… | |
… | |
1753 | }); |
1753 | }); |
1754 | } |
1754 | } |
1755 | |
1755 | |
1756 | 1 |
1756 | 1 |
1757 | } |
1757 | } |
|
|
1758 | }; |
|
|
1759 | |
|
|
1760 | =item tls_detect => $cb->($handle, $detect, $major, $minor) |
|
|
1761 | |
|
|
1762 | Checks the input stream for a valid SSL or TLS handshake TLSPaintext |
|
|
1763 | record without consuming anything. Only SSL version 3 or higher |
|
|
1764 | is handled, up to the fictituous protocol 4.x (but both SSL3+ and |
|
|
1765 | SSL2-compatible framing is supported). |
|
|
1766 | |
|
|
1767 | If it detects that the input data is likely TLS, it calls the callback |
|
|
1768 | with a true value for C<$detect> and the (on-wire) TLS version as second |
|
|
1769 | and third argument (C<$major> is C<3>, and C<$minor> is 0..3 for SSL |
|
|
1770 | 3.0, TLS 1.0, 1.1 and 1.2, respectively). If it detects the input to |
|
|
1771 | be definitely not TLS, it calls the callback with a false value for |
|
|
1772 | C<$detect>. |
|
|
1773 | |
|
|
1774 | The callback could use this information to decide whether or not to start |
|
|
1775 | TLS negotiation. |
|
|
1776 | |
|
|
1777 | In all cases the data read so far is passed to the following read |
|
|
1778 | handlers. |
|
|
1779 | |
|
|
1780 | Usually you want to use the C<tls_autostart> read type instead. |
|
|
1781 | |
|
|
1782 | If you want to design a protocol that works in the presence of TLS |
|
|
1783 | dtection, make sure that any non-TLS data doesn't start with the octet 22 |
|
|
1784 | (ASCII SYN, 16 hex) or 128-255 (i.e. highest bit set). The checks this |
|
|
1785 | read type does are a bit more strict, but might losen in the future to |
|
|
1786 | accomodate protocol changes. |
|
|
1787 | |
|
|
1788 | This read type does not rely on L<AnyEvent::TLS> (and thus, not on |
|
|
1789 | L<Net::SSLeay>). |
|
|
1790 | |
|
|
1791 | =item tls_autostart => $tls[, $tls_ctx] |
|
|
1792 | |
|
|
1793 | Tries to detect a valid SSL or TLS handshake. If one is detected, it tries |
|
|
1794 | to start tls by calling C<starttls> with the given arguments. |
|
|
1795 | |
|
|
1796 | In practise, C<$tls> must be C<accept>, or a Net::SSLeay context that has |
|
|
1797 | been configured to accept, as servers do not normally send a handshake on |
|
|
1798 | their own and ths cannot be detected in this way. |
|
|
1799 | |
|
|
1800 | See C<tls_detect> above for more details. |
|
|
1801 | |
|
|
1802 | Example: give the client a chance to start TLS before accepting a text |
|
|
1803 | line. |
|
|
1804 | |
|
|
1805 | $hdl->push_read (tls_detect => "accept"); |
|
|
1806 | $hdl->push_read (line => sub { |
|
|
1807 | print "received ", ($_[0]{tls} ? "encrypted" : "cleartext"), " <$_[1]>\n"; |
|
|
1808 | }); |
|
|
1809 | |
|
|
1810 | =cut |
|
|
1811 | |
|
|
1812 | register_read_type tls_detect => sub { |
|
|
1813 | my ($self, $cb) = @_; |
|
|
1814 | |
|
|
1815 | sub { |
|
|
1816 | # this regex matches a full or partial tls record |
|
|
1817 | if ( |
|
|
1818 | # ssl3+: type(22=handshake) major(=3) minor(any) length_hi |
|
|
1819 | $self->{rbuf} =~ /^(?:\z| \x16 (\z| [\x03\x04] (?:\z| . (?:\z| [\x00-\x40] ))))/xs |
|
|
1820 | # ssl2 comapatible: len_hi len_lo type(1) major minor dummy(forlength) |
|
|
1821 | or $self->{rbuf} =~ /^(?:\z| [\x80-\xff] (?:\z| . (?:\z| \x01 (\z| [\x03\x04] (?:\z| . (?:\z| . ))))))/xs |
|
|
1822 | ) { |
|
|
1823 | return if 3 != length $1; # partial match, can't decide yet |
|
|
1824 | |
|
|
1825 | # full match, valid TLS record |
|
|
1826 | my ($major, $minor) = unpack "CC", $1; |
|
|
1827 | $cb->($self, "accept", $major + $minor * 0.1); |
|
|
1828 | } else { |
|
|
1829 | # mismatch == guaranteed not TLS |
|
|
1830 | $cb->($self, undef); |
|
|
1831 | } |
|
|
1832 | |
|
|
1833 | 1 |
|
|
1834 | } |
|
|
1835 | }; |
|
|
1836 | |
|
|
1837 | register_read_type tls_autostart => sub { |
|
|
1838 | my ($self, @tls) = @_; |
|
|
1839 | |
|
|
1840 | $RH{tls_detect}($self, sub { |
|
|
1841 | return unless $_[1]; |
|
|
1842 | $_[0]->starttls (@tls); |
|
|
1843 | }) |
1758 | }; |
1844 | }; |
1759 | |
1845 | |
1760 | =back |
1846 | =back |
1761 | |
1847 | |
1762 | =item custom read types - Package::anyevent_read_type $handle, $cb, @args |
1848 | =item custom read types - Package::anyevent_read_type $handle, $cb, @args |
… | |
… | |
2240 | handles requests until the server gets some QUIT command, causing it to |
2326 | handles requests until the server gets some QUIT command, causing it to |
2241 | close the connection first (highly desirable for a busy TCP server). A |
2327 | close the connection first (highly desirable for a busy TCP server). A |
2242 | client dropping the connection is an error, which means this variant can |
2328 | client dropping the connection is an error, which means this variant can |
2243 | detect an unexpected detection close. |
2329 | detect an unexpected detection close. |
2244 | |
2330 | |
2245 | To handle this case, always make sure you have a on-empty read queue, by |
2331 | To handle this case, always make sure you have a non-empty read queue, by |
2246 | pushing the "read request start" handler on it: |
2332 | pushing the "read request start" handler on it: |
2247 | |
2333 | |
2248 | # we assume a request starts with a single line |
2334 | # we assume a request starts with a single line |
2249 | my @start_request; @start_request = (line => sub { |
2335 | my @start_request; @start_request = (line => sub { |
2250 | my ($hdl, $line) = @_; |
2336 | my ($hdl, $line) = @_; |