… | |
… | |
227 | This will not work for partial TLS data that could not yet been |
227 | This will not work for partial TLS data that could not yet been |
228 | encoded. This data will be lost. |
228 | encoded. This data will be lost. |
229 | |
229 | |
230 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
230 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
231 | |
231 | |
232 | When this parameter is given, it enables TLS (SSL) mode, that means it |
232 | When this parameter is given, it enables TLS (SSL) mode, that means |
233 | will start making tls handshake and will transparently encrypt/decrypt |
233 | AnyEvent will start a TLS handshake and will transparently encrypt/decrypt |
234 | data. |
234 | data. |
235 | |
235 | |
236 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
236 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
237 | automatically when you try to create a TLS handle). |
237 | automatically when you try to create a TLS handle). |
238 | |
238 | |
239 | For the TLS server side, use C<accept>, and for the TLS client side of a |
239 | Unlike TCP, TLS has a server and client side: for the TLS server side, use |
240 | connection, use C<connect> mode. |
240 | C<accept>, and for the TLS client side of a connection, use C<connect> |
|
|
241 | mode. |
241 | |
242 | |
242 | You can also provide your own TLS connection object, but you have |
243 | You can also provide your own TLS connection object, but you have |
243 | to make sure that you call either C<Net::SSLeay::set_connect_state> |
244 | to make sure that you call either C<Net::SSLeay::set_connect_state> |
244 | or C<Net::SSLeay::set_accept_state> on it before you pass it to |
245 | or C<Net::SSLeay::set_accept_state> on it before you pass it to |
245 | AnyEvent::Handle. |
246 | AnyEvent::Handle. |
246 | |
247 | |
247 | See the C<starttls> method if you need to start TLS negotiation later. |
248 | See the C<starttls> method for when need to start TLS negotiation later. |
248 | |
249 | |
249 | =item tls_ctx => $ssl_ctx |
250 | =item tls_ctx => $ssl_ctx |
250 | |
251 | |
251 | Use the given Net::SSLeay::CTX object to create the new TLS connection |
252 | Use the given Net::SSLeay::CTX object to create the new TLS connection |
252 | (unless a connection object was specified directly). If this parameter is |
253 | (unless a connection object was specified directly). If this parameter is |
… | |
… | |
255 | =item json => JSON or JSON::XS object |
256 | =item json => JSON or JSON::XS object |
256 | |
257 | |
257 | This is the json coder object used by the C<json> read and write types. |
258 | This is the json coder object used by the C<json> read and write types. |
258 | |
259 | |
259 | If you don't supply it, then AnyEvent::Handle will create and use a |
260 | If you don't supply it, then AnyEvent::Handle will create and use a |
260 | suitable one, which will write and expect UTF-8 encoded JSON texts. |
261 | suitable one (on demand), which will write and expect UTF-8 encoded JSON |
|
|
262 | texts. |
261 | |
263 | |
262 | Note that you are responsible to depend on the JSON module if you want to |
264 | Note that you are responsible to depend on the JSON module if you want to |
263 | use this functionality, as AnyEvent does not have a dependency itself. |
265 | use this functionality, as AnyEvent does not have a dependency itself. |
264 | |
266 | |
265 | =item filter_r => $cb |
267 | =item filter_r => $cb |
266 | |
268 | |
267 | =item filter_w => $cb |
269 | =item filter_w => $cb |
268 | |
270 | |
269 | These exist, but are undocumented at this time. |
271 | These exist, but are undocumented at this time. (They are used internally |
|
|
272 | by the TLS code). |
270 | |
273 | |
271 | =back |
274 | =back |
272 | |
275 | |
273 | =cut |
276 | =cut |
274 | |
277 | |
… | |
… | |
1365 | # basically, this is deep magic (because SSL_read should have the same issues) |
1368 | # basically, this is deep magic (because SSL_read should have the same issues) |
1366 | # but the openssl maintainers basically said: "trust us, it just works". |
1369 | # but the openssl maintainers basically said: "trust us, it just works". |
1367 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
1370 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
1368 | # and mismaintained ssleay-module doesn't even offer them). |
1371 | # and mismaintained ssleay-module doesn't even offer them). |
1369 | # http://www.mail-archive.com/openssl-dev@openssl.org/msg22420.html |
1372 | # http://www.mail-archive.com/openssl-dev@openssl.org/msg22420.html |
|
|
1373 | # |
|
|
1374 | # in short: this is a mess. |
|
|
1375 | # |
|
|
1376 | # note that we do not try to kepe the length constant between writes as we are required to do. |
|
|
1377 | # we assume that most (but not all) of this insanity only applies to non-blocking cases, |
|
|
1378 | # and we drive openssl fully in blocking mode here. |
1370 | Net::SSLeay::CTX_set_mode ($self->{tls}, |
1379 | Net::SSLeay::CTX_set_mode ($self->{tls}, |
1371 | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) |
1380 | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) |
1372 | | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); |
1381 | | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); |
1373 | |
1382 | |
1374 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1383 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |