[ViewVC] Diff of: cvs/AnyEvent/lib/AnyEvent/Handle.pm

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.116 by root, Tue Feb 10 14:07:43 2009 UTC vs.
Revision 1.143 by root, Mon Jul 6 21:02:34 2009 UTC

 AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent
 =cut
-our $VERSION = 4.331;
+our $VERSION = 4.452;
 =head1 SYNOPSIS
    use AnyEvent;
    use AnyEvent::Handle;
 =head1 METHODS
 =over 4
-=item B<new (%args)>
+=item $handle = B<new> AnyEvent::TLS fh => $filehandle, key => value...
-The constructor supports these arguments (all as key => value pairs).
+The constructor supports these arguments (all as C<< key => value >> pairs).
 =over 4
 =item fh => $filehandle [MANDATORY]
 waiting for data.
 If an EOF condition has been detected but no C<on_eof> callback has been
 set, then a fatal error will be raised with C<$!> set to <0>.
-=item on_error => $cb->($handle, $fatal)
+=item on_error => $cb->($handle, $fatal, $message)
 This is the error callback, which is called when, well, some error
 occured, such as not being able to resolve the hostname, failure to
 connect or a read error.
 fatal errors the handle object will be shut down and will not be usable
 (but you are free to look at the current C<< ->rbuf >>). Examples of fatal
 errors are an EOF condition with active (but unsatisifable) read watchers
 (C<EPIPE>) or I/O errors.
+AnyEvent::Handle tries to find an appropriate error code for you to check
+against, but in some cases (TLS errors), this does not work well. It is
+recommended to always output the C<$message> argument in human-readable
+error messages (it's usually the same as C<"$!">).
 Non-fatal errors can be retried by simply returning, but it is recommended
 to simply ignore this parameter and instead abondon the handle object
 when this callback is invoked. Examples of non-fatal errors are timeouts
 C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>).
 On callback entrance, the value of C<$!> contains the operating system
-error (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT> or C<EBADMSG>).
+error code (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT>, C<EBADMSG> or
+C<EPROTO>).
 While not mandatory, it is I<highly> recommended to set this callback, as
 you will not be notified of errors otherwise. The default simply calls
 C<croak>.
 and no read request is in the queue (unlike read queue callbacks, this
 callback will only be called when at least one octet of data is in the
 read buffer).
 To access (and remove data from) the read buffer, use the C<< ->rbuf >>
-method or access the C<$handle->{rbuf}> member directly.
+method or access the C<< $handle->{rbuf} >> member directly. Note that you
+must not enlarge or modify the read buffer, you can only remove data at
+the beginning from it.
 When an EOF condition is detected then AnyEvent::Handle will first try to
 feed all the remaining data to the queued callbacks and C<on_read> before
 calling the C<on_eof> callback. If no progress can be made, then a fatal
 error will be raised (with C<$!> set to C<EPIPE>).
 This will not work for partial TLS data that could not be encoded
 yet. This data will be lost. Calling the C<stoptls> method in time might
 help.
+=item peername => $string
+A string used to identify the remote site - usually the DNS hostname
+(I<not> IDN!) used to create the connection, rarely the IP address.
+Apart from being useful in error messages, this string is also used in TLS
+peername verification (see C<verify_peername> in L<AnyEvent::TLS>).
 =item tls => "accept" | "connect" | Net::SSLeay::SSL object
 When this parameter is given, it enables TLS (SSL) mode, that means
 AnyEvent will start a TLS handshake as soon as the conenction has been
 established and will transparently encrypt/decrypt data afterwards.
+All TLS protocol errors will be signalled as C<EPROTO>, with an
+appropriate error message.
 TLS mode requires Net::SSLeay to be installed (it will be loaded
 automatically when you try to create a TLS handle): this module doesn't
 have a dependency on that module, so if your module requires it, you have
 to add the dependency yourself.
 mode.
 You can also provide your own TLS connection object, but you have
 to make sure that you call either C<Net::SSLeay::set_connect_state>
 or C<Net::SSLeay::set_accept_state> on it before you pass it to
-AnyEvent::Handle.
+AnyEvent::Handle. Also, this module will take ownership of this connection
+object.
+At some future point, AnyEvent::Handle might switch to another TLS
+implementation, then the option to use your own session object will go
+away.
