--- AnyEvent/lib/AnyEvent/Handle.pm 2009/07/05 23:39:48 1.139 +++ AnyEvent/lib/AnyEvent/Handle.pm 2009/07/27 22:49:23 1.165 @@ -1,22 +1,19 @@ package AnyEvent::Handle; -no warnings; -use strict qw(subs vars); - -use AnyEvent (); -use AnyEvent::Util qw(WSAEWOULDBLOCK); use Scalar::Util (); use Carp (); -use Fcntl (); use Errno qw(EAGAIN EINTR); +use AnyEvent (); BEGIN { AnyEvent::common_sense } +use AnyEvent::Util qw(WSAEWOULDBLOCK); + =head1 NAME AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent =cut -our $VERSION = 4.452; +our $VERSION = 4.87; =head1 SYNOPSIS @@ -25,21 +22,22 @@ my $cv = AnyEvent->condvar; - my $handle = - AnyEvent::Handle->new ( - fh => \*STDIN, - on_eof => sub { - $cv->send; - }, + my $hdl; $hdl = new AnyEvent::Handle + fh => \*STDIN, + on_error => sub { + my ($hdl, $fatal, $msg) = @_; + warn "got error $msg\n"; + $hdl->destroy; + $cv->send; ); # send some request line - $handle->push_write ("getinfo\015\012"); + $hdl->push_write ("getinfo\015\012"); # read the response line - $handle->push_read (line => sub { - my ($handle, $line) = @_; - warn "read line <$line>\n"; + $hdl->push_read (line => sub { + my ($hdl, $line) = @_; + warn "got line <$line>\n"; $cv->send; }); @@ -48,8 +46,7 @@ =head1 DESCRIPTION This module is a helper module to make it easier to do event-based I/O on -filehandles. For utility functions for doing non-blocking connects and accepts -on sockets see L. +filehandles. The L tutorial contains some well-documented AnyEvent::Handle examples. @@ -58,6 +55,9 @@ means characters. As sysread and syswrite are used for all I/O, their treatment of characters applies to this module as well. +At the very minimum, you should specify C or C, and the +C callback. + All callbacks will be invoked with the handle object as their first argument. @@ -71,31 +71,67 @@ =over 4 -=item fh => $filehandle [MANDATORY] +=item fh => $filehandle [C or C MANDATORY] The filehandle this L object will operate on. - NOTE: The filehandle will be set to non-blocking mode (using C) by the constructor and needs to stay in that mode. -=item on_eof => $cb->($handle) +=item connect => [$host, $service] [C or C MANDATORY] -Set the callback to be called when an end-of-file condition is detected, -i.e. in the case of a socket, when the other side has closed the -connection cleanly. +Try to connect to the specified host and service (port), using +C. The C<$host> additionally becomes the +default C. -For sockets, this just means that the other side has stopped sending data, -you can still try to write data, and, in fact, one can return from the EOF -callback and continue writing data, as only the read part has been shut -down. +You have to specify either this parameter, or C, above. -While not mandatory, it is I recommended to set an EOF callback, -otherwise you might end up with a closed socket while you are still -waiting for data. +It is possible to push requests on the read and write queues, and modify +properties of the stream, even while AnyEvent::Handle is connecting. -If an EOF condition has been detected but no C callback has been -set, then a fatal error will be raised with C<$!> set to <0>. +When this parameter is specified, then the C, +C and C callbacks will be called under the +appropriate circumstances: + +=over 4 + +=item on_prepare => $cb->($handle) + +This (rarely used) callback is called before a new connection is +attempted, but after the file handle has been created. It could be used to +prepare the file handle with parameters required for the actual connect +(as opposed to settings that can be changed when the connection is already +established). + +The return value of this callback should be the connect timeout value in +seconds (or C<0>, or C, or the empty list, to indicate the default +timeout is to be used). + +=item on_connect => $cb->($handle, $host, $port, $retry->()) + +This callback is called when a connection has been successfully established. + +The actual numeric host and port (the socket peername) are passed as +parameters, together with a retry callback. + +When, for some reason, the handle is not acceptable, then calling +C<$retry> will continue with the next conenction target (in case of +multi-homed hosts or SRV records there can be multiple connection +endpoints). When it is called then the read and write queues, eof status, +tls status and similar properties of the handle are being reset. + +In most cases, ignoring the C<$retry> parameter is the way to go. + +=item on_connect_error => $cb->($handle, $message) + +This callback is called when the conenction could not be +established. C<$!> will contain the relevant error code, and C<$message> a +message describing it (usually the same as C<"$!">). + +If this callback isn't specified, then C will be called with a +fatal error instead. + +=back =item on_error => $cb->($handle, $fatal, $message) @@ -104,10 +140,12 @@ connect or a read error. Some errors are fatal (which is indicated by C<$fatal> being true). On -fatal errors the handle object will be shut down and will not be usable -(but you are free to look at the current C<< ->rbuf >>). Examples of fatal -errors are an EOF condition with active (but unsatisifable) read watchers -(C) or I/O errors. +fatal errors the handle object will be destroyed (by a call to C<< -> +destroy >>) after invoking the error callback (which means you are free to +examine the handle object). Examples of fatal errors are an EOF condition +with active (but unsatisifable) read watchers (C) or I/O errors. In +cases where the other side can close the connection at their will it is +often easiest to not report C errors in this callback. AnyEvent::Handle tries to find an appropriate error code for you to check against, but in some cases (TLS errors), this does not work well. It is @@ -144,6 +182,27 @@ calling the C callback. If no progress can be made, then a fatal error will be raised (with C<$!> set to C). +Note that, unlike requests in the read queue, an C callback +doesn't mean you I some data: if there is an EOF and there +are outstanding read requests then an error will be flagged. With an +C callback, the C callback will be invoked. + +=item on_eof => $cb->($handle) + +Set the callback to be called when an end-of-file condition is detected, +i.e. in the case of a socket, when the other side has closed the +connection cleanly, and there are no outstanding read requests in the +queue (if there are read requests, then an EOF counts as an unexpected +connection close and will be flagged as an error). + +For sockets, this just means that the other side has stopped sending data, +you can still try to write data, and, in fact, one can return from the EOF +callback and continue writing data, as only the read part has been shut +down. + +If an EOF condition has been detected but no C callback has been +set, then a fatal error will be raised with C<$!> set to <0>. + =item on_drain => $cb->($handle) This sets the callback that is called when the write buffer becomes empty @@ -251,7 +310,9 @@ (I IDN!) used to create the connection, rarely the IP address. Apart from being useful in error messages, this string is also used in TLS -peername verification (see C in L). +peername verification (see C in L). This +verification will be skipped when C is not specified or +C. =item tls => "accept" | "connect" | Net::SSLeay::SSL object @@ -298,6 +359,38 @@ => value >> pairs. Those will be passed to L to create a new TLS context object. +=item on_starttls => $cb->($handle, $success[, $error_message]) + +This callback will be invoked when the TLS/SSL handshake has finished. If +C<$success> is true, then the TLS handshake succeeded, otherwise it