ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/AnyEvent/lib/AnyEvent/Handle.pm
(Generate patch)

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.105 by root, Thu Nov 6 16:16:44 2008 UTC vs.
Revision 1.143 by root, Mon Jul 6 21:02:34 2009 UTC

14 14
15AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent 15AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent
16 16
17=cut 17=cut
18 18
19our $VERSION = 4.32; 19our $VERSION = 4.452;
20 20
21=head1 SYNOPSIS 21=head1 SYNOPSIS
22 22
23 use AnyEvent; 23 use AnyEvent;
24 use AnyEvent::Handle; 24 use AnyEvent::Handle;
27 27
28 my $handle = 28 my $handle =
29 AnyEvent::Handle->new ( 29 AnyEvent::Handle->new (
30 fh => \*STDIN, 30 fh => \*STDIN,
31 on_eof => sub { 31 on_eof => sub {
32 $cv->broadcast; 32 $cv->send;
33 }, 33 },
34 ); 34 );
35 35
36 # send some request line 36 # send some request line
37 $handle->push_write ("getinfo\015\012"); 37 $handle->push_write ("getinfo\015\012");
63 63
64=head1 METHODS 64=head1 METHODS
65 65
66=over 4 66=over 4
67 67
68=item B<new (%args)> 68=item $handle = B<new> AnyEvent::TLS fh => $filehandle, key => value...
69 69
70The constructor supports these arguments (all as key => value pairs). 70The constructor supports these arguments (all as C<< key => value >> pairs).
71 71
72=over 4 72=over 4
73 73
74=item fh => $filehandle [MANDATORY] 74=item fh => $filehandle [MANDATORY]
75 75
95waiting for data. 95waiting for data.
96 96
97If an EOF condition has been detected but no C<on_eof> callback has been 97If an EOF condition has been detected but no C<on_eof> callback has been
98set, then a fatal error will be raised with C<$!> set to <0>. 98set, then a fatal error will be raised with C<$!> set to <0>.
99 99
100=item on_error => $cb->($handle, $fatal) 100=item on_error => $cb->($handle, $fatal, $message)
101 101
102This is the error callback, which is called when, well, some error 102This is the error callback, which is called when, well, some error
103occured, such as not being able to resolve the hostname, failure to 103occured, such as not being able to resolve the hostname, failure to
104connect or a read error. 104connect or a read error.
105 105
107fatal errors the handle object will be shut down and will not be usable 107fatal errors the handle object will be shut down and will not be usable
108(but you are free to look at the current C<< ->rbuf >>). Examples of fatal 108(but you are free to look at the current C<< ->rbuf >>). Examples of fatal
109errors are an EOF condition with active (but unsatisifable) read watchers 109errors are an EOF condition with active (but unsatisifable) read watchers
110(C<EPIPE>) or I/O errors. 110(C<EPIPE>) or I/O errors.
111 111
112AnyEvent::Handle tries to find an appropriate error code for you to check
113against, but in some cases (TLS errors), this does not work well. It is
114recommended to always output the C<$message> argument in human-readable
115error messages (it's usually the same as C<"$!">).
116
112Non-fatal errors can be retried by simply returning, but it is recommended 117Non-fatal errors can be retried by simply returning, but it is recommended
113to simply ignore this parameter and instead abondon the handle object 118to simply ignore this parameter and instead abondon the handle object
114when this callback is invoked. Examples of non-fatal errors are timeouts 119when this callback is invoked. Examples of non-fatal errors are timeouts
115C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>). 120C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>).
116 121
117On callback entrance, the value of C<$!> contains the operating system 122On callback entrance, the value of C<$!> contains the operating system
118error (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT> or C<EBADMSG>). 123error code (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT>, C<EBADMSG> or
124C<EPROTO>).
119 125
120While not mandatory, it is I<highly> recommended to set this callback, as 126While not mandatory, it is I<highly> recommended to set this callback, as
121you will not be notified of errors otherwise. The default simply calls 127you will not be notified of errors otherwise. The default simply calls
122C<croak>. 128C<croak>.
123 129
127and no read request is in the queue (unlike read queue callbacks, this 133and no read request is in the queue (unlike read queue callbacks, this
128callback will only be called when at least one octet of data is in the 134callback will only be called when at least one octet of data is in the
129read buffer). 135read buffer).
130 136
131To access (and remove data from) the read buffer, use the C<< ->rbuf >> 137To access (and remove data from) the read buffer, use the C<< ->rbuf >>
132method or access the C<$handle->{rbuf}> member directly. 138method or access the C<< $handle->{rbuf} >> member directly. Note that you
139must not enlarge or modify the read buffer, you can only remove data at
140the beginning from it.
133 141
134When an EOF condition is detected then AnyEvent::Handle will first try to 142When an EOF condition is detected then AnyEvent::Handle will first try to
135feed all the remaining data to the queued callbacks and C<on_read> before 143feed all the remaining data to the queued callbacks and C<on_read> before
136calling the C<on_eof> callback. If no progress can be made, then a fatal 144calling the C<on_eof> callback. If no progress can be made, then a fatal
137error will be raised (with C<$!> set to C<EPIPE>). 145error will be raised (with C<$!> set to C<EPIPE>).
235 243
236This will not work for partial TLS data that could not be encoded 244This will not work for partial TLS data that could not be encoded
237yet. This data will be lost. Calling the C<stoptls> method in time might 245yet. This data will be lost. Calling the C<stoptls> method in time might
238help. 246help.
239 247
248=item peername => $string
249
250A string used to identify the remote site - usually the DNS hostname
251(I<not> IDN!) used to create the connection, rarely the IP address.
252
253Apart from being useful in error messages, this string is also used in TLS
254peername verification (see C<verify_peername> in L<AnyEvent::TLS>).
255
240=item tls => "accept" | "connect" | Net::SSLeay::SSL object 256=item tls => "accept" | "connect" | Net::SSLeay::SSL object
241 257
242When this parameter is given, it enables TLS (SSL) mode, that means 258When this parameter is given, it enables TLS (SSL) mode, that means
243AnyEvent will start a TLS handshake as soon as the conenction has been 259AnyEvent will start a TLS handshake as soon as the conenction has been
244established and will transparently encrypt/decrypt data afterwards. 260established and will transparently encrypt/decrypt data afterwards.
261
262All TLS protocol errors will be signalled as C<EPROTO>, with an
263appropriate error message.
245 264
246TLS mode requires Net::SSLeay to be installed (it will be loaded 265TLS mode requires Net::SSLeay to be installed (it will be loaded
247automatically when you try to create a TLS handle): this module doesn't 266automatically when you try to create a TLS handle): this module doesn't
248have a dependency on that module, so if your module requires it, you have 267have a dependency on that module, so if your module requires it, you have
249to add the dependency yourself. 268to add the dependency yourself.
253mode. 272mode.
254 273
255You can also provide your own TLS connection object, but you have 274You can also provide your own TLS connection object, but you have
256to make sure that you call either C<Net::SSLeay::set_connect_state> 275to make sure that you call either C<Net::SSLeay::set_connect_state>
257or C<Net::SSLeay::set_accept_state> on it before you pass it to 276or C<Net::SSLeay::set_accept_state> on it before you pass it to
258AnyEvent::Handle. 277AnyEvent::Handle. Also, this module will take ownership of this connection
278object.
279
280At some future point, AnyEvent::Handle might switch to another TLS
281implementation, then the option to use your own session object will go
282away.
283
284B<IMPORTANT:> since Net::SSLeay "objects" are really only integers,
285passing in the wrong integer will lead to certain crash. This most often
286happens when one uses a stylish C<< tls => 1 >> and is surprised about the
287segmentation fault.
259 288
260See the C<< ->starttls >> method for when need to start TLS negotiation later. 289See the C<< ->starttls >> method for when need to start TLS negotiation later.
261 290
262=item tls_ctx => $ssl_ctx 291=item tls_ctx => $anyevent_tls
263 292
264Use the given C<Net::SSLeay::CTX> object to create the new TLS connection 293Use the given C<AnyEvent::TLS> object to create the new TLS connection
265(unless a connection object was specified directly). If this parameter is 294(unless a connection object was specified directly). If this parameter is
266missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>. 295missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>.
296
297Instead of an object, you can also specify a hash reference with C<< key
298=> value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a
299new TLS context object.
300
301=item on_starttls => $cb->($handle, $success[, $error_message])
302
303This callback will be invoked when the TLS/SSL handshake has finished. If
304C<$success> is true, then the TLS handshake succeeded, otherwise it failed
305(C<on_stoptls> will not be called in this case).
