… | |
… | |
14 | |
14 | |
15 | AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent |
15 | AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent |
16 | |
16 | |
17 | =cut |
17 | =cut |
18 | |
18 | |
19 | our $VERSION = 4.33; |
19 | our $VERSION = 4.452; |
20 | |
20 | |
21 | =head1 SYNOPSIS |
21 | =head1 SYNOPSIS |
22 | |
22 | |
23 | use AnyEvent; |
23 | use AnyEvent; |
24 | use AnyEvent::Handle; |
24 | use AnyEvent::Handle; |
… | |
… | |
63 | |
63 | |
64 | =head1 METHODS |
64 | =head1 METHODS |
65 | |
65 | |
66 | =over 4 |
66 | =over 4 |
67 | |
67 | |
68 | =item B<new (%args)> |
68 | =item $handle = B<new> AnyEvent::TLS fh => $filehandle, key => value... |
69 | |
69 | |
70 | The constructor supports these arguments (all as key => value pairs). |
70 | The constructor supports these arguments (all as C<< key => value >> pairs). |
71 | |
71 | |
72 | =over 4 |
72 | =over 4 |
73 | |
73 | |
74 | =item fh => $filehandle [MANDATORY] |
74 | =item fh => $filehandle [MANDATORY] |
75 | |
75 | |
… | |
… | |
95 | waiting for data. |
95 | waiting for data. |
96 | |
96 | |
97 | If an EOF condition has been detected but no C<on_eof> callback has been |
97 | If an EOF condition has been detected but no C<on_eof> callback has been |
98 | set, then a fatal error will be raised with C<$!> set to <0>. |
98 | set, then a fatal error will be raised with C<$!> set to <0>. |
99 | |
99 | |
100 | =item on_error => $cb->($handle, $fatal) |
100 | =item on_error => $cb->($handle, $fatal, $message) |
101 | |
101 | |
102 | This is the error callback, which is called when, well, some error |
102 | This is the error callback, which is called when, well, some error |
103 | occured, such as not being able to resolve the hostname, failure to |
103 | occured, such as not being able to resolve the hostname, failure to |
104 | connect or a read error. |
104 | connect or a read error. |
105 | |
105 | |
… | |
… | |
107 | fatal errors the handle object will be shut down and will not be usable |
107 | fatal errors the handle object will be shut down and will not be usable |
108 | (but you are free to look at the current C<< ->rbuf >>). Examples of fatal |
108 | (but you are free to look at the current C<< ->rbuf >>). Examples of fatal |
109 | errors are an EOF condition with active (but unsatisifable) read watchers |
109 | errors are an EOF condition with active (but unsatisifable) read watchers |
110 | (C<EPIPE>) or I/O errors. |
110 | (C<EPIPE>) or I/O errors. |
111 | |
111 | |
|
|
112 | AnyEvent::Handle tries to find an appropriate error code for you to check |
|
|
113 | against, but in some cases (TLS errors), this does not work well. It is |
|
|
114 | recommended to always output the C<$message> argument in human-readable |
|
|
115 | error messages (it's usually the same as C<"$!">). |
|
|
116 | |
112 | Non-fatal errors can be retried by simply returning, but it is recommended |
117 | Non-fatal errors can be retried by simply returning, but it is recommended |
113 | to simply ignore this parameter and instead abondon the handle object |
118 | to simply ignore this parameter and instead abondon the handle object |
114 | when this callback is invoked. Examples of non-fatal errors are timeouts |
119 | when this callback is invoked. Examples of non-fatal errors are timeouts |
115 | C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>). |
120 | C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>). |
116 | |
121 | |
117 | On callback entrance, the value of C<$!> contains the operating system |
122 | On callback entrance, the value of C<$!> contains the operating system |
118 | error (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT> or C<EBADMSG>). |
123 | error code (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT>, C<EBADMSG> or |
|
|
124 | C<EPROTO>). |
119 | |
125 | |
120 | While not mandatory, it is I<highly> recommended to set this callback, as |
126 | While not mandatory, it is I<highly> recommended to set this callback, as |
121 | you will not be notified of errors otherwise. The default simply calls |
127 | you will not be notified of errors otherwise. The default simply calls |
122 | C<croak>. |
128 | C<croak>. |
123 | |
129 | |
… | |
… | |
127 | and no read request is in the queue (unlike read queue callbacks, this |
133 | and no read request is in the queue (unlike read queue callbacks, this |
128 | callback will only be called when at least one octet of data is in the |
134 | callback will only be called when at least one octet of data is in the |
129 | read buffer). |