failed +(C will not be called in this case). + +The session in C<< $handle->{tls} >> can still be examined in this +callback, even when the handshake was not successful. + +TLS handshake failures will not cause C to be invoked when this +callback is in effect, instead, the error message will be passed to C. + +Without this callback, handshake failures lead to C being +called, as normal. + +Note that you cannot call C right again in this callback. If you +need to do that, start an zero-second timer instead whose callback can +then call C<< ->starttls >> again. + +=item on_stoptls => $cb->($handle) + +When a SSLv3/TLS shutdown/close notify/EOF is detected and this callback is +set, then it will be invoked after freeing the TLS session. If it is not, +then a TLS shutdown condition will be treated like a normal EOF condition +on the handle. + +The session in C<< $handle->{tls} >> can still be examined in this +callback. + +This callback will only be called on TLS shutdowns, not when the +underlying handle signals EOF. + =item json => JSON or JSON::XS object This is the json coder object used by the C read and write types. @@ -317,7 +410,69 @@ my $class = shift; my $self = bless { @_ }, $class; - $self->{fh} or Carp::croak "mandatory argument fh is missing"; + if ($self->{fh}) { + $self->_start; + return unless $self->{fh}; # could be gone by now + + } elsif ($self->{connect}) { + require AnyEvent::Socket; + + $self->{peername} = $self->{connect}[0] + unless exists $self->{peername}; + + $self->{_skip_drain_rbuf} = 1; + + { + Scalar::Util::weaken (my $self = $self); + + $self->{_connect} = + AnyEvent::Socket::tcp_connect ( + $self->{connect}[0], + $self->{connect}[1], + sub { + my ($fh, $host, $port, $retry) = @_; + + if ($fh) { + $self->{fh} = $fh; + + delete $self->{_skip_drain_rbuf}; + $self->_start; + + $self->{on_connect} + and $self->{on_connect}($self, $host, $port, sub { + delete @$self{qw(fh _tw _ww _rw _eof _queue rbuf _wbuf tls _tls_rbuf _tls_wbuf)}; + $self->{_skip_drain_rbuf} = 1; + &$retry; + }); + + } else { + if ($self->{on_connect_error}) { + $self->{on_connect_error}($self, "$!"); + $self->destroy; + } else { + $self->_error ($!, 1); + } + } + }, + sub { + local $self->{fh} = $_[0]; + + $self->{on_prepare} + ? $self->{on_prepare}->($self) + : () + } + ); + } + + } else { + Carp::croak "AnyEvent::Handle: either an existing fh or the connect parameter must be specified"; + } + + $self +} + +sub _start { + my ($self) = @_; AnyEvent::Util::fh_nonblocking $self->{fh}, 1; @@ -329,35 +484,34 @@ $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) if $self->{tls}; - $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; + $self->on_drain (delete $self->{on_drain}) if $self->{on_drain}; $self->start_read - if $self->{on_read}; + if $self->{on_read} || @{ $self->{_queue} }; - $self->{fh} && $self + $self->_drain_wbuf; } -sub _shutdown { - my ($self) = @_; - - delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)}; - $self->{_eof} = 1; # tell starttls et. al to stop trying - - &_freetls; -} +#sub _shutdown { +# my ($self) = @_; +# +# delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)}; +# $self->{_eof} = 1; # tell starttls et. al to stop trying +# +# &_freetls; +#} sub _error { my ($self, $errno, $fatal, $message) = @_; - $self->_shutdown - if $fatal; - $! = $errno; $message ||= "$!"; if ($self->{on_error}) { $self->{on_error}($self, $fatal, $message); + $self->destroy if $fatal; } elsif ($self->{fh}) { + $self->destroy; Carp::croak "AnyEvent::Handle uncaught error: $message"; } } @@ -425,10 +579,31 @@ eval { local $SIG{__DIE__}; - setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1]; + setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1] + if $_[0]{fh}; }; } +=item $handle->on_starttls ($cb) + +Replace the current C callback (see the C constructor