306
307The session in C<< $handle->{tls} >> can still be examined in this
308callback, even when the handshake was not successful.
309
310TLS handshake failures will not cause C<on_error> to be invoked when this
311callback is in effect, instead, the error message will be passed to C<on_starttls>.
312
313Without this callback, handshake failures lead to C<on_error> being
314called, as normal.
315
316Note that you cannot call C<starttls> right again in this callback. If you
317need to do that, start an zero-second timer instead whose callback can
318then call C<< ->starttls >> again.
319
320=item on_stoptls => $cb->($handle)
321
322When a SSLv3/TLS shutdown/close notify/EOF is detected and this callback is
323set, then it will be invoked after freeing the TLS session. If it is not,
324then a TLS shutdown condition will be treated like a normal EOF condition
325on the handle.
326
327The session in C<< $handle->{tls} >> can still be examined in this
328callback.
329
330This callback will only be called on TLS shutdowns, not when the
331underlying handle signals EOF.
267 332
268=item json => JSON or JSON::XS object 333=item json => JSON or JSON::XS object
269 334
270This is the json coder object used by the C<json> read and write types. 335This is the json coder object used by the C<json> read and write types.
271 336
280 345
281=cut 346=cut
282 347
283sub new { 348sub new {
284 my $class = shift; 349 my $class = shift;
285
286 my $self = bless { @_ }, $class; 350 my $self = bless { @_ }, $class;
287 351
288 $self->{fh} or Carp::croak "mandatory argument fh is missing"; 352 $self->{fh} or Carp::croak "mandatory argument fh is missing";
289 353
290 AnyEvent::Util::fh_nonblocking $self->{fh}, 1; 354 AnyEvent::Util::fh_nonblocking $self->{fh}, 1;
355
356 $self->{_activity} = AnyEvent->now;
357 $self->_timeout;
358
359 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
291 360
292 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) 361 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx})
293 if $self->{tls}; 362 if $self->{tls};
294 363
295 $self->{_activity} = AnyEvent->now;
296 $self->_timeout;
297
298 $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; 364 $self->on_drain (delete $self->{on_drain}) if $self->{on_drain};
299 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
300 365
301 $self->start_read 366 $self->start_read
302 if $self->{on_read}; 367 if $self->{on_read};
303 368
304 $self 369 $self->{fh} && $self
305} 370}
306 371
307sub _shutdown { 372sub _shutdown {
308 my ($self) = @_; 373 my ($self) = @_;
309 374
310 delete $self->{_tw}; 375 delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)};
311 delete $self->{_rw}; 376 $self->{_eof} = 1; # tell starttls et. al to stop trying
312 delete $self->{_ww};
313 delete $self->{fh};
314 377
315 &_freetls; 378 &_freetls;
316
317 delete $self->{on_read};
318 delete $self->{_queue};
319} 379}
320 380
321sub _error { 381sub _error {
322 my ($self, $errno, $fatal) = @_; 382 my ($self, $errno, $fatal, $message) = @_;
323 383
324 $self->_shutdown 384 $self->_shutdown
325 if $fatal; 385 if $fatal;
326 386
327 $! = $errno; 387 $! = $errno;
388 $message ||= "$!";
328 389
329 if ($self->{on_error}) { 390 if ($self->{on_error}) {
330 $self->{on_error}($self, $fatal); 391 $self->{on_error}($self, $fatal, $message);
331 } elsif ($self->{fh}) { 392 } elsif ($self->{fh}) {
332 Carp::croak "AnyEvent::Handle uncaught error: $!"; 393 Carp::croak "AnyEvent::Handle uncaught error: $message";
333 } 394 }
334} 395}
335 396
336=item $fh = $handle->fh 397=item $fh = $handle->fh
337 398
396 457
397 eval { 458 eval {
398 local $SIG{__DIE__}; 459 local $SIG{__DIE__};
399 setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1]; 460 setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1];
400 }; 461 };
462}
463
464=item $handle->on_starttls ($cb)
465
466Replace the current C<on_starttls> callback (see the C<on_starttls> constructor argument).