 B<IMPORTANT:> since Net::SSLeay "objects" are really only integers,
 passing in the wrong integer will lead to certain crash. This most often
 happens when one uses a stylish C<< tls => 1 >> and is surprised about the
 segmentation fault.
 See the C<< ->starttls >> method for when need to start TLS negotiation later.
-=item tls_ctx => $ssl_ctx
+=item tls_ctx => $anyevent_tls
-Use the given C<Net::SSLeay::CTX> object to create the new TLS connection
+Use the given C<AnyEvent::TLS> object to create the new TLS connection
 (unless a connection object was specified directly). If this parameter is
 missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>.
+Instead of an object, you can also specify a hash reference with C<< key
+=> value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a
+new TLS context object.
+=item on_starttls => $cb->($handle, $success[, $error_message])
+This callback will be invoked when the TLS/SSL handshake has finished. If
+C<$success> is true, then the TLS handshake succeeded, otherwise it failed
+(C<on_stoptls> will not be called in this case).
+The session in C<< $handle->{tls} >> can still be examined in this
+callback, even when the handshake was not successful.
+TLS handshake failures will not cause C<on_error> to be invoked when this
+callback is in effect, instead, the error message will be passed to C<on_starttls>.
+Without this callback, handshake failures lead to C<on_error> being
+called, as normal.
+Note that you cannot call C<starttls> right again in this callback. If you
+need to do that, start an zero-second timer instead whose callback can
+then call C<< ->starttls >> again.
+=item on_stoptls => $cb->($handle)
+When a SSLv3/TLS shutdown/close notify/EOF is detected and this callback is
+set, then it will be invoked after freeing the TLS session. If it is not,
+then a TLS shutdown condition will be treated like a normal EOF condition
+on the handle.
+The session in C<< $handle->{tls} >> can still be examined in this
+callback.
+This callback will only be called on TLS shutdowns, not when the
+underlying handle signals EOF.
 =item json => JSON or JSON::XS object
 This is the json coder object used by the C<json> read and write types.
 =cut
 sub new {
    my $class = shift;
    my $self = bless { @_ }, $class;
    $self->{fh} or Carp::croak "mandatory argument fh is missing";
    AnyEvent::Util::fh_nonblocking $self->{fh}, 1;
+   $self->{_activity} = AnyEvent->now;
+   $self->_timeout;
+   $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
    $self->starttls (delete $self->{tls}, delete $self->{tls_ctx})
       if $self->{tls};
-   $self->{_activity} = AnyEvent->now;
-   $self->_timeout;
-   $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain};
+   $self->on_drain (delete $self->{on_drain}) if $self->{on_drain};
-   $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
    $self->start_read
       if $self->{on_read};
-   $self
+   $self->{fh} && $self
 }
 sub _shutdown {
    my ($self) = @_;
-   delete $self->{_tw};
+   delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)};
-   delete $self->{_rw};
+   $self->{_eof} = 1; # tell starttls et. al to stop trying
-   delete $self->{_ww};
-   delete $self->{fh};
    &_freetls;
-   delete $self->{on_read};
-   delete $self->{_queue};
 }
 sub _error {
-   my ($self, $errno, $fatal) = @_;
+   my ($self, $errno, $fatal, $message) = @_;
    $self->_shutdown
       if $fatal;
    $! = $errno;
+   $message ||= "$!";
    if ($self->{on_error}) {
-      $self->{on_error}($self, $fatal);
+      $self->{on_error}($self, $fatal, $message);
    } elsif ($self->{fh}) {
-      Carp::croak "AnyEvent::Handle uncaught error: $!";
+      Carp::croak "AnyEvent::Handle uncaught error: $message";
    }
 }
 =item $fh = $handle->fh
    eval {
       local $SIG{__DIE__};
       setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1];
    };
+}
+=item $handle->on_starttls ($cb)
+Replace the current C<on_starttls> callback (see the C<on_starttls> constructor argument).
+=cut
+sub on_starttls {
+   $_[0]{on_starttls} = $_[1];
+}
+=item $handle->on_stoptls ($cb)
+Replace the current C<on_stoptls> callback (see the C<on_stoptls> constructor argument).