argument). + +=cut + +sub on_starttls { + $_[0]{on_starttls} = $_[1]; +} + +=item $handle->on_stoptls ($cb) + +Replace the current C callback (see the C constructor argument). + +=cut + +sub on_starttls { + $_[0]{on_stoptls} = $_[1]; +} + ############################################################################# =item $handle->timeout ($seconds) @@ -449,7 +624,7 @@ sub _timeout { my ($self) = @_; - if ($self->{timeout}) { + if ($self->{timeout} && $self->{fh}) { my $NOW = AnyEvent->now; # when would the timeout trigger? @@ -462,7 +637,7 @@ if ($self->{on_timeout}) { $self->{on_timeout}($self); } else { - $self->_error (&Errno::ETIMEDOUT); + $self->_error (Errno::ETIMEDOUT); } # callback could have changed timeout value, optimise @@ -535,7 +710,7 @@ my $cb = sub { my $len = syswrite $self->{fh}, $self->{wbuf}; - if ($len >= 0) { + if (defined $len) { substr $self->{wbuf}, 0, $len, ""; $self->{_activity} = AnyEvent->now; @@ -577,11 +752,10 @@ if ($self->{tls}) { $self->{_tls_wbuf} .= $_[0]; - - &_dotls ($self); + &_dotls ($self) if $self->{fh}; } else { - $self->{wbuf} .= $_[0]; - $self->_drain_wbuf; + $self->{wbuf} .= $_[0]; + $self->_drain_wbuf if $self->{fh}; } } @@ -685,8 +859,9 @@ Sometimes you know you want to close the socket after writing your data before it was actually written. One way to do that is to replace your -C handler by a callback that shuts down the socket. This method -is a shorthand for just that, and replaces the C callback with: +C handler by a callback that shuts down the socket (and set +C to C<0>). This method is a shorthand for just that, and +replaces the C callback with: sub { shutdown $_[0]{fh}, 1 } # for push_shutdown @@ -699,7 +874,10 @@ =cut sub push_shutdown { - $_[0]->{on_drain} = sub { shutdown $_[0]{fh}, 1 }; + my ($self) = @_; + + delete $self->{low_water_mark}; + $self->on_drain (sub { shutdown $_[0]{fh}, 1 }); } =item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args) @@ -804,28 +982,31 @@ sub _drain_rbuf { my ($self) = @_; - local $self->{_in_drain} = 1; + # avoid recursion + return if exists $self->{_skip_drain_rbuf}; + local $self->{_skip_drain_rbuf} = 1; if ( defined $self->{rbuf_max} && $self->{rbuf_max} < length $self->{rbuf} ) { - $self->_error (&Errno::ENOSPC, 1), return; + $self->_error (Errno::ENOSPC, 1), return; } while () { # we need to use a separate tls read buffer, as we must not receive data while # we are draining the buffer, and this can only happen with TLS. - $self->{rbuf} .= delete $self->{_tls_rbuf} if exists $self->{_tls_rbuf}; + $self->{rbuf} .= delete $self->{_tls_rbuf} + if exists $self->{_tls_rbuf}; my $len = length $self->{rbuf}; if (my $cb = shift @{ $self->{_queue} }) { unless ($cb->($self)) { - if ($self->{_eof}) { - # no progress can be made (not enough data and no data forthcoming) - $self->_error (&Errno::EPIPE, 1), return; - } + # no progress can be made + # (not enough data and no data forthcoming) + $self->_error (Errno::EPIPE, 1), return + if $self->{_eof}; unshift @{ $self->{_queue} }, $cb; last; @@ -842,7 +1023,7 @@ ) { # no further data will arrive # so no progress can be made - $self->_error (&Errno::EPIPE, 1), return + $self->_error (Errno::EPIPE, 1), return if $self->{_eof}; last; # more data might arrive @@ -855,11 +1036,11 @@ } if ($self->{_eof}) { - if ($self->{on_eof}) { - $self->{on_eof}($self) - } else { - $self->_error (0, 1); - } + $self->{on_eof} + ? $self->{on_eof}($self) + : $self->_error (0, 1, "Unexpected end-of-file"); + + return; } # may need to restart read watcher @@ -881,7 +1062,7 @@ my ($self, $cb) = @_; $self->{on_read} = $cb; - $self->_drain_rbuf if $cb && !