135 | read buffer). |
130 | |
136 | |
131 | To access (and remove data from) the read buffer, use the C<< ->rbuf >> |
137 | To access (and remove data from) the read buffer, use the C<< ->rbuf >> |
132 | method or access the C<$handle->{rbuf}> member directly. |
138 | method or access the C<< $handle->{rbuf} >> member directly. Note that you |
|
|
139 | must not enlarge or modify the read buffer, you can only remove data at |
|
|
140 | the beginning from it. |
133 | |
141 | |
134 | When an EOF condition is detected then AnyEvent::Handle will first try to |
142 | When an EOF condition is detected then AnyEvent::Handle will first try to |
135 | feed all the remaining data to the queued callbacks and C<on_read> before |
143 | feed all the remaining data to the queued callbacks and C<on_read> before |
136 | calling the C<on_eof> callback. If no progress can be made, then a fatal |
144 | calling the C<on_eof> callback. If no progress can be made, then a fatal |
137 | error will be raised (with C<$!> set to C<EPIPE>). |
145 | error will be raised (with C<$!> set to C<EPIPE>). |
… | |
… | |
235 | |
243 | |
236 | This will not work for partial TLS data that could not be encoded |
244 | This will not work for partial TLS data that could not be encoded |
237 | yet. This data will be lost. Calling the C<stoptls> method in time might |
245 | yet. This data will be lost. Calling the C<stoptls> method in time might |
238 | help. |
246 | help. |
239 | |
247 | |
|
|
248 | =item peername => $string |
|
|
249 | |
|
|
250 | A string used to identify the remote site - usually the DNS hostname |
|
|
251 | (I<not> IDN!) used to create the connection, rarely the IP address. |
|
|
252 | |
|
|
253 | Apart from being useful in error messages, this string is also used in TLS |
|
|
254 | peername verification (see C<verify_peername> in L<AnyEvent::TLS>). |
|
|
255 | |
240 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
256 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
241 | |
257 | |
242 | When this parameter is given, it enables TLS (SSL) mode, that means |
258 | When this parameter is given, it enables TLS (SSL) mode, that means |
243 | AnyEvent will start a TLS handshake as soon as the conenction has been |
259 | AnyEvent will start a TLS handshake as soon as the conenction has been |
244 | established and will transparently encrypt/decrypt data afterwards. |
260 | established and will transparently encrypt/decrypt data afterwards. |
|
|
261 | |
|
|
262 | All TLS protocol errors will be signalled as C<EPROTO>, with an |
|
|
263 | appropriate error message. |
245 | |
264 | |
246 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
265 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
247 | automatically when you try to create a TLS handle): this module doesn't |
266 | automatically when you try to create a TLS handle): this module doesn't |
248 | have a dependency on that module, so if your module requires it, you have |
267 | have a dependency on that module, so if your module requires it, you have |
249 | to add the dependency yourself. |
268 | to add the dependency yourself. |
… | |
… | |
253 | mode. |
272 | mode. |
254 | |
273 | |
255 | You can also provide your own TLS connection object, but you have |
274 | You can also provide your own TLS connection object, but you have |
256 | to make sure that you call either C<Net::SSLeay::set_connect_state> |
275 | to make sure that you call either C<Net::SSLeay::set_connect_state> |
257 | or C<Net::SSLeay::set_accept_state> on it before you pass it to |
276 | or C<Net::SSLeay::set_accept_state> on it before you pass it to |
258 | AnyEvent::Handle. |
277 | AnyEvent::Handle. Also, this module will take ownership of this connection |
|
|
278 | object. |
|
|
279 | |
|
|
280 | At some future point, AnyEvent::Handle might switch to another TLS |
|
|
281 | implementation, then the option to use your own session object will go |
|
|
282 | away. |
|
|
283 | |
|
|
284 | B<IMPORTANT:> since Net::SSLeay "objects" are really only integers, |
|
|
285 | passing in the wrong integer will lead to certain crash. This most often |
|
|
286 | happens when one uses a stylish C<< tls => 1 >> and is surprised about the |
|
|
287 | segmentation fault. |
259 | |
288 | |
260 | See the C<< ->starttls >> method for when need to start TLS negotiation later. |
289 | See the C<< ->starttls >> method for when need to start TLS negotiation later. |
261 | |
290 | |
262 | =item tls_ctx => $ssl_ctx |
291 | =item tls_ctx => $anyevent_tls |
263 | |
292 | |
264 | Use the given C<Net::SSLeay::CTX> object to create the new TLS connection |
293 | Use the given C<AnyEvent::TLS> object to create the new TLS connection |
265 | (unless a connection object was specified directly). If this parameter is |
294 | (unless a connection object was specified directly). If this parameter is |
266 | missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>. |
295 | missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>. |
|
|
296 | |
|
|
297 | Instead of an object, you can also specify a hash reference with C<< key |
|
|
298 | => value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a |
|
|
299 | new TLS context object. |
|
|
300 | |
|
|
301 | =item on_starttls => $cb->($handle, $success) |
|
|
302 | |
|
|
303 | This callback will be invoked when the TLS/SSL handshake has finished. If |
|
|
304 | C<$success> is true, then the TLS handshake succeeded, otherwise it failed |
|
|
305 | (C<on_stoptls> will not be called in this case). |
|
|
306 | |
|
|
307 | The session in C<< $handle->{tls} >> can still be examined in this |
|
|
308 | callback, even when the handshake was not successful. |
|
|
309 | |
|
|
310 | =item on_stoptls => $cb->($handle) |
|
|
311 | |
|
|
312 | When a SSLv3/TLS shutdown/close notify/EOF is detected and this callback is |
|
|
313 | set, then it will be invoked after freeing the TLS session. If it is not, |
|
|
314 | then a TLS shutdown condition will be treated like a normal EOF condition |
|
|
315 | on the handle. |
|
|
316 | |
|
|
317 | The session in C<< $handle->{tls} >> can still be examined in this |
|
|
318 | callback. |
|
|
319 | |
|
|
320 | This callback will only be called on TLS shutdowns, not when the |
|
|
321 | underlying handle signals EOF. |
267 | |
322 | |
268 | =item json => JSON or JSON::XS object |
323 | =item json => JSON or JSON::XS object |
269 | |
324 | |
270 | This is the json coder object used by the C<json> read and write types. |
325 | This is the json coder object used by the C<json> read and write types. |
271 | |
326 | |
… | |
… | |
280 | |
335 | |
281 | =cut |
336 | =cut |
282 | |
337 | |
283 | sub new { |
338 | sub new { |
284 | my $class = shift; |
339 | my $class = shift; |
285 | |
|
|
286 | my $self = bless { @_ }, $class; |
340 | my $self = bless { @_ }, $class; |
287 | |
341 | |
288 | $self->{fh} or Carp::croak "mandatory argument fh is missing"; |
342 | $self->{fh} or Carp::croak "mandatory argument fh is missing"; |
289 | |
343 | |
290 | AnyEvent::Util::fh_nonblocking $self->{fh}, 1; |
344 | AnyEvent::Util::fh_nonblocking $self->{fh}, 1; |
|
|
345 | |
|
|
346 | $self->{_activity} = AnyEvent->now; |
|
|
347 | $self->_timeout; |
|
|
348 | |
|
|
349 | $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay}; |
291 | |
350 | |
292 | $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) |
351 | $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) |
293 | if $self->{tls}; |
352 | if $self->{tls}; |
294 | |
353 | |
295 | $self->{_activity} = AnyEvent->now; |
|
|
296 | $self->_timeout; |
|
|
297 | |
|
|
298 | $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; |
354 | $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; |
299 | $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay}; |
|
|
300 | |
355 | |
301 | $self->start_read |
356 | $self->start_read |
302 | if $self->{on_read}; |
357 | if $self->{on_read}; |
303 | |
358 | |
304 | $self |
359 | $self->{fh} && $self |
305 | } |
360 | } |
306 | |
361 | |
307 | sub _shutdown { |
362 | sub _shutdown { |
308 | my ($self) = @_; |
363 | my ($self) = @_; |
309 | |
364 | |
310 | delete $self->{_tw}; |
365 | delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)}; |
311 | delete $self->{_rw}; |
366 | $self->{_eof} = 1; # tell starttls et. al to stop trying |
312 | delete $self->{_ww}; |
|
|
313 | delete $self->{fh}; |
|
|
314 | |
367 | |
315 | &_freetls; |
368 | &_freetls; |
316 | |
|
|
317 | delete $self->{on_read}; |
|
|
318 | delete $self->{_queue}; |
|
|
319 | } |
369 | } |
320 | |
370 | |
321 | sub _error { |
371 | sub _error { |
322 | my ($self, $errno, $fatal) = @_; |
372 | my ($self, $errno, $fatal, $message) = @_; |
323 | |
373 | |
324 | $self->_shutdown |
374 | $self->_shutdown |
325 | if $fatal; |
375 | if $fatal; |
326 | |
376 | |
327 | $! = $errno; |
377 | $! = $errno; |
|
|
378 | $message ||= "$!"; |
328 | |
379 | |
329 | if ($self->{on_error}) { |
380 | if ($self->{on_error}) { |
330 | $self->{on_error}($self, $fatal); |
381 | $self->{on_error}($self, $fatal, $message); |
331 | } elsif ($self->{fh}) { |
382 | } elsif ($self->{fh}) { |
332 | Carp::croak "AnyEvent::Handle uncaught error: $!"; |
383 | Carp::croak "AnyEvent::Handle uncaught error: $message"; |
333 | } |
384 | } |
334 | } |
385 | } |
335 | |
386 | |
336 | =item $fh = $handle->fh |
387 | =item $fh = $handle->fh |
337 | |
388 | |
… | |
… | |
396 | |
447 | |
397 | eval { |
448 | eval { |
398 | local $SIG{__DIE__}; |
449 | local $SIG{__DIE__}; |
399 | setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1]; |
450 | setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1]; |
400 | }; |
451 | }; |
|
|
452 | } |
|
|
453 | |
|
|
454 | =item $handle->on_starttls ($cb) |
|
|
455 | |
|
|
456 | Replace the current C<on_starttls> callback (see the C<on_starttls> constructor argument). |
|
|
457 | |
|
|
458 | =cut |
|
|
459 | |
|
|
460 | sub on_starttls { |
|
|
461 | $_[0]{on_starttls} = $_[1]; |
|
|
462 | } |
|
|
463 | |
|
|
464 | =item $handle->on_stoptls ($cb) |
|
|
465 | |
|
|
466 | Replace the current C<on_stoptls> callback (see the C<on_stoptls> constructor argument). |
|
|
467 | |
|
|
468 | =cut |
|
|
469 | |
|
|
470 | sub on_starttls { |
|
|
471 | $_[0]{on_stoptls} = $_[1]; |
401 | } |
472 | } |
402 | |
473 | |
403 | ############################################################################# |
474 | ############################################################################# |
404 | |
475 | |
405 | =item $handle->timeout ($seconds) |
476 | =item $handle->timeout ($seconds) |
… | |
… | |
649 | |
720 | |
650 | pack "w/a*", Storable::nfreeze ($ref) |
721 | pack "w/a*", Storable::nfreeze ($ref) |
651 | }; |
722 | }; |
652 | |
723 | |
653 | =back |
724 | =back |
|
|
725 | |
|
|
726 | =item $handle->push_shutdown |
|
|
727 | |
|
|
728 | Sometimes you know you want to close the socket after writing your data |
|
|
729 | before it was actually written. One way to do that is to replace your |
|
|
730 | C<on_drain> handler by a callback that shuts down the socket (and set |
|
|
731 | C<low_water_mark> to C<0>). This method is a shorthand for just that, and |
|
|
732 | replaces the C<on_drain> callback with: |
|
|
733 | |
|
|
734 | sub { shutdown $_[0]{fh}, 1 } # for push_shutdown |
|
|
735 | |
|
|
736 | This simply shuts down the write side and signals an EOF condition to the |
|
|
737 | the peer. |
|
|
738 | |
|
|
739 | You can rely on the normal read queue and C<on_eof> handling |
|
|
740 | afterwards. This is the cleanest way to close a connection. |
|
|
741 | |
|
|
742 | =cut |
|
|
743 | |
|
|
744 | sub push_shutdown { |
|
|
745 | my ($self) = @_; |
|
|
746 | |
|
|
747 | delete $self->{low_water_mark}; |
|
|
748 | $self->on_drain (sub { shutdown $_[0]{fh}, 1 }); |
|
|
749 | } |
654 | |
750 | |
655 | =item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args) |
751 | =item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args) |
656 | |
752 | |
657 | This function (not method) lets you add your own types to C<push_write>. |
753 | This function (not method) lets you add your own types to C<push_write>. |
658 | Whenever the given C<type> is used, C<push_write> will invoke the code |
754 | Whenever the given C<type> is used, C<push_write> will invoke the code |
… | |
… | |
762 | ) { |
858 | ) { |
763 | $self->_error (&Errno::ENOSPC, 1), return; |
859 | $self->_error (&Errno::ENOSPC, 1), return; |
764 | } |
860 | } |
765 | |
861 | |
766 | while () { |
862 | while () { |
|
|
863 | # we need to use a separate tls read buffer, as we must not receive data while |
|
|
864 | # we are draining the buffer, and this can only happen with TLS. |
|
|
865 | $self->{rbuf} .= delete $self->{_tls_rbuf} if exists $self->{_tls_rbuf}; |
|
|
866 | |
767 | my $len = length $self->{rbuf}; |
867 | my $len = length $self->{rbuf}; |
768 | |
868 | |
769 | if (my $cb = shift @{ $self->{_queue} }) { |
869 | if (my $cb = shift @{ $self->{_queue} }) { |
770 | unless ($cb->($self)) { |
870 | unless ($cb->($self)) { |
771 | if ($self->{_eof}) { |
871 | if ($self->{_eof}) { |
… | |
… | |
802 | |
902 | |
803 | if ($self->{_eof}) { |
903 | if ($self->{_eof}) { |
804 | if ($self->{on_eof}) { |
904 | if ($self->{on_eof}) { |
805 | $self->{on_eof}($self) |
905 | $self->{on_eof}($self) |
806 | } else { |
906 | } else { |
807 | $self->_error (0, 1); |
907 | $self->_error (0, 1, "Unexpected end-of-file"); |
808 | } |
908 | } |
809 | } |
909 | } |
810 | |
910 | |
811 | # may need to restart read watcher |
911 | # may need to restart read watcher |
812 | unless ($self->{_rw}) { |
912 | unless ($self->{_rw}) { |
… | |
… | |
832 | |
932 | |
833 | =item $handle->rbuf |
933 | =item $handle->rbuf |
834 | |
934 | |
835 | Returns the read buffer (as a modifiable lvalue). |
935 | Returns the read buffer (as a modifiable lvalue). |
836 | |
936 | |
837 | You can access the read buffer directly as the C<< ->{rbuf} >> member, if |
937 | You can access the read buffer directly as the C<< ->{rbuf} >> |
838 | you want. |
938 | member, if you want. However, the only operation allowed on the |
|
|
939 | read buffer (apart from looking at it) is removing data from its |
|
|
940 | beginning. Otherwise modifying or appending to it is not allowed and will |
|
|
941 | lead to hard-to-track-down bugs. |
839 | |
942 | |
840 | NOTE: The read buffer should only be used or modified if the C<on_read>, |
943 | NOTE: The read buffer should only be used or modified if the C<on_read>, |
841 | C<push_read> or C<unshift_read> methods are used. The other read methods |
944 | C<push_read> or C<unshift_read> methods are used. The other read methods |
842 | automatically manage the read buffer. |
945 | automatically manage the read buffer. |
843 | |
946 | |
… | |
… | |
1139 | } |
1242 | } |
1140 | }; |
1243 | }; |
1141 | |
1244 | |
1142 | =item json => $cb->($handle, $hash_or_arrayref) |
1245 | =item json => $cb->($handle, $hash_or_arrayref) |
1143 | |
1246 | |
1144 | Reads a JSON object or array, decodes it and passes it to the callback. |
1247 | Reads a JSON object or array, decodes it and passes it to the |
|
|
1248 | callback. When a parse error occurs, an C<EBADMSG> error will be raised. |
1145 | |
1249 | |
1146 | If a C<json> object was passed to the constructor, then that will be used |
1250 | If a C<json> object was passed to the constructor, then that will be used |
1147 | for the final decode, otherwise it will create a JSON coder expecting UTF-8. |
1251 | for the final decode, otherwise it will create a JSON coder expecting UTF-8. |
1148 | |
1252 | |
1149 | This read type uses the incremental parser available with JSON version |
1253 | This read type uses the incremental parser available with JSON version |
… | |
… | |
1158 | =cut |
1262 | =cut |
1159 | |
1263 | |
1160 | register_read_type json => sub { |
1264 | register_read_type json => sub { |
1161 | my ($self, $cb) = @_; |
1265 | my ($self, $cb) = @_; |
1162 | |
1266 | |
1163 | require JSON; |
1267 | my $json = $self->{json} ||= |
|
|
1268 | eval { require JSON::XS; JSON::XS->new->utf8 } |
|
|
1269 | || do { require JSON; JSON->new->utf8 }; |
1164 | |
1270 | |
1165 | my $data; |
1271 | my $data; |
1166 | my $rbuf = \$self->{rbuf}; |
1272 | my $rbuf = \$self->{rbuf}; |
1167 | |
1273 | |
1168 | my $json = $self->{json} ||= JSON->new->utf8; |
|
|
1169 | |
|
|
1170 | sub { |
1274 | sub { |
1171 | my $ref = $json->incr_parse ($self->{rbuf}); |
1275 | my $ref = eval { $json->incr_parse ($self->{rbuf}) }; |
1172 | |
1276 | |
1173 | if ($ref) { |
1277 | if ($ref) { |
1174 | $self->{rbuf} = $json->incr_text; |
1278 | $self->{rbuf} = $json->incr_text; |
1175 | $json->incr_text = ""; |
1279 | $json->incr_text = ""; |
1176 | $cb->($self, $ref); |
1280 | $cb->($self, $ref); |
1177 | |
1281 | |
1178 | 1 |
1282 | 1 |
|
|
1283 | } elsif ($@) { |
|
|
1284 | # error case |
|
|
1285 | $json->incr_skip; |
|
|
1286 | |
|
|
1287 | $self->{rbuf} = $json->incr_text; |
|
|
1288 | $json->incr_text = ""; |
|
|
1289 | |
|
|
1290 | $self->_error (&Errno::EBADMSG); |
|
|
1291 | |
|
|
1292 | () |
1179 | } else { |
1293 | } else { |
1180 | $self->{rbuf} = ""; |
1294 | $self->{rbuf} = ""; |
|
|
1295 | |
1181 | () |
1296 | () |
1182 | } |
1297 | } |
1183 | } |
1298 | } |
1184 | }; |
1299 | }; |
1185 | |
1300 | |
… | |
… | |
1306 | } |
1421 | } |
1307 | }); |
1422 | }); |
1308 | } |
1423 | } |
1309 | } |
1424 | } |
1310 | |
1425 | |
|
|
1426 | our $ERROR_SYSCALL; |
|
|
1427 | our $ERROR_WANT_READ; |
|
|
1428 | |
|
|
1429 | sub _tls_error { |
|
|
1430 | my ($self, $err) = @_; |
|
|
1431 | |
|
|
1432 | return $self->_error ($!, 1) |
|
|
1433 | if $err == Net::SSLeay::ERROR_SYSCALL (); |
|
|
1434 | |
|
|
1435 | my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ()); |
|
|
1436 | |
|
|
1437 | # reduce error string to look less scary |
|
|
1438 | $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /; |
|
|
1439 | |
|
|
1440 | $self->_error (&Errno::EPROTO, 1, $err); |
|
|
1441 | } |
|
|
1442 | |
1311 | # poll the write BIO and send the data if applicable |
1443 | # poll the write BIO and send the data if applicable |
|
|
1444 | # also decode read data if possible |
|
|
1445 | # this is basiclaly our TLS state machine |
|
|
1446 | # more efficient implementations are possible with openssl, |
|
|
1447 | # but not with the buggy and incomplete Net::SSLeay. |
1312 | sub _dotls { |
1448 | sub _dotls { |
1313 | my ($self) = @_; |
1449 | my ($self) = @_; |
1314 | |
1450 | |
1315 | my $tmp; |
1451 | my $tmp; |
1316 | |
1452 | |
1317 | if (length $self->{_tls_wbuf}) { |
1453 | if (length $self->{_tls_wbuf}) { |
1318 | while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) { |
1454 | while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) { |
1319 | substr $self->{_tls_wbuf}, 0, $tmp, ""; |
1455 | substr $self->{_tls_wbuf}, 0, $tmp, ""; |
1320 | } |
1456 | } |
|
|
1457 | |
|
|
1458 | $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp); |
|
|
1459 | return $self->_tls_error ($tmp) |
|
|
1460 | if $tmp != $ERROR_WANT_READ |
|
|
1461 | && ($tmp != $ERROR_SYSCALL || $!); |
1321 | } |
1462 | } |
1322 | |
1463 | |
1323 | while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { |
1464 | while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { |
1324 | unless (length $tmp) { |
1465 | unless (length $tmp) { |
1325 | # let's treat SSL-eof as we treat normal EOF |
|
|
1326 | delete $self->{_rw}; |
|
|
1327 | $self->{_eof} = 1; |
|
|
1328 | &_freetls; |
1466 | &_freetls; |
|
|
1467 | if ($self->{on_stoptls}) { |
|
|
1468 | $self->{on_stoptls}($self); |
|
|
1469 | return; |
|
|
1470 | } else { |
|
|
1471 | # let's treat SSL-eof as we treat normal EOF |
|
|
1472 | delete $self->{_rw}; |
|
|
1473 | $self->{_eof} = 1; |
|
|
1474 | } |
1329 | } |
1475 | } |
1330 | |
1476 | |
1331 | $self->{rbuf} .= $tmp; |
1477 | $self->{_tls_rbuf} .= $tmp; |
1332 | $self->_drain_rbuf unless $self->{_in_drain}; |
1478 | $self->_drain_rbuf unless $self->{_in_drain}; |
1333 | $self->{tls} or return; # tls session might have gone away in callback |
1479 | $self->{tls} or return; # tls session might have gone away in callback |
1334 | } |
1480 | } |
1335 | |
1481 | |
1336 | $tmp = Net::SSLeay::get_error ($self->{tls}, -1); |
1482 | $tmp = Net::SSLeay::get_error ($self->{tls}, -1); |
1337 | |
|
|
1338 | if ($tmp != Net::SSLeay::ERROR_WANT_READ ()) { |
|
|
1339 | if ($tmp == Net::SSLeay::ERROR_SYSCALL ()) { |
|
|
1340 | return $self->_error ($!, 1); |
1483 | return $self->_tls_error ($tmp) |
1341 | } elsif ($tmp == Net::SSLeay::ERROR_SSL ()) { |
1484 | if $tmp != $ERROR_WANT_READ |
1342 | return $self->_error (&Errno::EIO, 1); |
1485 | && ($tmp != $ERROR_SYSCALL || $!); |
1343 | } |
|
|
1344 | |
|
|
1345 | # all other errors are fine for our purposes |
|
|
1346 | } |
|
|
1347 | |
1486 | |
1348 | while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) { |
1487 | while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) { |
1349 | $self->{wbuf} .= $tmp; |
1488 | $self->{wbuf} .= $tmp; |
1350 | $self->_drain_wbuf; |
1489 | $self->_drain_wbuf; |
1351 | } |
1490 | } |
|
|
1491 | |
|
|
1492 | $self->{_on_starttls} |
|
|
1493 | and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK () |
|
|
1494 | and (delete $self->{_on_starttls})->($self, 1); |
1352 | } |
1495 | } |
1353 | |
1496 | |
1354 | =item $handle->starttls ($tls[, $tls_ctx]) |
1497 | =item $handle->starttls ($tls[, $tls_ctx]) |
1355 | |
1498 | |
1356 | Instead of starting TLS negotiation immediately when the AnyEvent::Handle |
1499 | Instead of starting TLS negotiation immediately when the AnyEvent::Handle |
… | |
… | |
1358 | C<starttls>. |
1501 | C<starttls>. |
1359 | |
1502 | |
1360 | The first argument is the same as the C<tls> constructor argument (either |
1503 | The first argument is the same as the C<tls> constructor argument (either |
1361 | C<"connect">, C<"accept"> or an existing Net::SSLeay object). |
1504 | C<"connect">, C<"accept"> or an existing Net::SSLeay object). |
1362 | |
1505 | |
1363 | The second argument is the optional C<Net::SSLeay::CTX> object that is |
1506 | The second argument is the optional C<AnyEvent::TLS> object that is used |
1364 | used when AnyEvent::Handle has to create its own TLS connection object. |
1507 | when AnyEvent::Handle has to create its own TLS connection object, or |
|
|
1508 | a hash reference with C<< key => value >> pairs that will be used to |
|
|
1509 | construct a new context. |
1365 | |
1510 | |
1366 | The TLS connection object will end up in C<< $handle->{tls} >> after this |
1511 | The TLS connection object will end up in C<< $handle->{tls} >>, the TLS |
1367 | call and can be used or changed to your liking. Note that the handshake |
1512 | context in C<< $handle->{tls_ctx} >> after this call and can be used or |
1368 | might have already started when this function returns. |
1513 | changed to your liking. Note that the handshake might have already started |
|
|
1514 | when this function returns. |
1369 | |
1515 | |
1370 | If it an error to start a TLS handshake more than once per |
1516 | If it an error to start a TLS handshake more than once per |
1371 | AnyEvent::Handle object (this is due to bugs in OpenSSL). |
1517 | AnyEvent::Handle object (this is due to bugs in OpenSSL). |
1372 | |
1518 | |
1373 | =cut |
1519 | =cut |
1374 | |
1520 | |
|
|
1521 | our %TLS_CACHE; #TODO not yet documented, should we? |
|
|
1522 | |
1375 | sub starttls { |
1523 | sub starttls { |
1376 | my ($self, $ssl, $ctx) = @_; |
1524 | my ($self, $ssl, $ctx) = @_; |
1377 | |
1525 | |
1378 | require Net::SSLeay; |
1526 | require Net::SSLeay; |
1379 | |
1527 | |
1380 | Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" |
1528 | Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" |
1381 | if $self->{tls}; |
1529 | if $self->{tls}; |
|
|
1530 | |
|
|
1531 | $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); |
|
|
1532 | $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); |
|
|
1533 | |
|
|
1534 | $ctx ||= $self->{tls_ctx}; |
|
|
1535 | |
|
|
1536 | if ("HASH" eq ref $ctx) { |
|
|
1537 | require AnyEvent::TLS; |
|
|
1538 | |
|
|
1539 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context |
|
|
1540 | |
|
|
1541 | if ($ctx->{cache}) { |
|
|
1542 | my $key = $ctx+0; |
|
|
1543 | $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx; |
|
|
1544 | } else { |
|
|
1545 | $ctx = new AnyEvent::TLS %$ctx; |
|
|
1546 | } |
|
|
1547 | } |
1382 | |
1548 | |
1383 | if ($ssl eq "accept") { |
1549 | $self->{tls_ctx} = $ctx || TLS_CTX (); |
1384 | $ssl = Net::SSLeay::new ($ctx || TLS_CTX ()); |
1550 | $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername}); |
1385 | Net::SSLeay::set_accept_state ($ssl); |
|
|
1386 | } elsif ($ssl eq "connect") { |
|
|
1387 | $ssl = Net::SSLeay::new ($ctx || TLS_CTX ()); |
|
|
1388 | Net::SSLeay::set_connect_state ($ssl); |
|
|
1389 | } |
|
|
1390 | |
|
|
1391 | $self->{tls} = $ssl; |
|
|
1392 | |
1551 | |
1393 | # basically, this is deep magic (because SSL_read should have the same issues) |
1552 | # basically, this is deep magic (because SSL_read should have the same issues) |
1394 | # but the openssl maintainers basically said: "trust us, it just works". |
1553 | # but the openssl maintainers basically said: "trust us, it just works". |
1395 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
1554 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
1396 | # and mismaintained ssleay-module doesn't even offer them). |
1555 | # and mismaintained ssleay-module doesn't even offer them). |
… | |
… | |
1400 | # |
1559 | # |
1401 | # note that we do not try to keep the length constant between writes as we are required to do. |
1560 | # note that we do not try to keep the length constant between writes as we are required to do. |
1402 | # we assume that most (but not all) of this insanity only applies to non-blocking cases, |
1561 | # we assume that most (but not all) of this insanity only applies to non-blocking cases, |
1403 | # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to |
1562 | # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to |
1404 | # have identity issues in that area. |
1563 | # have identity issues in that area. |
1405 | Net::SSLeay::CTX_set_mode ($self->{tls}, |
1564 | # Net::SSLeay::CTX_set_mode ($ssl, |
1406 | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) |
1565 | # (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) |
1407 | | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); |
1566 | # | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); |
|
|
1567 | Net::SSLeay::CTX_set_mode ($ssl, 1|2); |
1408 | |
1568 | |
1409 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1569 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1410 | $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1570 | $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1411 | |
1571 | |
1412 | Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); |
1572 | Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); |
|
|
1573 | |
|
|
1574 | $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) } |
|
|
1575 | if exists $self->{on_starttls}; |
1413 | |
1576 | |
1414 | &_dotls; # need to trigger the initial handshake |
1577 | &_dotls; # need to trigger the initial handshake |
1415 | $self->start_read; # make sure we actually do read |
1578 | $self->start_read; # make sure we actually do read |
1416 | } |
1579 | } |
1417 | |
1580 | |
… | |
… | |
1430 | if ($self->{tls}) { |
1593 | if ($self->{tls}) { |
1431 | Net::SSLeay::shutdown ($self->{tls}); |
1594 | Net::SSLeay::shutdown ($self->{tls}); |
1432 | |
1595 | |
1433 | &_dotls; |
1596 | &_dotls; |
1434 | |
1597 | |
1435 | # we don't give a shit. no, we do, but we can't. no... |
1598 | # # we don't give a shit. no, we do, but we can't. no...#d# |
1436 | # we, we... have to use openssl :/ |
1599 | # # we, we... have to use openssl :/#d# |
1437 | &_freetls; |
1600 | # &_freetls;#d# |
1438 | } |
1601 | } |
1439 | } |
1602 | } |
1440 | |
1603 | |
1441 | sub _freetls { |
1604 | sub _freetls { |
1442 | my ($self) = @_; |
1605 | my ($self) = @_; |
1443 | |
1606 | |
1444 | return unless $self->{tls}; |
1607 | return unless $self->{tls}; |
1445 | |
1608 | |
1446 | Net::SSLeay::free (delete $self->{tls}); |
1609 | $self->{_on_starttls} |
|
|
1610 | and (delete $self->{_on_starttls})->($self, undef); |
|
|
1611 | |
|
|
1612 | $self->{tls_ctx}->_put_session (delete $self->{tls}); |
1447 | |
1613 | |
1448 | delete @$self{qw(_rbio _wbio _tls_wbuf)}; |
1614 | delete @$self{qw(_rbio _wbio _tls_wbuf)}; |
1449 | } |
1615 | } |
1450 | |
1616 | |
1451 | sub DESTROY { |
1617 | sub DESTROY { |
1452 | my $self = shift; |
1618 | my ($self) = @_; |
1453 | |
1619 | |
1454 | &_freetls; |
1620 | &_freetls; |
1455 | |
1621 | |
1456 | my $linger = exists $self->{linger} ? $self->{linger} : 3600; |
1622 | my $linger = exists $self->{linger} ? $self->{linger} : 3600; |
1457 | |
1623 | |
… | |
… | |
1477 | } |
1643 | } |
1478 | |
1644 | |
1479 | =item $handle->destroy |
1645 | =item $handle->destroy |
1480 | |
1646 | |
1481 | Shuts down the handle object as much as possible - this call ensures that |
1647 | Shuts down the handle object as much as possible - this call ensures that |
1482 | no further callbacks will be invoked and resources will be freed as much |
1648 | no further callbacks will be invoked and as many resources as possible |
1483 | as possible. You must not call any methods on the object afterwards. |
1649 | will be freed. You must not call any methods on the object afterwards. |
1484 | |
1650 | |
1485 | Normally, you can just "forget" any references to an AnyEvent::Handle |
1651 | Normally, you can just "forget" any references to an AnyEvent::Handle |
1486 | object and it will simply shut down. This works in fatal error and EOF |
1652 | object and it will simply shut down. This works in fatal error and EOF |
1487 | callbacks, as well as code outside. It does I<NOT> work in a read or write |
1653 | callbacks, as well as code outside. It does I<NOT> work in a read or write |
1488 | callback, so when you want to destroy the AnyEvent::Handle object from |
1654 | callback, so when you want to destroy the AnyEvent::Handle object from |
… | |
… | |
1501 | %$self = (); |
1667 | %$self = (); |
1502 | } |
1668 | } |
1503 | |
1669 | |
1504 | =item AnyEvent::Handle::TLS_CTX |
1670 | =item AnyEvent::Handle::TLS_CTX |
1505 | |
1671 | |
1506 | This function creates and returns the Net::SSLeay::CTX object used by |
1672 | This function creates and returns the AnyEvent::TLS object used by default |
1507 | default for TLS mode. |
1673 | for TLS mode. |
1508 | |
1674 | |
1509 | The context is created like this: |
1675 | The context is created by calling L<AnyEvent::TLS> without any arguments. |
1510 | |
|
|
1511 | Net::SSLeay::load_error_strings; |
|
|
1512 | Net::SSLeay::SSLeay_add_ssl_algorithms; |
|
|
1513 | Net::SSLeay::randomize; |
|
|
1514 | |
|
|
1515 | my $CTX = Net::SSLeay::CTX_new; |
|
|
1516 | |
|
|
1517 | Net::SSLeay::CTX_set_options $CTX, Net::SSLeay::OP_ALL |
|
|
1518 | |
1676 | |
1519 | =cut |
1677 | =cut |
1520 | |
1678 | |
1521 | our $TLS_CTX; |
1679 | our $TLS_CTX; |
1522 | |
1680 | |
1523 | sub TLS_CTX() { |
1681 | sub TLS_CTX() { |
1524 | $TLS_CTX || do { |
1682 | $TLS_CTX ||= do { |
1525 | require Net::SSLeay; |
1683 | require AnyEvent::TLS; |
1526 | |
1684 | |
1527 | Net::SSLeay::load_error_strings (); |
1685 | new AnyEvent::TLS |
1528 | Net::SSLeay::SSLeay_add_ssl_algorithms (); |
|
|
1529 | Net::SSLeay::randomize (); |
|
|
1530 | |
|
|
1531 | $TLS_CTX = Net::SSLeay::CTX_new (); |
|
|
1532 | |
|
|
1533 | Net::SSLeay::CTX_set_options ($TLS_CTX, Net::SSLeay::OP_ALL ()); |
|
|
1534 | |
|
|
1535 | $TLS_CTX |
|
|
1536 | } |
1686 | } |
1537 | } |
1687 | } |
1538 | |
1688 | |
1539 | =back |
1689 | =back |
1540 | |
1690 | |