ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/AnyEvent/lib/AnyEvent/Handle.pm
(Generate patch)

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.130 by root, Mon Jun 29 21:00:32 2009 UTC vs.
Revision 1.131 by root, Tue Jun 30 22:42:33 2009 UTC

63 63
64=head1 METHODS 64=head1 METHODS
65 65
66=over 4 66=over 4
67 67
68=item B<new (%args)> 68=item $handle = B<new> AnyEvent::TLS fh => $filehandle, key => value...
69 69
70The constructor supports these arguments (all as key => value pairs). 70The constructor supports these arguments (all as C<< key => value >> pairs).
71 71
72=over 4 72=over 4
73 73
74=item fh => $filehandle [MANDATORY] 74=item fh => $filehandle [MANDATORY]
75 75
237 237
238This will not work for partial TLS data that could not be encoded 238This will not work for partial TLS data that could not be encoded
239yet. This data will be lost. Calling the C<stoptls> method in time might 239yet. This data will be lost. Calling the C<stoptls> method in time might
240help. 240help.
241 241
242=item common_name => $string
243
244The common name used by some verification methods (most notably SSL/TLS)
245associated with this connection. Usually this is the remote hostname used
246to connect, but can be almost anything.
247
242=item tls => "accept" | "connect" | Net::SSLeay::SSL object 248=item tls => "accept" | "connect" | Net::SSLeay::SSL object
243 249
244When this parameter is given, it enables TLS (SSL) mode, that means 250When this parameter is given, it enables TLS (SSL) mode, that means
245AnyEvent will start a TLS handshake as soon as the conenction has been 251AnyEvent will start a TLS handshake as soon as the conenction has been
246established and will transparently encrypt/decrypt data afterwards. 252established and will transparently encrypt/decrypt data afterwards.
255mode. 261mode.
256 262
257You can also provide your own TLS connection object, but you have 263You can also provide your own TLS connection object, but you have
258to make sure that you call either C<Net::SSLeay::set_connect_state> 264to make sure that you call either C<Net::SSLeay::set_connect_state>
259or C<Net::SSLeay::set_accept_state> on it before you pass it to 265or C<Net::SSLeay::set_accept_state> on it before you pass it to
260AnyEvent::Handle. 266AnyEvent::Handle. Also, this module will take ownership of this connection
267object.
268
269At some future point, AnyEvent::Handle might switch to another TLS
270implementation, then the option to use your own session object will go
271away.
261 272
262B<IMPORTANT:> since Net::SSLeay "objects" are really only integers, 273B<IMPORTANT:> since Net::SSLeay "objects" are really only integers,
263passing in the wrong integer will lead to certain crash. This most often 274passing in the wrong integer will lead to certain crash. This most often
264happens when one uses a stylish C<< tls => 1 >> and is surprised about the 275happens when one uses a stylish C<< tls => 1 >> and is surprised about the
265segmentation fault. 276segmentation fault.
266 277
267See the C<< ->starttls >> method for when need to start TLS negotiation later. 278See the C<< ->starttls >> method for when need to start TLS negotiation later.
268 279
269=item tls_ctx => $ssl_ctx 280=item tls_ctx => $anyevent_tls
270 281
271Use the given C<Net::SSLeay::CTX> object to create the new TLS connection 282Use the given C<AnyEvent::TLS> object to create the new TLS connection
272(unless a connection object was specified directly). If this parameter is 283(unless a connection object was specified directly). If this parameter is
273missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>. 284missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>.
285
286Instead of an object, you can also specify a hash reference with C<< key
287=> value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a
288new TLS context object.
274 289
275=item json => JSON or JSON::XS object 290=item json => JSON or JSON::XS object
276 291
277This is the json coder object used by the C<json> read and write types. 292This is the json coder object used by the C<json> read and write types.
