{ "mode": "perldoc", "parameter": "Crypt::SSLeay", "section": "", "url": "https://www.chedong.com/phpMan.php/perldoc/Crypt%3A%3ASSLeay/json", "generated": "2026-06-11T12:44:00Z", "synopsis": "use Net::SSL;\nuse LWP::UserAgent;\nmy $ua = LWP::UserAgent->new(\nsslopts => { verifyhostname => 0 },\n);\nmy $response = $ua->get('https://www.example.com/');\nprint $response->content, \"\\n\";", "sections": { "NAME": { "content": "Crypt::SSLeay - OpenSSL support for LWP\n", "subsections": [] }, "HEARTBLEED WARNING": { "content": "\"perl Makefile.PL\" will display a warning if it thinks your OpenSSL might be vulnerable to the\nHeartbleed Bug . You can, of\ncourse, go ahead and install the module, but you should be aware that your system might be\nexposed to an extremely serious vulnerability. This is just a heuristic based on the version\nreported by OpenSSL. It is entirely possible that your distrbution actually pushed a patched\nlibrary, so if you have concerns, you should investigate further.\n", "subsections": [] }, "SYNOPSIS": { "content": "use Net::SSL;\nuse LWP::UserAgent;\n\nmy $ua = LWP::UserAgent->new(\nsslopts => { verifyhostname => 0 },\n);\n\nmy $response = $ua->get('https://www.example.com/');\nprint $response->content, \"\\n\";\n", "subsections": [] }, "DESCRIPTION": { "content": "This Perl module provides support for the HTTPS protocol under LWP, to allow an LWP::UserAgent\nobject to perform GET, HEAD, and POST requests over encrypted socket connections. Please see LWP\nfor more information on POST requests.\n\nThe \"Crypt::SSLeay\" package provides \"Net::SSL\", which, if requested, is loaded by\n\"LWP::Protocol::https\" for https requests and provides the necessary SSL glue.\n\nThis distribution also makes following deprecated modules available:\n\nCrypt::SSLeay::CTX\nCrypt::SSLeay::Conn\nCrypt::SSLeay::X509\n\nDO YOU NEED Crypt::SSLeay?\nStarting with version 6.02 of LWP, \"https\" support was unbundled into LWP::Protocol::https. This\nmodule specifies as one of its prerequisites IO::Socket::SSL which is automatically used by\nLWP::UserAgent unless this preference is overridden separately. \"IO::Socket::SSL\" is a more\ncomplete implementation, and, crucially, it allows hostname verification. \"Crypt::SSLeay\" does\nnot support this. At this point, \"Crypt::SSLeay\" is maintained to support existing software that\nalready depends on it. However, it is possible that your software does not really depend on\n\"Crypt::SSLeay\", only on the ability of \"LWP::UserAgent\" class to communicate with sites over\nSSL/TLS.\n\nIf are using version \"LWP\" 6.02 or later, and therefore have installed \"LWP::Protocol::https\"\nand its dependencies, and do not explicitly \"use\" \"Net::SSL\" before loading \"LWP::UserAgent\", or\noverride the default socket class, you are probably using \"IO::Socket::SSL\" and do not really\nneed \"Crypt::SSLeay\".\n\nIf you have both \"Crypt::SSLeay\" and \"IO::Socket::SSL\" installed, and would like to force\n\"LWP::UserAgent\" to use \"Crypt::SSLeay\", you can use:\n\nuse Net::HTTPS;\n$Net::HTTPS::SSLSOCKETCLASS = 'Net::SSL';\nuse LWP::UserAgent;\n\nor\n\nlocal $ENV{PERLNETHTTPSSSLSOCKETCLASS} = 'Net::SSL';\nuse LWP::UserAgent;\n\nor\n\nuse Net::SSL;\nuse LWP::UserAgent;\n", "subsections": [] }, "ENVIRONMENT VARIABLES": { "content": "Specify SSL Socket Class\n$ENV{PERLNETHTTPSSSLSOCKETCLASS} can be used to instruct \"LWP::UserAgent\" to use\n\"Net::SSL\" for HTTPS support rather than \"IO::Socket::SSL\".\n\nProxy Support\n$ENV{HTTPSPROXY} = 'http://proxyhostnameorip:port';\n\nProxy Basic Authentication\n$ENV{HTTPSPROXYUSERNAME} = 'username';\n$ENV{HTTPSPROXYPASSWORD} = 'password';\n\nSSL diagnostics and Debugging\n$ENV{HTTPSDEBUG} = 1;\n\nDefault SSL Version\n$ENV{HTTPSVERSION} = '3';\n\nClient Certificate Support\n$ENV{HTTPSCERTFILE} = 'certs/notacacert.pem';\n$ENV{HTTPSKEYFILE} = 'certs/notacakeynopass.pem';\n\nCA cert Peer Verification\n$ENV{HTTPSCAFILE} = 'certs/ca-bundle.crt';\n$ENV{HTTPSCADIR} = 'certs/';\n\nClient PKCS12 cert support\n$ENV{HTTPSPKCS12FILE} = 'certs/pkcs12.pkcs12';\n$ENV{HTTPSPKCS12PASSWORD} = 'PKCS12PASSWORD';\n", "subsections": [] }, "INSTALL": { "content": "", "subsections": [ { "name": "OpenSSL", "content": "You must have OpenSSL installed before compiling this module. You can get the latest OpenSSL\npackage from . We no longer support pre-2000 versions of\nOpenSSL.