SSL | CH Pacific

Website is currently unavailable. SSL permanently expired.

SSL Certificate being verified for your safety. Please check back in a while.

# default will try OCSP stapling and check only leaf certificate
my $client = IO::Socket::SSL->new($dst);
 
# better yet: require checking of full chain
my $client = IO::Socket::SSL->new(
    PeerAddr => $dst,
    SSL_ocsp_mode => SSL_OCSP_FULL_CHAIN,
);
 
# even better: make OCSP errors fatal
# (this will probably fail with lots of sites because of bad OCSP setups)
# also use common OCSP response cache
my $ocsp_cache = IO::Socket::SSL::OCSP_Cache->new;
my $client = IO::Socket::SSL->new(
    PeerAddr => $dst,
    SSL_ocsp_mode => SSL_OCSP_FULL_CHAIN|SSL_OCSP_FAIL_HARD,
    SSL_ocsp_cache => $ocsp_cache,
);
 
# disable OCSP stapling in case server has problems with it
my $client = IO::Socket::SSL->new(
    PeerAddr => $dst,
    SSL_ocsp_mode => SSL_OCSP_NO_STAPLE,
);
 
# check any certificates which are not yet checked by OCSP stapling or
# where we have already cached results. For your own resolving combine
# $ocsp->requests with $ocsp->add_response(uri,response).
my $ocsp = $client->ocsp_resolver();
my $errors = $ocsp->resolve_blocking();
if ($errors) {
    warn "OCSP verification failed: $errors";
    close($client);
}