278 293
287 302
288=cut 303=cut
289 304
290sub new { 305sub new {
291 my $class = shift; 306 my $class = shift;
292
293 my $self = bless { @_ }, $class; 307 my $self = bless { @_ }, $class;
294 308
295 $self->{fh} or Carp::croak "mandatory argument fh is missing"; 309 $self->{fh} or Carp::croak "mandatory argument fh is missing";
296 310
297 AnyEvent::Util::fh_nonblocking $self->{fh}, 1; 311 AnyEvent::Util::fh_nonblocking $self->{fh}, 1;
312
313 $self->{_activity} = AnyEvent->now;
314 $self->_timeout;
315
316 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
298 317
299 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) 318 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx})
300 if $self->{tls}; 319 if $self->{tls};
301 320
302 $self->{_activity} = AnyEvent->now;
303 $self->_timeout;
304
305 $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; 321 $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain};
306 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
307 322
308 $self->start_read 323 $self->start_read
309 if $self->{on_read}; 324 if $self->{on_read};
310 325
311 $self 326 $self->{fh} && $self
312} 327}
313 328
314sub _shutdown { 329sub _shutdown {
315 my ($self) = @_; 330 my ($self) = @_;
316 331
317 delete @$self{qw(_tw _rw _ww fh rbuf wbuf on_read _queue)}; 332 delete @$self{qw(_tw _rw _ww fh rbuf wbuf on_read _queue)};
333 $self->{_eof} = 1; # tell starttls et. al to stop trying
318 334
319 &_freetls; 335 &_freetls;
320} 336}
321 337
322sub _error { 338sub _error {
1378C<starttls>. 1394C<starttls>.
1379 1395
1380The first argument is the same as the C<tls> constructor argument (either 1396The first argument is the same as the C<tls> constructor argument (either
1381C<"connect">, C<"accept"> or an existing Net::SSLeay object). 1397C<"connect">, C<"accept"> or an existing Net::SSLeay object).
1382 1398
1383The second argument is the optional C<Net::SSLeay::CTX> object that is 1399The second argument is the optional C<AnyEvent::TLS> object that is used
1384used when AnyEvent::Handle has to create its own TLS connection object. 1400when AnyEvent::Handle has to create its own TLS connection object, or
1401a hash reference with C<< key => value >> pairs that will be used to
1402construct a new context.
1385 1403
1386The TLS connection object will end up in C<< $handle->{tls} >> after this 1404The TLS connection object will end up in C<< $handle->{tls} >>, the TLS
1387call and can be used or changed to your liking. Note that the handshake 1405context in C<< $handle->{tls_ctx} >> after this call and can be used or
1388might have already started when this function returns. 1406changed to your liking. Note that the handshake might have already started
1407when this function returns.
1389 1408
1390If it an error to start a TLS handshake more than once per 1409If it an error to start a TLS handshake more than once per
1391AnyEvent::Handle object (this is due to bugs in OpenSSL). 1410AnyEvent::Handle object (this is due to bugs in OpenSSL).
1392 1411
1393=cut 1412=cut
1397 1416
1398 require Net::SSLeay; 1417 require Net::SSLeay;
1399 1418
1400 Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" 1419 Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object"
1401 if $self->{tls}; 1420 if $self->{tls};
1421
1422 $ctx ||= $self->{tls_ctx};
1423
1424 if ("HASH" eq ref $ctx) {
1425 require AnyEvent::TLS;
1426
1427 local $Carp::CarpLevel = 1; # skip ourselves when creating a new context
1428 $ctx = new AnyEvent::TLS %$ctx;
1429 }
1402 1430
1403 if ($ssl eq "accept") { 1431 $self->{tls_ctx} = $ctx || TLS_CTX ();
1404 $ssl = Net::SSLeay::new ($ctx || TLS_CTX ()); 1432 $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self);
1405 Net::SSLeay::set_accept_state ($ssl);
1406 } elsif ($ssl eq "connect") {
1407 $ssl = Net::SSLeay::new ($ctx || TLS_CTX ());
1408 Net::SSLeay::set_connect_state ($ssl);
1409 }
1410
1411 $self->{tls} = $ssl;
1412 1433
1413 # basically, this is deep magic (because SSL_read should have the same issues) 1434 # basically, this is deep magic (because SSL_read should have the same issues)
1414 # but the openssl maintainers basically said: "trust us, it just works". 1435 # but the openssl maintainers basically said: "trust us, it just works".