\n\nIf you are building OpenSSL from source, please follow the directions included in the source\npackage.\n" }, { "name": "Crypt::SSLeay via Makefile.PL", "content": "\"Makefile.PL\" accepts the following command line arguments:\n\n\"incpath\"\nPath to OpenSSL headers. Can also be specified via $ENV{OPENSSLINCLUDE}. If the command\nline argument is provided, it overrides any value specified via the environment variable. Of\ncourse, you can ignore both the command line argument and the environment variable, and just\nadd the path to your compiler specific environment variable such as \"CPATH\" or \"INCLUDE\"\netc.\n\n\"libpath\"\nPath to OpenSSL libraries. Can also be specified via $ENV{OPENSSLLIB}. If the command line\nargument is provided, it overrides any value specified by the environment variable. Of\ncourse, you can ignore both the command line argument and the environment variable and just\nadd the path to your compiler specific environment variable such as \"LIBRARYPATH\" or \"LIB\"\netc.\n\n\"live-tests\"\nUse \"--live-tests\" to request tests that try to connect to an external web site, and\n\"--no-livetests\" to prevent such tests from running. If you run \"Makefile.PL\"\ninteractively, and this argument is not specified on the command line, you will be prompted\nfor a value.\n\nDefault is false.\n\n\"static\"\nBoolean. Default is false. TODO: Does it work?\n\n\"verbose\"\nBoolean. Default is false. If you pass \"--verbose\" on the command line, both\n\"Devel::CheckLib\" and \"ExtUtils::CBuilder\" instances will be configured to echo what they\nare doing.\n\nIf everything builds OK, but you get failures when during tests, ensure that \"LDLIBRARYPATH\"\npoints to the location where the correct shared libraries are located.\n\nIf you are using a custom OpenSSL build, please keep in mind that \"Crypt::SSLeay\" must be built\nusing the same compiler and build tools used to build \"perl\" and OpenSSL. This can be more of an\nissue on Windows. If you are using Active State Perl, install the MinGW package distributed by\nthem, and build OpenSSL using that before trying to build this module. If you have built your\nown Perl using Microsoft SDK tools or IDEs, make sure you build OpenSSL using the same tools.\n\nDepending on your OS, pre-built OpenSSL packages may be available. To get the require headers\nand import libraries, you may need to install a development version of your operating system's\nOpenSSL library package. The key is that \"Crypt::SSLeay\" makes calls to the OpenSSL library, and\nhow to do so is specified in the C header files that come with the library. Some systems break\nout the header files into a separate package from that of the libraries. Once the program has\nbeen built, you don't need the headers any more.\n" }, { "name": "Crypt::SSLeay", "content": "The latest Crypt::SSLeay can be found at your nearest CPAN mirror, as well as\n.\n\nOnce you have downloaded it, \"Crypt::SSLeay\" installs easily using the standard build process:\n\n$ perl Makefile.PL\n$ make\n$ make test\n$ make install\n\nor\n\n$ cpanm Crypt::SSLeay\n\nIf you have OpenSSL headers and libraries in nonstandard locations, you can use\n\n$ perl Makefile.PL --incpath=... --libpath=...\n\nIf you would like to use \"cpanm\" with such custom locations, you can do\n\n$ OPENSSLINCLUDE=... OPENSSLLIB=... cpanm Crypt::SSLeay\n\nFor example, on OS X (Mac) with Homebrew:\n\n$ brew install openssl\n$ OPENSSLINCLUDE=$(brew --prefix openssl)/include OPENSSLLIB=$(brew --prefix openssl)/lib cpanm Crypt::SSLeay\n\nor, on Windows,\n\n> set OPENSSLINCLUDE=...\n> set OPENSSLLIB=...\n> cpanm Crypt::SSLeay\n\nIf you are on Windows, and using a MinGW distribution bundled with ActiveState Perl or\nStrawberry Perl, you would use \"dmake\" rather than \"make\". If you are using Microsoft's build\ntools, you would use \"nmake\".