$self->{_in_drain}; + $self->_drain_rbuf if $cb; } =item $handle->rbuf @@ -943,7 +1124,7 @@ } push @{ $self->{_queue} }, $cb; - $self->_drain_rbuf unless $self->{_in_drain}; + $self->_drain_rbuf; } sub unshift_read { @@ -959,7 +1140,7 @@ unshift @{ $self->{_queue} }, $cb; - $self->_drain_rbuf unless $self->{_in_drain}; + $self->_drain_rbuf; } =item $handle->push_read (type => @args, $cb) @@ -1102,7 +1283,7 @@ # reject if ($reject && $$rbuf =~ $reject) { - $self->_error (&Errno::EBADMSG); + $self->_error (Errno::EBADMSG); } # skip @@ -1128,7 +1309,7 @@ sub { unless ($_[0]{rbuf} =~ s/^(0|[1-9][0-9]*)://) { if ($_[0]{rbuf} =~ /[^0-9]/) { - $self->_error (&Errno::EBADMSG); + $self->_error (Errno::EBADMSG); } return; } @@ -1141,7 +1322,7 @@ if ($_[1] eq ",") { $cb->($_[0], $string); } else { - $self->_error (&Errno::EBADMSG); + $self->_error (Errno::EBADMSG); } }); }); @@ -1241,7 +1422,7 @@ $self->{rbuf} = $json->incr_text; $json->incr_text = ""; - $self->_error (&Errno::EBADMSG); + $self->_error (Errno::EBADMSG); () } else { @@ -1288,7 +1469,7 @@ if (my $ref = eval { Storable::thaw ($_[1]) }) { $cb->($_[0], $ref); } else { - $self->_error (&Errno::EBADMSG); + $self->_error (Errno::EBADMSG); } }); } @@ -1362,13 +1543,13 @@ &_dotls ($self); } else { - $self->_drain_rbuf unless $self->{_in_drain}; + $self->_drain_rbuf; } } elsif (defined $len) { delete $self->{_rw}; $self->{_eof} = 1; - $self->_drain_rbuf unless $self->{_in_drain}; + $self->_drain_rbuf; } elsif ($! != EAGAIN && $! != EINTR && $! != WSAEWOULDBLOCK) { return $self->_error ($!, 1); @@ -1379,7 +1560,6 @@ our $ERROR_SYSCALL; our $ERROR_WANT_READ; -our $ERROR_ZERO_RETURN; sub _tls_error { my ($self, $err) = @_; @@ -1392,7 +1572,13 @@ # reduce error string to look less scary $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /; - $self->_error (&Errno::EPROTO, 1, $err); + if ($self->{_on_starttls}) { + (delete $self->{_on_starttls})->($self, undef, $err); + &_freetls; + } else { + &_freetls; + $self->_error (Errno::EPROTO, 1, $err); + } } # poll the write BIO and send the data if applicable @@ -1413,33 +1599,43 @@ $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp); return $self->_tls_error ($tmp) if $tmp != $ERROR_WANT_READ - && ($tmp != $ERROR_SYSCALL || $!) - && $tmp != $ERROR_ZERO_RETURN; + && ($tmp != $ERROR_SYSCALL || $!); } while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { unless (length $tmp) { - # let's treat SSL-eof as we treat normal EOF - delete $self->{_rw}; - $self->{_eof} = 1; + $self->{_on_starttls} + and (delete $self->{_on_starttls})->($self, undef, "EOF during handshake"); # ??? &_freetls; + + if ($self->{on_stoptls}) { + $self->{on_stoptls}($self); + return; + } else { + # let's treat SSL-eof as we treat normal EOF + delete $self->{_rw}; + $self->{_eof} = 1; + } } $self->{_tls_rbuf} .= $tmp; - $self->_drain_rbuf unless $self->{_in_drain}; + $self->_drain_rbuf; $self->{tls} or return; # tls session might have gone away in callback } $tmp = Net::SSLeay::get_error ($self->{tls}, -1); return $self->_tls_error ($tmp) if $tmp != $ERROR_WANT_READ - && ($tmp != $ERROR_SYSCALL || $!) - && $tmp != $ERROR_ZERO_RETURN; + && ($tmp != $ERROR_SYSCALL || $!); while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) { $self->{wbuf} .= $tmp; $self->_drain_wbuf; } + + $self->{_on_starttls} + and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK () + and (delete $self->{_on_starttls})->($self, 1, "TLS/SSL connection established"); } =item $handle->starttls ($tls[, $tls_ctx]) @@ -1448,6 +1644,10 @@ object is created, you can also do that at a later time by calling C. +Starting TLS is currently an asynchronous operation - when you push some +write data and then call C<< ->starttls >> then TLS negotiation will start +immediately, after which the queued write data is then sent. + The first argument is the same as the C constructor argument (either C<"connect">, C<"accept"> or an existing Net::SSLeay object). @@ -1461,32 +1661,38 @@ changed to your liking. Note that the handshake might have already