1415 # (unfortunately, we have to hardcode constants because the abysmally misdesigned 1436 # (unfortunately, we have to hardcode constants because the abysmally misdesigned
1416 # and mismaintained ssleay-module doesn't even offer them). 1437 # and mismaintained ssleay-module doesn't even offer them).
1420 # 1441 #
1421 # note that we do not try to keep the length constant between writes as we are required to do. 1442 # note that we do not try to keep the length constant between writes as we are required to do.
1422 # we assume that most (but not all) of this insanity only applies to non-blocking cases, 1443 # we assume that most (but not all) of this insanity only applies to non-blocking cases,
1423 # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to 1444 # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to
1424 # have identity issues in that area. 1445 # have identity issues in that area.
1425 Net::SSLeay::CTX_set_mode ($self->{tls}, 1446# Net::SSLeay::CTX_set_mode ($ssl,
1426 (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) 1447# (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1)
1427 | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); 1448# | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2));
1449 Net::SSLeay::CTX_set_mode ($ssl, 1|2);
1428 1450
1429 $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); 1451 $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
1430 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); 1452 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
1431 1453
1432 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); 1454 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio});
1461sub _freetls { 1483sub _freetls {
1462 my ($self) = @_; 1484 my ($self) = @_;
1463 1485
1464 return unless $self->{tls}; 1486 return unless $self->{tls};
1465 1487
1466 Net::SSLeay::free (delete $self->{tls}); 1488 $self->{tls_ctx}->_put_session (delete $self->{tls});
1467 1489
1468 delete @$self{qw(_rbio _wbio _tls_wbuf)}; 1490 delete @$self{qw(_rbio _wbio _tls_wbuf)};
1469} 1491}
1470 1492
1471sub DESTROY { 1493sub DESTROY {
1521 %$self = (); 1543 %$self = ();
1522} 1544}
1523 1545
1524=item AnyEvent::Handle::TLS_CTX 1546=item AnyEvent::Handle::TLS_CTX
1525 1547
1526This function creates and returns the Net::SSLeay::CTX object used by 1548This function creates and returns the AnyEvent::TLS object used by default
1527default for TLS mode. 1549for TLS mode.
1528 1550
1529The context is created like this: 1551The context is created by calling L<AnyEvent::TLS> without any arguments.
1530
1531 Net::SSLeay::load_error_strings;
1532 Net::SSLeay::SSLeay_add_ssl_algorithms;
1533 Net::SSLeay::randomize;
1534
1535 my $CTX = Net::SSLeay::CTX_new;
1536
1537 Net::SSLeay::CTX_set_options $CTX, Net::SSLeay::OP_ALL
1538 1552
1539=cut 1553=cut
1540 1554
1541our $TLS_CTX; 1555our $TLS_CTX;
1542 1556
1543sub TLS_CTX() { 1557sub TLS_CTX() {
1544 $TLS_CTX || do { 1558 $TLS_CTX ||= do {
1545 require Net::SSLeay; 1559 require AnyEvent::TLS;
1546 1560
1547 Net::SSLeay::load_error_strings (); 1561 new AnyEvent::TLS
1548 Net::SSLeay::SSLeay_add_ssl_algorithms ();
1549 Net::SSLeay::randomize ();
1550
1551 $TLS_CTX = Net::SSLeay::CTX_new ();
1552
1553 Net::SSLeay::CTX_set_options ($TLS_CTX, Net::SSLeay::OP_ALL ());
1554
1555 $TLS_CTX
1556 } 1562 }
1557} 1563}
1558 1564
1559=back 1565=back
1560 1566

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines