| … | |
… | |
| 83 | Try to connect to the specified host and service (port), using |
83 | Try to connect to the specified host and service (port), using |
| 84 | C<AnyEvent::Socket::tcp_connect>. The C<$host> additionally becomes the |
84 | C<AnyEvent::Socket::tcp_connect>. The C<$host> additionally becomes the |
| 85 | default C<peername>. |
85 | default C<peername>. |
| 86 | |
86 | |
| 87 | You have to specify either this parameter, or C<fh>, above. |
87 | You have to specify either this parameter, or C<fh>, above. |
|
|
88 | |
|
|
89 | It is possible to push requests on the read and write queues, and modify |
|
|
90 | properties of the stream, even while AnyEvent::Handle is connecting. |
| 88 | |
91 | |
| 89 | When this parameter is specified, then the C<on_prepare>, |
92 | When this parameter is specified, then the C<on_prepare>, |
| 90 | C<on_connect_error> and C<on_connect> callbacks will be called under the |
93 | C<on_connect_error> and C<on_connect> callbacks will be called under the |
| 91 | appropriate circumstances: |
94 | appropriate circumstances: |
| 92 | |
95 | |
| … | |
… | |
| 478 | |
481 | |
| 479 | $self->on_drain (delete $self->{on_drain}) if $self->{on_drain}; |
482 | $self->on_drain (delete $self->{on_drain}) if $self->{on_drain}; |
| 480 | |
483 | |
| 481 | $self->start_read |
484 | $self->start_read |
| 482 | if $self->{on_read} || @{ $self->{_queue} }; |
485 | if $self->{on_read} || @{ $self->{_queue} }; |
|
|
486 | |
|
|
487 | $self->_drain_wbuf; |
| 483 | } |
488 | } |
| 484 | |
489 | |
| 485 | #sub _shutdown { |
490 | #sub _shutdown { |
| 486 | # my ($self) = @_; |
491 | # my ($self) = @_; |
| 487 | # |
492 | # |
| … | |
… | |
| 740 | ->($self, @_); |
745 | ->($self, @_); |
| 741 | } |
746 | } |
| 742 | |
747 | |
| 743 | if ($self->{tls}) { |
748 | if ($self->{tls}) { |
| 744 | $self->{_tls_wbuf} .= $_[0]; |
749 | $self->{_tls_wbuf} .= $_[0]; |
| 745 | |
750 | &_dotls ($self) if $self->{fh}; |
| 746 | &_dotls ($self); |
|
|
| 747 | } else { |
751 | } else { |
| 748 | $self->{wbuf} .= $_[0]; |
752 | $self->{wbuf} .= $_[0]; |
| 749 | $self->_drain_wbuf if $self->{fh}; |
753 | $self->_drain_wbuf if $self->{fh}; |
| 750 | } |
754 | } |
| 751 | } |
755 | } |
| 752 | |
756 | |
| 753 | =item $handle->push_write (type => @args) |
757 | =item $handle->push_write (type => @args) |
| … | |
… | |
| 1649 | The TLS connection object will end up in C<< $handle->{tls} >>, the TLS |
1653 | The TLS connection object will end up in C<< $handle->{tls} >>, the TLS |
| 1650 | context in C<< $handle->{tls_ctx} >> after this call and can be used or |
1654 | context in C<< $handle->{tls_ctx} >> after this call and can be used or |
| 1651 | changed to your liking. Note that the handshake might have already started |
1655 | changed to your liking. Note that the handshake might have already started |
| 1652 | when this function returns. |
1656 | when this function returns. |
| 1653 | |
1657 | |
| 1654 | If it an error to start a TLS handshake more than once per |
1658 | Due to bugs in OpenSSL, it might or might not be possible to do multiple |
| 1655 | AnyEvent::Handle object (this is due to bugs in OpenSSL). |
1659 | handshakes on the same stream. Best do not attempt to use the stream after |
|
|
1660 | stopping TLS. |
| 1656 | |
1661 | |
| 1657 | =cut |
1662 | =cut |
| 1658 | |
1663 | |
| 1659 | our %TLS_CACHE; #TODO not yet documented, should we? |
1664 | our %TLS_CACHE; #TODO not yet documented, should we? |
| 1660 | |
1665 | |
| 1661 | sub starttls { |
1666 | sub starttls { |
| 1662 | my ($self, $ssl, $ctx) = @_; |
1667 | my ($self, $tls, $ctx) = @_; |
|
|
1668 | |
|
|
1669 | Carp::croak "It is an error to call starttls on an AnyEvent::Handle object while TLS is already active, caught" |
|
|
1670 | if $self->{tls}; |
|
|
1671 | |
|
|
1672 | $self->{tls} = $tls; |
|
|
1673 | $self->{tls_ctx} = $ctx if @_ > 2; |
|
|
1674 | |
|
|
1675 | return unless $self->{fh}; |
| 1663 | |
1676 | |
| 1664 | require Net::SSLeay; |
1677 | require Net::SSLeay; |
| 1665 | |
|
|
| 1666 | Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" |
|
|
| 1667 | if $self->{tls}; |
|
|
| 1668 | |
1678 | |
| 1669 | $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); |
1679 | $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); |
| 1670 | $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); |
1680 | $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); |
| 1671 | |
1681 | |
|
|
1682 | $tls = $self->{tls}; |
| 1672 | $ctx ||= $self->{tls_ctx}; |
1683 | $ctx = $self->{tls_ctx}; |
| 1673 | |
1684 | |
| 1674 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session |
1685 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session |
| 1675 | |
1686 | |
| 1676 | if ("HASH" eq ref $ctx) { |
1687 | if ("HASH" eq ref $ctx) { |
| 1677 | require AnyEvent::TLS; |
1688 | require AnyEvent::TLS; |
| … | |
… | |
| 1683 | $ctx = new AnyEvent::TLS %$ctx; |
1694 | $ctx = new AnyEvent::TLS %$ctx; |
| 1684 | } |
1695 | } |
| 1685 | } |
1696 | } |
| 1686 | |
1697 | |
| 1687 | $self->{tls_ctx} = $ctx || TLS_CTX (); |
1698 | $self->{tls_ctx} = $ctx || TLS_CTX (); |
| 1688 | $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername}); |
1699 | $self->{tls} = $tls = $self->{tls_ctx}->_get_session ($tls, $self, $self->{peername}); |
| 1689 | |
1700 | |
| 1690 | # basically, this is deep magic (because SSL_read should have the same issues) |
1701 | # basically, this is deep magic (because SSL_read should have the same issues) |
| 1691 | # but the openssl maintainers basically said: "trust us, it just works". |
1702 | # but the openssl maintainers basically said: "trust us, it just works". |
| 1692 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
1703 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
| 1693 | # and mismaintained ssleay-module doesn't even offer them). |
1704 | # and mismaintained ssleay-module doesn't even offer them). |
| … | |
… | |
| 1700 | # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to |
1711 | # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to |
| 1701 | # have identity issues in that area. |
1712 | # have identity issues in that area. |
| 1702 | # Net::SSLeay::CTX_set_mode ($ssl, |
1713 | # Net::SSLeay::CTX_set_mode ($ssl, |
| 1703 | # (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) |
1714 | # (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) |
| 1704 | # | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); |
1715 | # | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); |
| 1705 | Net::SSLeay::CTX_set_mode ($ssl, 1|2); |
1716 | Net::SSLeay::CTX_set_mode ($tls, 1|2); |
| 1706 | |
1717 | |
| 1707 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1718 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
| 1708 | $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1719 | $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
| 1709 | |
1720 | |
| 1710 | Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); |
1721 | Net::SSLeay::set_bio ($tls, $self->{_rbio}, $self->{_wbio}); |
| 1711 | |
1722 | |
| 1712 | $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) } |
1723 | $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) } |
| 1713 | if $self->{on_starttls}; |
1724 | if $self->{on_starttls}; |
| 1714 | |
1725 | |
| 1715 | &_dotls; # need to trigger the initial handshake |
1726 | &_dotls; # need to trigger the initial handshake |
| … | |
… | |
| 1718 | |
1729 | |
| 1719 | =item $handle->stoptls |
1730 | =item $handle->stoptls |
| 1720 | |
1731 | |
| 1721 | Shuts down the SSL connection - this makes a proper EOF handshake by |
1732 | Shuts down the SSL connection - this makes a proper EOF handshake by |
| 1722 | sending a close notify to the other side, but since OpenSSL doesn't |
1733 | sending a close notify to the other side, but since OpenSSL doesn't |
| 1723 | support non-blocking shut downs, it is not possible to re-use the stream |
1734 | support non-blocking shut downs, it is not guarenteed that you can re-use |
| 1724 | afterwards. |
1735 | the stream afterwards. |
| 1725 | |
1736 | |
| 1726 | =cut |
1737 | =cut |
| 1727 | |
1738 | |
| 1728 | sub stoptls { |
1739 | sub stoptls { |
| 1729 | my ($self) = @_; |
1740 | my ($self) = @_; |
| … | |
… | |
| 1742 | sub _freetls { |
1753 | sub _freetls { |
| 1743 | my ($self) = @_; |
1754 | my ($self) = @_; |
| 1744 | |
1755 | |
| 1745 | return unless $self->{tls}; |
1756 | return unless $self->{tls}; |
| 1746 | |
1757 | |
| 1747 | $self->{tls_ctx}->_put_session (delete $self->{tls}); |
1758 | $self->{tls_ctx}->_put_session (delete $self->{tls}) |
|
|
1759 | if ref $self->{tls}; |
| 1748 | |
1760 | |
| 1749 | delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)}; |
1761 | delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)}; |
| 1750 | } |
1762 | } |
| 1751 | |
1763 | |
| 1752 | sub DESTROY { |
1764 | sub DESTROY { |
