In fact, before choosing openssl, I have tried other methods like curl, various Chrome extensions. But finally I stick to openssl because of its flexibility and availability of low level output to facilitate my debugging.
In fact the script is as simple as follows:
| openssl s_client -connect localhost:8000 -cert client.pem -key key.pem -CApath . -CAfile ca.pem -showcerts -debug -msg -state -crlf -ign_eof <<EOF POST /app HTTP/1.1 hostname: localhost Content-Type: application/x-www-form-urlencoded Content-Length: XXX <?xml version='1.0'?><Envelope xmlns='http://schemas.xmlsoap.org/soap/envelope/' xmlns:op='http://schemas.xyz.com/svc' xmlns:ems='http://schemas.xyz.com/ems'><Header>Header_Text</Header><Body><op:AddPbs><ems:ChannelAcctId><ems:ChannelId>06</ems:ChannelId><ems:AcctId>1234567</ems:AcctId></ems:ChannelAcctId></op:AddPbs></Body></Envelope> EOF |
Let me explain each parameter one by one:
s_client: it is the SSL/TLS client program of openssl suite
connect: it designates the web service connection details (IP address and port)
cert: it specifies the self (client) certificate to present to the host
key: it specifies the private key file signing the client certificate
CApath: it designates the folder containing the certificate chain(s)
CAfile: it designates the "trusted" CA which signs the server certificate
showcerts: it shows the whole server certificate chain
debug: it is a treasure of openssl
msg: ditto
state: ditto
crlf: in Unix, the line delimiter is LF only. This switch will cause the content to be transmitted with CR+LF instead (but please note the Content-Length has to be modified accordingly)
ign_eof: I originally omitted this switch. But I find it is needed because otherwise the connection is closed too early by openssl before the server can send the response back.