started when this function returns. -If it an error to start a TLS handshake more than once per -AnyEvent::Handle object (this is due to bugs in OpenSSL). +Due to bugs in OpenSSL, it might or might not be possible to do multiple +handshakes on the same stream. Best do not attempt to use the stream after +stopping TLS. =cut our %TLS_CACHE; #TODO not yet documented, should we? sub starttls { - my ($self, $ssl, $ctx) = @_; + my ($self, $tls, $ctx) = @_; + + Carp::croak "It is an error to call starttls on an AnyEvent::Handle object while TLS is already active, caught" + if $self->{tls}; + + $self->{tls} = $tls; + $self->{tls_ctx} = $ctx if @_ > 2; + + return unless $self->{fh}; require Net::SSLeay; - Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" - if $self->{tls}; + $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); + $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); - $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); - $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); - $ERROR_ZERO_RETURN = Net::SSLeay::ERROR_ZERO_RETURN (); + $tls = $self->{tls}; + $ctx = $self->{tls_ctx}; - $ctx ||= $self->{tls_ctx}; + local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session if ("HASH" eq ref $ctx) { require AnyEvent::TLS; - local $Carp::CarpLevel = 1; # skip ourselves when creating a new context - if ($ctx->{cache}) { my $key = $ctx+0; $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx; @@ -1496,7 +1702,7 @@ } $self->{tls_ctx} = $ctx || TLS_CTX (); - $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername}); + $self->{tls} = $tls = $self->{tls_ctx}->_get_session ($tls, $self, $self->{peername}); # basically, this is deep magic (because SSL_read should have the same issues) # but the openssl maintainers basically said: "trust us, it just works". @@ -1513,12 +1719,15 @@ # Net::SSLeay::CTX_set_mode ($ssl, # (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) # | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); - Net::SSLeay::CTX_set_mode ($ssl, 1|2); + Net::SSLeay::CTX_set_mode ($tls, 1|2); $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); - Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); + Net::SSLeay::set_bio ($tls, $self->{_rbio}, $self->{_wbio}); + + $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) } + if $self->{on_starttls}; &_dotls; # need to trigger the initial handshake $self->start_read; # make sure we actually do read @@ -1528,8 +1737,8 @@ Shuts down the SSL connection - this makes a proper EOF handshake by sending a close notify to the other side, but since OpenSSL doesn't -support non-blocking shut downs, it is not possible to re-use the stream -afterwards. +support non-blocking shut downs, it is not guarenteed that you can re-use +the stream afterwards. =cut @@ -1541,9 +1750,9 @@ &_dotls; - # we don't give a shit. no, we do, but we can't. no... - # we, we... have to use openssl :/ - &_freetls; +# # we don't give a shit. no, we do, but we can't. no...#d# +# # we, we... have to use openssl :/#d# +# &_freetls;#d# } } @@ -1552,9 +1761,10 @@ return unless $self->{tls}; - $self->{tls_ctx}->_put_session (delete $self->{tls}); + $self->{tls_ctx}->_put_session (delete $self->{tls}) + if ref $self->{tls}; - delete @$self{qw(_rbio _wbio _tls_wbuf)}; + delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)}; } sub DESTROY { @@ -1564,7 +1774,7 @@ my $linger = exists $self->{linger} ? $self->{linger} : 3600; - if ($linger && length $self->{wbuf}) { + if ($linger && length $self->{wbuf} && $self->{fh}) { my $fh = delete $self->{fh}; my $wbuf = delete $self->{wbuf}; @@ -1588,8 +1798,10 @@ =item $handle->destroy Shuts down the handle object as much as possible - this call ensures that -no further callbacks will be invoked and resources will be freed as much -as possible. You must not call any methods on