'Connecting via socket using SSL and PERL'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    Connecting via socket using SSL and PERL
From:       GSG WEBS <support () gsgwebs ! com>
Date:       1999-06-21 11:53:12
[Download RAW message or body]

I have a basic question using PERL for connecting to a socket and communicating
with a credit card authorization gateway (but maintaining the SSL data
integrity). I have read several documents on SSLeay (including the FAQ and
Programmers reference), but I am still having some difficulty. 

Here is the scenario:

Our application is in PERL. We have a shoppingcart software that runs on our
secure server (https:secure.myserver.com). We are needing to connect to a
secure transaction gateway (https:secure.transaction-gateway.com) via a socket
to authorize the credit card information that comes through the cart. After we
connect, we send them the users cc info, and then need to get back the comma
delimited string that contains the response code (accepted or declined). We
have no problem doing this with PERL insecurely(without SSL), but we are not
sure the minimum requirements of the SSL function calls used to transfer the
encrypted data. We would normally use filehandles to communicate with the
server we are connecting to.

Here is our routine (but what are we missing??) :

$remote_host = "www.authorize.net";
$remote_port = "443"; # SSL Port

use Socket;
socket(SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));

# build the remote address
$internet_addr = inet_aton($remote_host) || 
die "Couldn't convert $remote_host into an Internet address: $!\n";

$paddr = sockaddr_in($remote_port, $internet_addr);
connect(SERVER, $paddr) || die "Couldn't connect to $remote_host:$remote_port :
$!\n";

# create an SSL structure ???(are we suppose to pass in 
# arguments or our filehandle or can con be our filehandle?) need to make 'con'
a variable???
con=(SSL *)SSL_new(); 

# give it a file descriptor to use ???(can we use our filehandle- SERVER
instead of con?)???
SSL_set_fd(con,s);

# connect
SSL_connect(con);

$headers = qq~
POST /scripts/authrequest.asp HTTP/1.1
Host: www.authorize.net:443 
Content-type: application/x-www-form-urlencoded
Content-length:32
~;

$post = "home=Cosby&favorite+flavor=flies";

$data = $headers . $post;

# send data
SSL_write(con,$data,???); 

# receive data
SSL_read(con,buf,??unkown??); 

# close(socket)
SSL_shutdown(con)

-------------

Thanks for your help using PERL for connecting/sending/receiving data through a
secure socket. I would be happy to give you my kids in compensation for your
help :)

Are there any good resources that describe the SSLeay function calls in more
detail -- describing the arguments or variables associated with each
function(besides the ones at openssl.org, or through the FAQ and programmers
reference -- I have checked all of the links through those).

Greg Graf
System Admin
GSG WEBS/GSG Net

[Attachment #3 (text/html)]

<html>
I have a basic question using PERL for connecting to a socket and
communicating with a credit card authorization gateway (but maintaining
the SSL data integrity). I have read several documents on SSLeay
(including the FAQ and Programmers reference), but I am still having some
difficulty. <br>
<br>
Here is the scenario:<br>
<br>
Our application is in PERL. We have a shoppingcart software that runs on
our secure server (https:secure.myserver.com). We are needing to connect
to a secure transaction gateway (https:secure.transaction-gateway.com)
via a socket to authorize the credit card information that comes through
the cart. After we connect, we send them the users cc info, and then need
to get back the comma delimited string that contains the response code
(accepted or declined). We have no problem doing this with PERL
insecurely(without SSL), but we are not sure the minimum requirements of
the SSL function calls used to transfer the encrypted data. We would
normally use filehandles to communicate with the server we are connecting
to.<br>
<br>
Here is our routine (but what are we missing??) :<br>
<br>
<font face="Courier New, Courier">$remote_host =
&quot;</font><a href="http://www.authorize.net/" eudora="autourl"><font face="Courier \
New, Courier" color="#0000FF"><u>www.authorize.net</a></font></u><font face="Courier \
New, Courier">&quot;;<br> $remote_port = &quot;443&quot;; # SSL Port<br>
<br>
use Socket;<br>
socket(SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));<br>
<br>
# build the remote address<br>
$internet_addr = inet_aton($remote_host) || <br>
die &quot;Couldn't convert $remote_host into an Internet address:
$!\n&quot;;<br>
<br>
$paddr = sockaddr_in($remote_port, $internet_addr);<br>
connect(SERVER, $paddr) || die &quot;Couldn't connect to
$remote_host:$remote_port : $!\n&quot;;<br>
<br>
# create an SSL structure ???(are we suppose to pass in <br>
# arguments or our filehandle or can con be our filehandle?) need to make
'con' a variable???<br>
con=(SSL *)SSL_new(); <br>
<br>
# give it a file descriptor to use ???(can we use our filehandle- SERVER
instead of con?)???<br>
SSL_set_fd(con,s);<br>
<br>
# connect<br>
SSL_connect(con);<br>
<br>
$headers = qq~<br>
POST /scripts/authrequest.asp HTTP/1.1<br>
Host:
</font><a href="http://www.authorize.net:443/" eudora="autourl"><font face="Courier \
New, Courier" color="#0000FF"><u>www.authorize.net:443</a></font></u><font \
face="Courier New, Courier"> <br>
Content-type: application/x-www-form-urlencoded<br>
Content-length:32<br>
~;<br>
<br>
$post = &quot;home=Cosby&amp;favorite+flavor=flies&quot;;<br>
<br>
$data = $headers . $post;<br>
<br>
# send data<br>
SSL_write(con,$data,???); <br>
<br>
# receive data<br>
SSL_read(con,buf,??unkown??); <br>
<br>
# close(socket)<br>
SSL_shutdown(con)<br>
<br>
-------------<br>
<br>
</font><font face="Times New Roman, Times" size=4>Thanks for your help
using PERL for connecting/sending/receiving data through a secure socket.
I would be happy to give you my kids in compensation for your help
> )<br>
<br>
Are there any good resources that describe the SSLeay function calls in
more detail -- describing the arguments or variables associated with each
function(besides the ones at openssl.org, or through the FAQ and
programmers reference -- I have checked all of the links through
those).<br>
<br>
Greg Graf<br>
System Admin<br>
GSG WEBS/GSG Net<br>
</font></html>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic