… | |
… | |
145 | |
145 | |
146 | When this parameter is given, it enables TLS (SSL) mode, that means it |
146 | When this parameter is given, it enables TLS (SSL) mode, that means it |
147 | will start making tls handshake and will transparently encrypt/decrypt |
147 | will start making tls handshake and will transparently encrypt/decrypt |
148 | data. |
148 | data. |
149 | |
149 | |
|
|
150 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
|
|
151 | automatically when you try to create a TLS handle). |
|
|
152 | |
150 | For the TLS server side, use C<accept>, and for the TLS client side of a |
153 | For the TLS server side, use C<accept>, and for the TLS client side of a |
151 | connection, use C<connect> mode. |
154 | connection, use C<connect> mode. |
152 | |
155 | |
153 | You can also provide your own TLS connection object, but you have |
156 | You can also provide your own TLS connection object, but you have |
154 | to make sure that you call either C<Net::SSLeay::set_connect_state> |
157 | to make sure that you call either C<Net::SSLeay::set_connect_state> |
155 | or C<Net::SSLeay::set_accept_state> on it before you pass it to |
158 | or C<Net::SSLeay::set_accept_state> on it before you pass it to |
156 | AnyEvent::Handle. |
159 | AnyEvent::Handle. |
|
|
160 | |
|
|
161 | See the C<starttls> method if you need to start TLs negotiation later. |
157 | |
162 | |
158 | =item tls_ctx => $ssl_ctx |
163 | =item tls_ctx => $ssl_ctx |
159 | |
164 | |
160 | Use the given Net::SSLeay::CTX object to create the new TLS connection |
165 | Use the given Net::SSLeay::CTX object to create the new TLS connection |
161 | (unless a connection object was specified directly). If this parameter is |
166 | (unless a connection object was specified directly). If this parameter is |
… | |
… | |
673 | |
678 | |
674 | # all others are fine for our purposes |
679 | # all others are fine for our purposes |
675 | } |
680 | } |
676 | } |
681 | } |
677 | |
682 | |
|
|
683 | =item $handle->starttls ($tls[, $tls_ctx]) |
|
|
684 | |
|
|
685 | Instead of starting TLS negotiation immediately when the AnyEvent::Handle |
|
|
686 | object is created, you can also do that at a later time by calling |
|
|
687 | C<starttls>. |
|
|
688 | |
|
|
689 | The first argument is the same as the C<tls> constructor argument (either |
|
|
690 | C<"connect">, C<"accept"> or an existing Net::SSLeay object). |
|
|
691 | |
|
|
692 | The second argument is the optional C<Net::SSLeay::CTX> object that is |
|
|
693 | used when AnyEvent::Handle has to create its own TLS connection object. |
|
|
694 | |
|
|
695 | =cut |
|
|
696 | |
678 | # TODO: maybe document... |
697 | # TODO: maybe document... |
679 | sub starttls { |
698 | sub starttls { |
680 | my ($self, $ssl, $ctx) = @_; |
699 | my ($self, $ssl, $ctx) = @_; |
|
|
700 | |
|
|
701 | $self->stoptls; |
681 | |
702 | |
682 | if ($ssl eq "accept") { |
703 | if ($ssl eq "accept") { |
683 | $ssl = Net::SSLeay::new ($ctx || TLS_CTX ()); |
704 | $ssl = Net::SSLeay::new ($ctx || TLS_CTX ()); |
684 | Net::SSLeay::set_accept_state ($ssl); |
705 | Net::SSLeay::set_accept_state ($ssl); |
685 | } elsif ($ssl eq "connect") { |
706 | } elsif ($ssl eq "connect") { |
… | |
… | |
710 | Net::SSLeay::BIO_write ($_[0]{tls_rbio}, ${$_[1]}); |
731 | Net::SSLeay::BIO_write ($_[0]{tls_rbio}, ${$_[1]}); |
711 | &_dotls; |
732 | &_dotls; |
712 | }; |
733 | }; |
713 | } |
734 | } |
714 | |
735 | |
|
|
736 | =item $handle->stoptls |
|
|
737 | |
|
|
738 | Destroys the SSL connection, if any. Partial read or write data will be |
|
|
739 | lost. |
|
|
740 | |
|
|
741 | =cut |
|
|
742 | |
|
|
743 | sub stoptls { |
|
|
744 | my ($self) = @_; |
|
|
745 | |
|
|
746 | Net::SSLeay::free (delete $self->{tls}) if $self->{tls}; |
|
|
747 | delete $self->{tls_rbio}; |
|
|
748 | delete $self->{tls_wbio}; |
|
|
749 | delete $self->{tls_wbuf}; |
|
|
750 | delete $self->{filter_r}; |
|
|
751 | delete $self->{filter_w}; |
|
|
752 | } |
|
|
753 | |
715 | sub DESTROY { |
754 | sub DESTROY { |
716 | my $self = shift; |
755 | my $self = shift; |
717 | |
756 | |
718 | Net::SSLeay::free (delete $self->{tls}) if $self->{tls}; |
757 | $self->stoptls; |
719 | } |
758 | } |
720 | |
759 | |
721 | =item AnyEvent::Handle::TLS_CTX |
760 | =item AnyEvent::Handle::TLS_CTX |
722 | |
761 | |
723 | This function creates and returns the Net::SSLeay::CTX object used by |
762 | This function creates and returns the Net::SSLeay::CTX object used by |