467
468=cut
469
470sub on_starttls {
471 $_[0]{on_starttls} = $_[1];
472}
473
474=item $handle->on_stoptls ($cb)
475
476Replace the current C<on_stoptls> callback (see the C<on_stoptls> constructor argument).
477
478=cut
479
480sub on_starttls {
481 $_[0]{on_stoptls} = $_[1];
401} 482}
402 483
403############################################################################# 484#############################################################################
404 485
405=item $handle->timeout ($seconds) 486=item $handle->timeout ($seconds)
649 730
650 pack "w/a*", Storable::nfreeze ($ref) 731 pack "w/a*", Storable::nfreeze ($ref)
651}; 732};
652 733
653=back 734=back
735
736=item $handle->push_shutdown
737
738Sometimes you know you want to close the socket after writing your data
739before it was actually written. One way to do that is to replace your
740C<on_drain> handler by a callback that shuts down the socket (and set
741C<low_water_mark> to C<0>). This method is a shorthand for just that, and
742replaces the C<on_drain> callback with:
743
744 sub { shutdown $_[0]{fh}, 1 } # for push_shutdown
745
746This simply shuts down the write side and signals an EOF condition to the
747the peer.
748
749You can rely on the normal read queue and C<on_eof> handling
750afterwards. This is the cleanest way to close a connection.
751
752=cut
753
754sub push_shutdown {
755 my ($self) = @_;
756
757 delete $self->{low_water_mark};
758 $self->on_drain (sub { shutdown $_[0]{fh}, 1 });
759}
654 760
655=item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args) 761=item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args)
656 762
657This function (not method) lets you add your own types to C<push_write>. 763This function (not method) lets you add your own types to C<push_write>.
658Whenever the given C<type> is used, C<push_write> will invoke the code 764Whenever the given C<type> is used, C<push_write> will invoke the code
762 ) { 868 ) {
763 $self->_error (&Errno::ENOSPC, 1), return; 869 $self->_error (&Errno::ENOSPC, 1), return;
764 } 870 }
765 871
766 while () { 872 while () {
873 # we need to use a separate tls read buffer, as we must not receive data while
874 # we are draining the buffer, and this can only happen with TLS.
875 $self->{rbuf} .= delete $self->{_tls_rbuf} if exists $self->{_tls_rbuf};
876
767 my $len = length $self->{rbuf}; 877 my $len = length $self->{rbuf};
768 878
769 if (my $cb = shift @{ $self->{_queue} }) { 879 if (my $cb = shift @{ $self->{_queue} }) {
770 unless ($cb->($self)) { 880 unless ($cb->($self)) {
771 if ($self->{_eof}) { 881 if ($self->{_eof}) {
802 912
803 if ($self->{_eof}) { 913 if ($self->{_eof}) {
804 if ($self->{on_eof}) { 914 if ($self->{on_eof}) {
805 $self->{on_eof}($self) 915 $self->{on_eof}($self)
806 } else { 916 } else {
807 $self->_error (0, 1); 917 $self->_error (0, 1, "Unexpected end-of-file");
808 } 918 }
809 } 919 }
810 920
811 # may need to restart read watcher 921 # may need to restart read watcher
812 unless ($self->{_rw}) { 922 unless ($self->{_rw}) {
832 942
833=item $handle->rbuf 943=item $handle->rbuf
834 944
835Returns the read buffer (as a modifiable lvalue). 945Returns the read buffer (as a modifiable lvalue).
836 946
837You can access the read buffer directly as the C<< ->{rbuf} >> member, if 947You can access the read buffer directly as the C<< ->{rbuf} >>
838you want. 948member, if you want. However, the only operation allowed on the
949read buffer (apart from looking at it) is removing data from its
950beginning. Otherwise modifying or appending to it is not allowed and will
951lead to hard-to-track-down bugs.
839 952
840NOTE: The read buffer should only be used or modified if the C<on_read>, 953NOTE: The read buffer should only be used or modified if the C<on_read>,
841C<push_read> or C<unshift_read> methods are used. The other read methods 954C<push_read> or C<unshift_read> methods are used. The other read methods
842automatically manage the read buffer. 955automatically manage the read buffer.
843 956
1139 } 1252 }
1140}; 1253};
1141 1254
1142=item json => $cb->($handle, $hash_or_arrayref) 1255=item json => $cb->($handle, $hash_or_arrayref)
1143 1256
1144Reads a JSON object or array, decodes it and passes it to the callback. 1257Reads a JSON object or array, decodes it and passes it to the
1258callback. When a parse error occurs, an C<EBADMSG> error will be raised.
