateOrProvinceName, localityName.

           subjectAltNames
                   Array with list of alternative names. Each entry in the list is of
                   "[type,value]", where "type" can be OTHERNAME, EMAIL, DNS, X400, DIRNAME,
                   EDIPARTY, URI, IP or RID.

           not_before, not_after
                   The time frame, where the certificate is valid, as time_t, e.g. can be
                   converted with localtime or similar functions.

       •   CERT_create(hash) -> (cert,key)

           Creates a certificate based on the given hash.  Additionally to the information
           described in "CERT_asHash" the following keys can be given:

           CA true|false
                   if true declare certificate as CA, defaults to false

           key key use given key as key for certificate, otherwise a new one will be generated
                   and returned

           issuer_cert cert
                   set issuer for new certificate

           issuer_key key
                   sign new certificate with given key

           If not all necessary information are given some will have usable defaults, e.g.

           not_before defaults to the current time
           not_after defaults to 365 days in the future
           subject has a default pointing to IO::Socket::SSL
           version defaults to 2 (x509v3)
           serial will be a random number

AUTHOR

       Steffen Ullrich