\n\nFor unattended (batch) installations, to be absolutely certain that Makefile.PL does not prompt\nfor questions on STDIN, set the environment variable \"PERLMMUSEDEFAULT=1\" as with any CPAN\nmodule built using ExtUtils::MakeMaker.\n\nVMS\nI do not have any experience with VMS. If OpenSSL headers and libraries are not in standard\nlocations searched by your build system by default, please set things up so that they are. If\nyou have generic instructions on how to do it, please open a ticket on RT with the information\nso I can add it to this document.\n" } ] }, "PROXY SUPPORT": { "content": "LWP::UserAgent and Crypt::SSLeay have their own versions of proxy support. Please read these\nsections to see which one is appropriate.\n\nLWP::UserAgent proxy support\n\"LWP::UserAgent\" has its own methods of proxying which may work for you and is likely to be\nincompatible with \"Crypt::SSLeay\" proxy support. To use \"LWP::UserAgent\" proxy support, try\nsomething like:\n\nmy $ua = LWP::UserAgent->new;\n$ua->proxy([qw( https http )], \"$proxyip:$proxyport\");\n\nAt the time of this writing, libwww v5.6 seems to proxy https requests fine with an Apache\nmodproxy server. It sends a line like:\n\nGET https://www.example.com HTTP/1.1\n\nto the proxy server, which is not the \"CONNECT\" request that some proxies would expect, so this\nmay not work with other proxy servers than modproxy. The \"CONNECT\" method is used by\n\"Crypt::SSLeay\"'s internal proxy support.\n", "subsections": [ { "name": "Crypt::SSLeay proxy support", "content": "For native \"Crypt::SSLeay\" proxy support of https requests, you need to set the environment\nvariable \"HTTPSPROXY\" to your proxy server and port, as in:\n\n# proxy support\n$ENV{HTTPSPROXY} = 'http://proxyhostnameorip:port';\n$ENV{HTTPSPROXY} = '127.0.0.1:8080';\n\nUse of the \"HTTPSPROXY\" environment variable in this way is similar to\n\"LWP::UserAgent-\"envproxy()> usage, but calling that method will likely override or break the\n\"Crypt::SSLeay\" support, so do not mix the two.\n\nBasic auth credentials to the proxy server can be provided this way:\n\n# proxybasicauth\n$ENV{HTTPSPROXYUSERNAME} = 'username';\n$ENV{HTTPSPROXYPASSWORD} = 'password';\n\nFor an example of LWP scripting with \"Crypt::SSLeay\" native proxy support, please look at the\neg/lwp-ssl-test script in the \"Crypt::SSLeay\" distribution.\n" } ] }, "CLIENT CERTIFICATE SUPPORT": { "content": "Client certificates are supported. PEM encoded certificate and private key files may be used\nlike this:\n\n$ENV{HTTPSCERTFILE} = 'certs/notacacert.pem';\n$ENV{HTTPSKEYFILE} = 'certs/notacakeynopass.pem';\n\nYou may test your files with the eg/net-ssl-test program, bundled with the distribution, by\nissuing a command like:\n\nperl eg/net-ssl-test -cert=certs/notacacert.pem \\\n-key=certs/notacakeynopass.pem -d GET $HOSTNAME\n\nAdditionally, if you would like to tell the client where the CA file is, you may set these.\n\n$ENV{HTTPSCAFILE} = \"somefile\";\n$ENV{HTTPSCADIR} = \"somedir\";\n\nNote that, if specified, $ENV{HTTPSCAFILE} must point to the actual certificate file. That is,\n$ENV{HTTPSCADIR} is *not* the path were $ENV{HTTPSCAFILE} is located.\n\nFor certificates in $ENV{HTTPSCADIR} to be picked up, follow the instructions on\n\n\nThere is no sample CA cert file at this time for testing, but you may configure eg/net-ssl-test\nto use your CA cert with the -CAfile option.\n\n(TODO: then what is the ./certs directory in the distribution?)\n", "subsections": [ { "name": "Creating a test certificate", "content": "To create simple test certificates with OpenSSL, you may run the following command:\n\nopenssl req -config /usr/local/openssl/openssl.cnf \\\n-new -days 365 -newkey rsa:1024 -x509 \\\n-keyout notacakey.pem -out notacacert.pem\n\nTo remove the pass phrase from the key file, run:\n\nopenssl rsa -in notacakey.pem -out notacakeynopass.pem\n\nPKCS12 support\nThe directives for enabling use of PKCS12 certificates is:\n\n$ENV{HTTPSPKCS12FILE} = 'certs/pkcs12.pkcs12';\n$ENV{HTTPSPKCS12PASSWORD} = 'PKCS12PASSWORD';\n\nUse of this type of certificate takes precedence over previous certificate settings described.\n\n(TODO: unclear? Meaning \"the presence of this type of certificate\"?)\n\nSSL versions\n\"Crypt::SSLeay\" tries very hard to connect to *any* SSL web server accommodating servers that\nare buggy, old or simply not standards-compliant. To this effect, this module will try SSL\nconnections in this order:\n\nSSL v23\nshould allow v2 and v3 servers to pick their best type\n\nSSL v3\nbest connection type\n\nSSL v2\nold connection type\n\nUnfortunately, some servers seem not to handle a reconnect to SSL v3 after a failed connect of\nSSL v23 is tried, so you may set before using LWP or Net::SSL:\n\n$ENV{HTTPSVERSION} = 3;\n\nto force a version 3 SSL connection first. At this time only a version 2 SSL connection will be\ntried after this, as the connection attempt order remains unchanged by this setting.\n" } ] }, "ACKNOWLEDGEMENTS": { "content": "Many thanks to the following individuals who helped improve \"Crypt-SSLeay\":\n\n*Gisle Aas* for writing this module and many others including libwww, for perl. The web will\nnever be the same :)\n\n*Ben Laurie* deserves kudos for his excellent patches for better error handling, SSL information\ninspection, and random seeding.\n\n*Dongqiang Bai* for host name resolution fix when using a proxy.\n\n*Stuart Horner* of Core Communications, Inc. who found the need for building \"--shared\" OpenSSL\nlibraries.\n\n*Pavel Hlavnicka* for a patch for freeing memory when using a pkcs12 file, and for inspiring\nmore robust \"read()\" behavior.\n\n*James Woodyatt* is a champ for finding a ridiculous memory leak that has been the bane of many\na Crypt::SSLeay user.\n\n*Bryan Hart* for his patch adding proxy support, and thanks to *Tobias Manthey* for submitting\nanother approach.\n\n*Alex Rhomberg* for Alpha linux ccc patch.\n\n*Tobias Manthey* for his patches for client certificate support.\n\n*Daisuke Kuroda* for adding PKCS12 certificate support.\n\n*Gamid Isayev* for CA cert support and insights into error messaging.\n\n*Jeff Long* for working through a tricky CA cert SSLClientVerify issue.\n\n*Chip Turner* for a patch to build under perl 5.8.0.\n\n*Joshua Chamas* for the time he spent maintaining the module.\n\n*Jeff Lavallee* for help with alarms on read failures (CPAN bug #12444).\n\n*Guenter Knauf* for significant improvements in configuring things in Win32 and Netware lands\nand Jan Dubois for various suggestions for improvements.\n\nand *many others* who provided bug reports, suggestions, fixes and patches.\n\nIf you have reported a bug or provided feedback, and you would like to be mentioned by name in\nthis section, please file request on rt.cpan.org\n.\n", "subsections": [] }, "SEE ALSO": { "content": "Net::SSL\nIf you have downloaded this distribution as of a dependency of another distribution, it's\nprobably due to this module (which is included in this distribution).\n\nNet::SSLeay\nNet::SSLeay provides access to the OpenSSL API directly from Perl. See\n.\n\nBuilding OpenSSL on 64-bit Windows 8.1 Pro using SDK tools\nMy blog post \nmight be helpful.\n", "subsections": [] }, "SUPPORT": { "content": "For issues related to using of \"Crypt::SSLeay\" & \"Net::SSL\" with Perl's LWP, please send email\nto \"libwww@perl.org\".\n\nFor OpenSSL or general SSL support, including issues associated with building and installing\nOpenSSL on your system, please email the OpenSSL users mailing list at\n\"openssl-users@openssl.org\". See for other\nmailing lists and archives.\n\nPlease report all bugs using rt.cpan.org\n.\n", "subsections": [] }, "AUTHORS": { "content": "This module was originally written by Gisle Aas, and was subsequently maintained by Joshua\nChamas, David Landgren, brian d foy and Sinan Unur.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright (c) 2010-2014 A. Sinan Unur\n\nCopyright (c) 2006-2007 David Landgren\n\nCopyright (c) 1999-2003 Joshua Chamas\n\nCopyright (c) 1998 Gisle Aas\n", "subsections": [] }, "LICENSE": { "content": "This program is free software; you can redistribute it and/or modify it under the terms of\nArtistic License 2.0 (see ).\n", "subsections": [] } }, "summary": "Crypt::SSLeay - OpenSSL support for LWP", "flags": [], "examples": [], "see_also": [] }