1145 1259
1146If a C<json> object was passed to the constructor, then that will be used 1260If a C<json> object was passed to the constructor, then that will be used
1147for the final decode, otherwise it will create a JSON coder expecting UTF-8. 1261for the final decode, otherwise it will create a JSON coder expecting UTF-8.
1148 1262
1149This read type uses the incremental parser available with JSON version 1263This read type uses the incremental parser available with JSON version
1158=cut 1272=cut
1159 1273
1160register_read_type json => sub { 1274register_read_type json => sub {
1161 my ($self, $cb) = @_; 1275 my ($self, $cb) = @_;
1162 1276
1163 require JSON; 1277 my $json = $self->{json} ||=
1278 eval { require JSON::XS; JSON::XS->new->utf8 }
1279 || do { require JSON; JSON->new->utf8 };
1164 1280
1165 my $data; 1281 my $data;
1166 my $rbuf = \$self->{rbuf}; 1282 my $rbuf = \$self->{rbuf};
1167 1283
1168 my $json = $self->{json} ||= JSON->new->utf8;
1169
1170 sub { 1284 sub {
1171 my $ref = $json->incr_parse ($self->{rbuf}); 1285 my $ref = eval { $json->incr_parse ($self->{rbuf}) };
1172 1286
1173 if ($ref) { 1287 if ($ref) {
1174 $self->{rbuf} = $json->incr_text; 1288 $self->{rbuf} = $json->incr_text;
1175 $json->incr_text = ""; 1289 $json->incr_text = "";
1176 $cb->($self, $ref); 1290 $cb->($self, $ref);
1177 1291
1178 1 1292 1
1293 } elsif ($@) {
1294 # error case
1295 $json->incr_skip;
1296
1297 $self->{rbuf} = $json->incr_text;
1298 $json->incr_text = "";
1299
1300 $self->_error (&Errno::EBADMSG);
1301
1302 ()
1179 } else { 1303 } else {
1180 $self->{rbuf} = ""; 1304 $self->{rbuf} = "";
1305
1181 () 1306 ()
1182 } 1307 }
1183 } 1308 }
1184}; 1309};
1185 1310
1306 } 1431 }
1307 }); 1432 });
1308 } 1433 }
1309} 1434}
1310 1435
1436our $ERROR_SYSCALL;
1437our $ERROR_WANT_READ;
1438
1439sub _tls_error {
1440 my ($self, $err) = @_;
1441
1442 return $self->_error ($!, 1)
1443 if $err == Net::SSLeay::ERROR_SYSCALL ();
1444
1445 my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ());
1446
1447 # reduce error string to look less scary
1448 $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /;
1449
1450 if ($self->{_on_starttls}) {
1451 (delete $self->{_on_starttls})->($self, undef, $err);
1452 &_freetls;
1453 } else {
1454 &_freetls;
1455 $self->_error (&Errno::EPROTO, 1, $err);
1456 }
1457}
1458
1311# poll the write BIO and send the data if applicable 1459# poll the write BIO and send the data if applicable
1460# also decode read data if possible
1461# this is basiclaly our TLS state machine
1462# more efficient implementations are possible with openssl,
1463# but not with the buggy and incomplete Net::SSLeay.
1312sub _dotls { 1464sub _dotls {
1313 my ($self) = @_; 1465 my ($self) = @_;
1314 1466
1315 my $tmp; 1467 my $tmp;
1316 1468
1317 if (length $self->{_tls_wbuf}) { 1469 if (length $self->{_tls_wbuf}) {
1318 while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) { 1470 while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) {
1319 substr $self->{_tls_wbuf}, 0, $tmp, ""; 1471 substr $self->{_tls_wbuf}, 0, $tmp, "";
1320 } 1472 }
1473
1474 $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp);
1475 return $self->_tls_error ($tmp)
1476 if $tmp != $ERROR_WANT_READ
1477 && ($tmp != $ERROR_SYSCALL || $!);
1321 } 1478 }
1322 1479
1323 while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { 1480 while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) {
1324 unless (length $tmp) { 1481 unless (length $tmp) {
1325 # let's treat SSL-eof as we treat normal EOF 1482 $self->{_on_starttls}
1326 delete $self->{_rw}; 1483 and (delete $self->{_on_starttls})->($self, undef, "EOF during handshake"); # ???
1327 $self->{_eof} = 1;
1328 &_freetls; 1484 &_freetls;
1485
1486 if ($self->{on_stoptls}) {
1487 $self->{on_stoptls}($self);
1488 return;
1489 } else {
1490 # let's treat SSL-eof as we treat normal EOF
1491 delete $self->{_rw};
1492 $self->{_eof} = 1;
1493 }
1329 } 1494 }
1330 1495
1331 $self->{rbuf} .= $tmp; 1496 $self->{_tls_rbuf} .= $tmp;
1332 $self->_drain_rbuf unless $self->{_in_drain}; 1497 $self->_drain_rbuf unless $self->{_in_drain};
1333 $self->{tls} or return; # tls session might have gone away in callback 1498 $self->{tls} or return; # tls session might have gone away in callback
1334 } 1499 }
1335 1500
1336 $tmp = Net::SSLeay::get_error ($self->{tls}, -1); 1501 $tmp = Net::SSLeay::get_error ($self->{tls}, -1);
1337
1338 if ($tmp != Net::SSLeay::ERROR_WANT_READ ()) {
1339 if ($tmp == Net::SSLeay::ERROR_SYSCALL ()) {
1340 return $self->_error ($!, 1); 1502 return $self->_tls_error ($tmp)
1341 } elsif ($tmp == Net::SSLeay::ERROR_SSL ()) { 1503 if $tmp != $ERROR_WANT_READ
1342 return $self->_error (&Errno::EIO, 1); 1504 && ($tmp != $ERROR_SYSCALL || $!);
1343 }
1344
1345 # all other errors are fine for our purposes
1346 }
1347 1505
1348 while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) { 1506 while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) {
1349 $self->{wbuf} .= $tmp; 1507 $self->{wbuf} .= $tmp;
1350 $self->_drain_wbuf; 1508 $self->_drain_wbuf;
1351 } 1509 }
1510
1511 $self->{_on_starttls}
1512 and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK ()
1513 and (delete $self->{_on_starttls})->($self, 1, "TLS/SSL connection established");
1352} 1514}
1353 1515
1354=item $handle->starttls ($tls[, $tls_ctx]) 1516=item $handle->starttls ($tls[, $tls_ctx])
1355 1517
1356Instead of starting TLS negotiation immediately when the AnyEvent::Handle 1518Instead of starting TLS negotiation immediately when the AnyEvent::Handle
1358C<starttls>. 1520C<starttls>.
1359 1521
1360The first argument is the same as the C<tls> constructor argument (either 1522The first argument is the same as the C<tls> constructor argument (either
1361C<"connect">, C<"accept"> or an existing Net::SSLeay object). 1523C<"connect">, C<"accept"> or an existing Net::SSLeay object).
1362 1524
1363The second argument is the optional C<Net::SSLeay::CTX> object that is 1525The second argument is the optional C<AnyEvent::TLS> object that is used
1364used when AnyEvent::Handle has to create its own TLS connection object. 1526when AnyEvent::Handle has to create its own TLS connection object, or
1527a hash reference with C<< key => value >> pairs that will be used to
1528construct a new context.
1365 1529
1366The TLS connection object will end up in C<< $handle->{tls} >> after this 1530The TLS connection object will end up in C<< $handle->{tls} >>, the TLS
1367call and can be used or changed to your liking. Note that the handshake 1531context in C<< $handle->{tls_ctx} >> after this call and can be used or
1368might have already started when this function returns. 1532changed to your liking. Note that the handshake might have already started
1533when this function returns.
1369 1534
1370If it an error to start a TLS handshake more than once per 1535If it an error to start a TLS handshake more than once per
1371AnyEvent::Handle object (this is due to bugs in OpenSSL). 1536AnyEvent::Handle object (this is due to bugs in OpenSSL).
1372 1537
1373=cut 1538=cut
1374 1539
1540our %TLS_CACHE; #TODO not yet documented, should we?
