Is anyone here familiar enough with IO::Socket::SSL et. al. to give me
some hints as to how I can extract X.509 certificate information from a
tls session?
Most TLS-capable mail servers insert X.509 info into the headers - Name,
issuer name, etc. Qpsmtpd's tls support only inserts the encryption
method into the Received line.
I've tried various combinations of SSL.pm's dump_peer_certificate et.
al., but so far as I can tell, it's entirely broken, and acts as if
there's no X.509 certificate at all.
My qpsmtpd release is quite old, but the underlying SSL stuff should be
current, and this should be unrelated to qpsmtpd itself per-se. But
someone familiar with the tls plugin might be able to provide some pointers.
I'm not trying to do client certificate verification. This is for bot
detection.
I haven't yet been able to find example Perl code that looks at
certificates in any meaningfully related way.
