How to make WWW::Mechanize accept specific SSL certificate for https server?
[SSL certificate should be validated by MD5/SHA1/... checksum ]
Background:
So far I need a hack to accept expired (a few days so far) SSL certificate [replace standard set of checks]. I would like also to be able to add SSL checksum check as additional check in future.
WWW::Mechanize is a subclass of LWP::UserAgent which itself uses IO::Socket::SSL to make the SSL connections. IO::Socket::SSL offers an option SSL_fingerprint which can be used to specify the expected fingerprint of the certificate. Please see the documentation for more details but a short example:
use strict;
use warnings;
use WWW::Mechanize;
my %sslargs = (
SSL_fingerprint => 'sha256$a0b0d7c3d86a03051af6a43726a0dd855825323cae59fdff2d9b9a8db83934b8',
);
my $ua = WWW::Mechanize->new( ssl_opts => \%sslargs);
my $resp = $ua->get("https://www.example.com");
Note that you need at least IO::Socket::SSL version 1.980 (released 04/2014) for proper support of SSL_fingerprint and that you should also use fairly recent versions of LWP.
When using SSL_fingerprint all other checks are ignored as long as the fingerprint matches, that is you can use self-signed certificates, expired certificates or certificates with the wrong subject.