the object afterwards. +no further callbacks will be invoked and as many resources as possible +will be freed. Any method you will call on the handle object after +destroying it in this way will be silently ignored (and it will return the +empty list). Normally, you can just "forget" any references to an AnyEvent::Handle object and it will simply shut down. This works in fatal error and EOF @@ -1598,6 +1810,11 @@ within such an callback. You I call C<< ->destroy >> explicitly in that case. +Destroying the handle object in this way has the advantage that callbacks +will be removed as well, so if those are the only reference holders (as +is common), then one doesn't need to do anything special to break any +reference cycles. + The handle might still linger in the background and write out remaining data, as specified by the C option, however. @@ -1608,6 +1825,11 @@ $self->DESTROY; %$self = (); + bless $self, "AnyEvent::Handle::destroyed"; +} + +sub AnyEvent::Handle::destroyed::AUTOLOAD { + #nop } =item AnyEvent::Handle::TLS_CTX @@ -1674,7 +1896,6 @@ $handle->on_eof (undef); $handle->on_error (sub { my $data = delete $_[0]{rbuf}; - undef $handle; }); The reason to use C is that TCP connections, due to latencies @@ -1700,6 +1921,94 @@ undef $handle; }); +If you just want to queue some data and then signal EOF to the other side, +consider using C<< ->push_shutdown >> instead. + +=item I want to contact a TLS/SSL server, I don't care about security. + +If your TLS server is a pure TLS server (e.g. HTTPS) that only speaks TLS, +simply connect to it and then create the AnyEvent::Handle with the C +parameter: + + tcp_connect $host, $port, sub { + my ($fh) = @_; + + my $handle = new AnyEvent::Handle + fh => $fh, + tls => "connect", + on_error => sub { ... }; + + $handle->push_write (...); + }; + +=item I want to contact a TLS/SSL server, I do care about security. + +Then you should additionally enable certificate verification, including +peername verification, if the protocol you use supports it (see +L, C). + +E.g. for HTTPS: + + tcp_connect $host, $port, sub { + my ($fh) = @_; + + my $handle = new AnyEvent::Handle + fh => $fh, + peername => $host, + tls => "connect", + tls_ctx => { verify => 1, verify_peername => "https" }, + ... + +Note that you must specify the hostname you connected to (or whatever +"peername" the protocol needs) as the C argument, otherwise no +peername verification will be done. + +The above will use the system-dependent default set of trusted CA +certificates. If you want to check against a specific CA, add the +C (or C) arguments to C: + + tls_ctx => { + verify => 1, + verify_peername => "https", + ca_file => "my-ca-cert.pem", + }, + +=item I want to create a TLS/SSL server, how do I do that? + +Well, you first need to get a server certificate and key. You have +three options: a) ask a CA (buy one, use cacert.org etc.) b) create a +self-signed certificate (cheap. check the search engine of your choice, +there are many tutorials on the net) or c) make your own CA (tinyca2 is a +nice program for that purpose). + +Then create a file with your private key (in PEM format, see +L), followed by the certificate (also in PEM format). The +file should then look like this: + + -----BEGIN RSA PRIVATE KEY----- + ...header data + ... lots of base64'y-stuff + -----END RSA PRIVATE KEY----- + + -----BEGIN CERTIFICATE----- + ... lots of base64'y-stuff + -----END CERTIFICATE----- + +The important bits are the "PRIVATE KEY" and "CERTIFICATE" parts. Then +specify this file as C: + + tcp_server undef, $port, sub { + my ($fh) = @_; + + my $handle = new AnyEvent::Handle + fh => $fh, + tls => "accept", + tls_ctx => { cert_file => "my-server-keycert.pem" }, + ... + +When you have intermediate CA certificates that your clients might not +know about, just append them to the C. + =back