+=cut
+sub on_starttls {
+   $_[0]{on_stoptls} = $_[1];
 }
 #############################################################################
 =item $handle->timeout ($seconds)
    pack "w/a*", Storable::nfreeze ($ref)
 };
 =back
+=item $handle->push_shutdown
+Sometimes you know you want to close the socket after writing your data
+before it was actually written. One way to do that is to replace your
+C<on_drain> handler by a callback that shuts down the socket (and set
+C<low_water_mark> to C<0>). This method is a shorthand for just that, and
+replaces the C<on_drain> callback with:
+   sub { shutdown $_[0]{fh}, 1 }    # for push_shutdown
+This simply shuts down the write side and signals an EOF condition to the
+the peer.
+You can rely on the normal read queue and C<on_eof> handling
+afterwards. This is the cleanest way to close a connection.
+=cut
+sub push_shutdown {
+   my ($self) = @_;
+   delete $self->{low_water_mark};
+   $self->on_drain (sub { shutdown $_[0]{fh}, 1 });
+}
 =item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args)
 This function (not method) lets you add your own types to C<push_write>.
 Whenever the given C<type> is used, C<push_write> will invoke the code
    ) {
       $self->_error (&Errno::ENOSPC, 1), return;
    }
    while () {
+      # we need to use a separate tls read buffer, as we must not receive data while
+      # we are draining the buffer, and this can only happen with TLS.
       $self->{rbuf} .= delete $self->{_tls_rbuf} if exists $self->{_tls_rbuf};
       my $len = length $self->{rbuf};
       if (my $cb = shift @{ $self->{_queue} }) {
    if ($self->{_eof}) {
       if ($self->{on_eof}) {
          $self->{on_eof}($self)
       } else {
-         $self->_error (0, 1);
+         $self->_error (0, 1, "Unexpected end-of-file");
       }
    }
    # may need to restart read watcher
    unless ($self->{_rw}) {
 =item $handle->rbuf
 Returns the read buffer (as a modifiable lvalue).
-You can access the read buffer directly as the C<< ->{rbuf} >> member, if
+You can access the read buffer directly as the C<< ->{rbuf} >>
-you want.
+member, if you want. However, the only operation allowed on the
+read buffer (apart from looking at it) is removing data from its
+beginning. Otherwise modifying or appending to it is not allowed and will
+lead to hard-to-track-down bugs.
 NOTE: The read buffer should only be used or modified if the C<on_read>,
 C<push_read> or C<unshift_read> methods are used. The other read methods
 automatically manage the read buffer.
 =cut
 register_read_type json => sub {
    my ($self, $cb) = @_;
-   require JSON;
+   my $json = $self->{json} ||=
+      eval { require JSON::XS; JSON::XS->new->utf8 }
+         || do { require JSON; JSON->new->utf8 };
    my $data;
    my $rbuf = \$self->{rbuf};
-   my $json = $self->{json} ||= JSON->new->utf8;
    sub {
       my $ref = eval { $json->incr_parse ($self->{rbuf}) };
       if ($ref) {
          }
       });
    }
 }
+our $ERROR_SYSCALL;
+our $ERROR_WANT_READ;
+sub _tls_error {
+   my ($self, $err) = @_;
+   return $self->_error ($!, 1)
+      if $err == Net::SSLeay::ERROR_SYSCALL ();
+   my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ());
+   # reduce error string to look less scary
+   $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /;
+   if ($self->{_on_starttls}) {
+      (delete $self->{_on_starttls})->($self, undef, $err);
+      &_freetls;
+   } else {
+      &_freetls;
+      $self->_error (&Errno::EPROTO, 1, $err);
+   }
+}
 # poll the write BIO and send the data if applicable
+# also decode read data if possible
+# this is basiclaly our TLS state machine
+# more efficient implementations are possible with openssl,
+# but not with the buggy and incomplete Net::SSLeay.
 sub _dotls {
    my ($self) = @_;
    my $tmp;
    if (length $self->{_tls_wbuf}) {
       while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) {
          substr $self->{_tls_wbuf}, 0, $tmp, "";
       }
+      $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp);
+      return $self->_tls_error ($tmp)
+         if $tmp != $ERROR_WANT_READ
+            && ($tmp != $ERROR_SYSCALL || $!);
    }
    while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) {
       unless (length $tmp) {
-         # let's treat SSL-eof as we treat normal EOF
+         $self->{_on_starttls}
-         delete $self->{_rw};
+            and (delete $self->{_on_starttls})->($self, undef, "EOF during handshake"); # ???
-         $self->{_eof} = 1;
          &_freetls;
+         if ($self->{on_stoptls}) {
+            $self->{on_stoptls}($self);
+            return;
+         } else {
+            # let's treat SSL-eof as we treat normal EOF
+            delete $self->{_rw};
+            $self->{_eof} = 1;
+         }
       }
       $self->{_tls_rbuf} .= $tmp;
       $self->_drain_rbuf unless $self->{_in_drain};
       $self->{tls} or return; # tls session might have gone away in callback
    }
    $tmp = Net::SSLeay::get_error ($self->{tls}, -1);
-   if ($tmp != Net::SSLeay::ERROR_WANT_READ ()) {
-      if ($tmp == Net::SSLeay::ERROR_SYSCALL ()) {
-         return $self->_error ($!, 1);
+   return $self->_tls_error ($tmp)
-      } elsif ($tmp == Net::SSLeay::ERROR_SSL ()) {
+      if $tmp != $ERROR_WANT_READ
-         return $self->_error (&Errno::EIO, 1);
+         && ($tmp != $ERROR_SYSCALL || $!);
-      }
-      # all other errors are fine for our purposes
-   }
    while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) {
       $self->{wbuf} .= $tmp;
       $self->_drain_wbuf;
    }
+   $self->{_on_starttls}
+      and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK ()
+      and (delete $self->{_on_starttls})->($self, 1, "TLS/SSL connection established");
 }
 =item $handle->starttls ($tls[, $tls_ctx])
 Instead of starting TLS negotiation immediately when the AnyEvent::Handle
 C<starttls>.
 The first argument is the same as the C<tls> constructor argument (either
 C<"connect">, C<"accept"> or an existing Net::SSLeay object).
-The second argument is the optional C<Net::SSLeay::CTX> object that is
+The second argument is the optional C<AnyEvent::TLS> object that is used
-used when AnyEvent::Handle has to create its own TLS connection object.
+when AnyEvent::Handle has to create its own TLS connection object, or
+a hash reference with C<< key => value >> pairs that will be used to
+construct a new context.
-The TLS connection object will end up in C<< $handle->{tls} >> after this
+The TLS connection object will end up in C<< $handle->{tls} >>, the TLS
-call and can be used or changed to your liking. Note that the handshake
+context in C<< $handle->{tls_ctx} >> after this call and can be used or
-might have already started when this function returns.
+changed to your liking. Note that the handshake might have already started
+when this function returns.
 If it an error to start a TLS handshake more than once per
 AnyEvent::Handle object (this is due to bugs in OpenSSL).
 =cut
+our %TLS_CACHE; #TODO not yet documented, should we?
 sub starttls {
    my ($self, $ssl, $ctx) = @_;
    require Net::SSLeay;
    Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object"
       if $self->{tls};
+   $ERROR_SYSCALL   = Net::SSLeay::ERROR_SYSCALL     ();
+   $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ   ();
+   $ctx ||= $self->{tls_ctx};
+   if ("HASH" eq ref $ctx) {
+      require AnyEvent::TLS;
+      local $Carp::CarpLevel = 1; # skip ourselves when creating a new context
+      if ($ctx->{cache}) {
+         my $key = $ctx+0;
+         $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx;
+      } else {
+         $ctx = new AnyEvent::TLS %$ctx;
+      }
+   }
-   if ($ssl eq "accept") {
+   $self->{tls_ctx} = $ctx || TLS_CTX ();
-      $ssl = Net::SSLeay::new ($ctx || TLS_CTX ());
+   $self->{tls}     = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername});
-      Net::SSLeay::set_accept_state ($ssl);
-   } elsif ($ssl eq "connect") {
-      $ssl = Net::SSLeay::new ($ctx || TLS_CTX ());
-      Net::SSLeay::set_connect_state ($ssl);
-   }
-   $self->{tls} = $ssl;
    # basically, this is deep magic (because SSL_read should have the same issues)
    # but the openssl maintainers basically said: "trust us, it just works".
    # (unfortunately, we have to hardcode constants because the abysmally misdesigned
    # and mismaintained ssleay-module doesn't even offer them).
    #
    # note that we do not try to keep the length constant between writes as we are required to do.
    # we assume that most (but not all) of this insanity only applies to non-blocking cases,
    # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to
    # have identity issues in that area.
-   Net::SSLeay::CTX_set_mode ($self->{tls},
+#   Net::SSLeay::CTX_set_mode ($ssl,
-      (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1)
+#      (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1)
-      | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2));
+#      | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2));
+   Net::SSLeay::CTX_set_mode ($ssl, 1|2);
    $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
    $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
    Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio});
+   $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) }
+      if $self->{on_starttls};
    &_dotls; # need to trigger the initial handshake
    $self->start_read; # make sure we actually do read
 }
    if ($self->{tls}) {
       Net::SSLeay::shutdown ($self->{tls});
       &_dotls;
-      # we don't give a shit. no, we do, but we can't. no...
+#      # we don't give a shit. no, we do, but we can't. no...#d#
-      # we, we... have to use openssl :/
+#      # we, we... have to use openssl :/#d#
-      &_freetls;
+#      &_freetls;#d#
    }
 }
 sub _freetls {
    my ($self) = @_;
    return unless $self->{tls};
-   Net::SSLeay::free (delete $self->{tls});
+   $self->{tls_ctx}->_put_session (delete $self->{tls});
-   delete @$self{qw(_rbio _wbio _tls_wbuf)};
+   delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)};
 }
 sub DESTROY {
-   my $self = shift;
+   my ($self) = @_;
    &_freetls;
    my $linger = exists $self->{linger} ? $self->{linger} : 3600;
 }
 =item $handle->destroy
 Shuts down the handle object as much as possible - this call ensures that
-no further callbacks will be invoked and resources will be freed as much
+no further callbacks will be invoked and as many resources as possible
-as possible. You must not call any methods on the object afterwards.
+will be freed. You must not call any methods on the object afterwards.
 Normally, you can just "forget" any references to an AnyEvent::Handle
 object and it will simply shut down. This works in fatal error and EOF
 callbacks, as well as code outside. It does I<NOT> work in a read or write
 callback, so when you want to destroy the AnyEvent::Handle object from
    %$self = ();
 }
 =item AnyEvent::Handle::TLS_CTX
-This function creates and returns the Net::SSLeay::CTX object used by
+This function creates and returns the AnyEvent::TLS object used by default
-default for TLS mode.
+for TLS mode.
-The context is created like this:
+The context is created by calling L<AnyEvent::TLS> without any arguments.
-   Net::SSLeay::load_error_strings;
-   Net::SSLeay::SSLeay_add_ssl_algorithms;
-   Net::SSLeay::randomize;
-   my $CTX = Net::SSLeay::CTX_new;
-   Net::SSLeay::CTX_set_options $CTX, Net::SSLeay::OP_ALL
 =cut
 our $TLS_CTX;
 sub TLS_CTX() {
-   $TLS_CTX || do {
+   $TLS_CTX ||= do {
-      require Net::SSLeay;
+      require AnyEvent::TLS;
-      Net::SSLeay::load_error_strings ();
+      new AnyEvent::TLS
-      Net::SSLeay::SSLeay_add_ssl_algorithms ();
-      Net::SSLeay::randomize ();
-      $TLS_CTX = Net::SSLeay::CTX_new ();
-      Net::SSLeay::CTX_set_options ($TLS_CTX, Net::SSLeay::OP_ALL ());
-      $TLS_CTX
    }
 }
 =back
    $handle->on_drain (sub {
       warn "all data submitted to the kernel\n";
       undef $handle;
    });
+If you just want to queue some data and then signal EOF to the other side,
+consider using C<< ->push_shutdown >> instead.
+=item I want to contact a TLS/SSL server, I don't care about security.
+If your TLS server is a pure TLS server (e.g. HTTPS) that only speaks TLS,
+simply connect to it and then create the AnyEvent::Handle with the C<tls>
+parameter:
+    my $handle = new AnyEvent::Handle
+       fh  => $fh,
+       tls => "connect",
+       on_error => sub { ... };
+    $handle->push_write (...);
+=item I want to contact a TLS/SSL server, I do care about security.
+Then you #x##TODO#
 =back
 =head1 SUBCLASSING AnyEvent::Handle

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents): Revision 1.116 by root, Tue Feb 10 14:07:43 2009 UTC vs. Revision 1.143 by root, Mon Jul 6 21:02:34 2009 UTC

Diff Legend

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.116 by root, Tue Feb 10 14:07:43 2009 UTC vs.
Revision 1.143 by root, Mon Jul 6 21:02:34 2009 UTC