1541
1375sub starttls { 1542sub starttls {
1376 my ($self, $ssl, $ctx) = @_; 1543 my ($self, $ssl, $ctx) = @_;
1377 1544
1378 require Net::SSLeay; 1545 require Net::SSLeay;
1379 1546
1380 Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" 1547 Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object"
1381 if $self->{tls}; 1548 if $self->{tls};
1549
1550 $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL ();
1551 $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ ();
1552
1553 $ctx ||= $self->{tls_ctx};
1554
1555 if ("HASH" eq ref $ctx) {
1556 require AnyEvent::TLS;
1557
1558 local $Carp::CarpLevel = 1; # skip ourselves when creating a new context
1559
1560 if ($ctx->{cache}) {
1561 my $key = $ctx+0;
1562 $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx;
1563 } else {
1564 $ctx = new AnyEvent::TLS %$ctx;
1565 }
1566 }
1382 1567
1383 if ($ssl eq "accept") { 1568 $self->{tls_ctx} = $ctx || TLS_CTX ();
1384 $ssl = Net::SSLeay::new ($ctx || TLS_CTX ()); 1569 $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername});
1385 Net::SSLeay::set_accept_state ($ssl);
1386 } elsif ($ssl eq "connect") {
1387 $ssl = Net::SSLeay::new ($ctx || TLS_CTX ());
1388 Net::SSLeay::set_connect_state ($ssl);
1389 }
1390
1391 $self->{tls} = $ssl;
1392 1570
1393 # basically, this is deep magic (because SSL_read should have the same issues) 1571 # basically, this is deep magic (because SSL_read should have the same issues)
1394 # but the openssl maintainers basically said: "trust us, it just works". 1572 # but the openssl maintainers basically said: "trust us, it just works".
1395 # (unfortunately, we have to hardcode constants because the abysmally misdesigned 1573 # (unfortunately, we have to hardcode constants because the abysmally misdesigned
1396 # and mismaintained ssleay-module doesn't even offer them). 1574 # and mismaintained ssleay-module doesn't even offer them).
1400 # 1578 #
1401 # note that we do not try to keep the length constant between writes as we are required to do. 1579 # note that we do not try to keep the length constant between writes as we are required to do.
1402 # we assume that most (but not all) of this insanity only applies to non-blocking cases, 1580 # we assume that most (but not all) of this insanity only applies to non-blocking cases,
1403 # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to 1581 # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to
1404 # have identity issues in that area. 1582 # have identity issues in that area.
1405 Net::SSLeay::CTX_set_mode ($self->{tls}, 1583# Net::SSLeay::CTX_set_mode ($ssl,
1406 (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) 1584# (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1)
1407 | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); 1585# | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2));
1586 Net::SSLeay::CTX_set_mode ($ssl, 1|2);
1408 1587
1409 $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); 1588 $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
1410 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); 1589 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
1411 1590
1412 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); 1591 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio});
1592
1593 $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) }
1594 if $self->{on_starttls};
1413 1595
1414 &_dotls; # need to trigger the initial handshake 1596 &_dotls; # need to trigger the initial handshake
1415 $self->start_read; # make sure we actually do read 1597 $self->start_read; # make sure we actually do read
1416} 1598}
1417 1599
1430 if ($self->{tls}) { 1612 if ($self->{tls}) {
1431 Net::SSLeay::shutdown ($self->{tls}); 1613 Net::SSLeay::shutdown ($self->{tls});
1432 1614
1433 &_dotls; 1615 &_dotls;
1434 1616
1435 # we don't give a shit. no, we do, but we can't. no... 1617# # we don't give a shit. no, we do, but we can't. no...#d#
1436 # we, we... have to use openssl :/ 1618# # we, we... have to use openssl :/#d#
1437 &_freetls; 1619# &_freetls;#d#
1438 } 1620 }
1439} 1621}
1440 1622
1441sub _freetls { 1623sub _freetls {
1442 my ($self) = @_; 1624 my ($self) = @_;
1443 1625
1444 return unless $self->{tls}; 1626 return unless $self->{tls};
1445 1627
1446 Net::SSLeay::free (delete $self->{tls}); 1628 $self->{tls_ctx}->_put_session (delete $self->{tls});
1447 1629
1448 delete @$self{qw(_rbio _wbio _tls_wbuf)}; 1630 delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)};
1449} 1631}
1450 1632
1451sub DESTROY { 1633sub DESTROY {
1452 my $self = shift; 1634 my ($self) = @_;
1453 1635
1454 &_freetls; 1636 &_freetls;
1455 1637
1456 my $linger = exists $self->{linger} ? $self->{linger} : 3600; 1638 my $linger = exists $self->{linger} ? $self->{linger} : 3600;
1457 1639
1477} 1659}
1478 1660
1479=item $handle->destroy 1661=item $handle->destroy
1480 1662
1481Shuts down the handle object as much as possible - this call ensures that 1663Shuts down the handle object as much as possible - this call ensures that
1482no further callbacks will be invoked and resources will be freed as much 1664no further callbacks will be invoked and as many resources as possible
1483as possible. You must not call any methods on the object afterwards. 1665will be freed. You must not call any methods on the object afterwards.
1484 1666
1485Normally, you can just "forget" any references to an AnyEvent::Handle 1667Normally, you can just "forget" any references to an AnyEvent::Handle
1486object and it will simply shut down. This works in fatal error and EOF 1668object and it will simply shut down. This works in fatal error and EOF
1487callbacks, as well as code outside. It does I<NOT> work in a read or write 1669callbacks, as well as code outside. It does I<NOT> work in a read or write
1488callback, so when you want to destroy the AnyEvent::Handle object from 1670callback, so when you want to destroy the AnyEvent::Handle object from
1501 %$self = (); 1683 %$self = ();
1502} 1684}
1503 1685
1504=item AnyEvent::Handle::TLS_CTX 1686=item AnyEvent::Handle::TLS_CTX
1505 1687
1506This function creates and returns the Net::SSLeay::CTX object used by 1688This function creates and returns the AnyEvent::TLS object used by default
1507default for TLS mode. 1689for TLS mode.
1508 1690
1509The context is created like this: 1691The context is created by calling L<AnyEvent::TLS> without any arguments.
1510
1511 Net::SSLeay::load_error_strings;
1512 Net::SSLeay::SSLeay_add_ssl_algorithms;
1513 Net::SSLeay::randomize;
1514
1515 my $CTX = Net::SSLeay::CTX_new;
1516
1517 Net::SSLeay::CTX_set_options $CTX, Net::SSLeay::OP_ALL
1518 1692
1519=cut 1693=cut
1520 1694
1521our $TLS_CTX; 1695our $TLS_CTX;
1522 1696
1523sub TLS_CTX() { 1697sub TLS_CTX() {
1524 $TLS_CTX || do { 1698 $TLS_CTX ||= do {
1525 require Net::SSLeay; 1699 require AnyEvent::TLS;
1526 1700
1527 Net::SSLeay::load_error_strings (); 1701 new AnyEvent::TLS
1528 Net::SSLeay::SSLeay_add_ssl_algorithms ();
1529 Net::SSLeay::randomize ();
1530
1531 $TLS_CTX = Net::SSLeay::CTX_new ();
1532
1533 Net::SSLeay::CTX_set_options ($TLS_CTX, Net::SSLeay::OP_ALL ());
1534
1535 $TLS_CTX
1536 } 1702 }
1537} 1703}
1538 1704
1539=back 1705=back
1540 1706
1605 $handle->on_drain (sub { 1771 $handle->on_drain (sub {
1606 warn "all data submitted to the kernel\n"; 1772 warn "all data submitted to the kernel\n";
1607 undef $handle; 1773 undef $handle;
1608 }); 1774 });
1609 1775
1776If you just want to queue some data and then signal EOF to the other side,
1777consider using C<< ->push_shutdown >> instead.
1778
1779=item I want to contact a TLS/SSL server, I don't care about security.
1780
1781If your TLS server is a pure TLS server (e.g. HTTPS) that only speaks TLS,
1782simply connect to it and then create the AnyEvent::Handle with the C<tls>
1783parameter:
1784
1785 my $handle = new AnyEvent::Handle
1786 fh => $fh,
1787 tls => "connect",
1788 on_error => sub { ... };
1789
1790 $handle->push_write (...);
1791
1792=item I want to contact a TLS/SSL server, I do care about security.
1793
1794Then you #x##TODO#
1795
1796
1797
1610=back 1798=back
1611 1799
1612 1800
1613=head1 SUBCLASSING AnyEvent::Handle 1801=head1 SUBCLASSING AnyEvent::Handle
1614 1802

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines