| … | |
… | |
| 14 | |
14 | |
| 15 | AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent |
15 | AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent |
| 16 | |
16 | |
| 17 | =cut |
17 | =cut |
| 18 | |
18 | |
| 19 | our $VERSION = 4.45; |
19 | our $VERSION = 4.82; |
| 20 | |
20 | |
| 21 | =head1 SYNOPSIS |
21 | =head1 SYNOPSIS |
| 22 | |
22 | |
| 23 | use AnyEvent; |
23 | use AnyEvent; |
| 24 | use AnyEvent::Handle; |
24 | use AnyEvent::Handle; |
| 25 | |
25 | |
| 26 | my $cv = AnyEvent->condvar; |
26 | my $cv = AnyEvent->condvar; |
| 27 | |
27 | |
| 28 | my $handle = |
28 | my $hdl; $hdl = new AnyEvent::Handle |
| 29 | AnyEvent::Handle->new ( |
|
|
| 30 | fh => \*STDIN, |
29 | fh => \*STDIN, |
| 31 | on_eof => sub { |
30 | on_error => sub { |
|
|
31 | warn "got error $_[2]\n"; |
| 32 | $cv->send; |
32 | $cv->send; |
| 33 | }, |
|
|
| 34 | ); |
33 | ); |
| 35 | |
34 | |
| 36 | # send some request line |
35 | # send some request line |
| 37 | $handle->push_write ("getinfo\015\012"); |
36 | $hdl->push_write ("getinfo\015\012"); |
| 38 | |
37 | |
| 39 | # read the response line |
38 | # read the response line |
| 40 | $handle->push_read (line => sub { |
39 | $hdl->push_read (line => sub { |
| 41 | my ($handle, $line) = @_; |
40 | my ($hdl, $line) = @_; |
| 42 | warn "read line <$line>\n"; |
41 | warn "got line <$line>\n"; |
| 43 | $cv->send; |
42 | $cv->send; |
| 44 | }); |
43 | }); |
| 45 | |
44 | |
| 46 | $cv->recv; |
45 | $cv->recv; |
| 47 | |
46 | |
| … | |
… | |
| 81 | |
80 | |
| 82 | =item on_eof => $cb->($handle) |
81 | =item on_eof => $cb->($handle) |
| 83 | |
82 | |
| 84 | Set the callback to be called when an end-of-file condition is detected, |
83 | Set the callback to be called when an end-of-file condition is detected, |
| 85 | i.e. in the case of a socket, when the other side has closed the |
84 | i.e. in the case of a socket, when the other side has closed the |
| 86 | connection cleanly. |
85 | connection cleanly, and there are no outstanding read requests in the |
|
|
86 | queue (if there are read requests, then an EOF counts as an unexpected |
|
|
87 | connection close and will be flagged as an error). |
| 87 | |
88 | |
| 88 | For sockets, this just means that the other side has stopped sending data, |
89 | For sockets, this just means that the other side has stopped sending data, |
| 89 | you can still try to write data, and, in fact, one can return from the EOF |
90 | you can still try to write data, and, in fact, one can return from the EOF |
| 90 | callback and continue writing data, as only the read part has been shut |
91 | callback and continue writing data, as only the read part has been shut |
| 91 | down. |
92 | down. |
| 92 | |
93 | |
| 93 | While not mandatory, it is I<highly> recommended to set an EOF callback, |
|
|
| 94 | otherwise you might end up with a closed socket while you are still |
|
|
| 95 | waiting for data. |
|
|
| 96 | |
|
|
| 97 | If an EOF condition has been detected but no C<on_eof> callback has been |
94 | If an EOF condition has been detected but no C<on_eof> callback has been |
| 98 | set, then a fatal error will be raised with C<$!> set to <0>. |
95 | set, then a fatal error will be raised with C<$!> set to <0>. |
| 99 | |
96 | |
| 100 | =item on_error => $cb->($handle, $fatal) |
97 | =item on_error => $cb->($handle, $fatal, $message) |
| 101 | |
98 | |
| 102 | This is the error callback, which is called when, well, some error |
99 | This is the error callback, which is called when, well, some error |
| 103 | occured, such as not being able to resolve the hostname, failure to |
100 | occured, such as not being able to resolve the hostname, failure to |
| 104 | connect or a read error. |
101 | connect or a read error. |
| 105 | |
102 | |
| 106 | Some errors are fatal (which is indicated by C<$fatal> being true). On |
103 | Some errors are fatal (which is indicated by C<$fatal> being true). On |
| 107 | fatal errors the handle object will be shut down and will not be usable |
104 | fatal errors the handle object will be destroyed (by a call to C<< -> |
| 108 | (but you are free to look at the current C<< ->rbuf >>). Examples of fatal |
105 | destroy >>) after invoking the error callback (which means you are free to |
| 109 | errors are an EOF condition with active (but unsatisifable) read watchers |
106 | examine the handle object). Examples of fatal errors are an EOF condition |
| 110 | (C<EPIPE>) or I/O errors. |
107 | with active (but unsatisifable) read watchers (C<EPIPE>) or I/O errors. |
|
|
108 | |
|
|
109 | AnyEvent::Handle tries to find an appropriate error code for you to check |
|
|
110 | against, but in some cases (TLS errors), this does not work well. It is |
|
|
111 | recommended to always output the C<$message> argument in human-readable |
|
|
112 | error messages (it's usually the same as C<"$!">). |
| 111 | |
113 | |
| 112 | Non-fatal errors can be retried by simply returning, but it is recommended |
114 | Non-fatal errors can be retried by simply returning, but it is recommended |
| 113 | to simply ignore this parameter and instead abondon the handle object |
115 | to simply ignore this parameter and instead abondon the handle object |
| 114 | when this callback is invoked. Examples of non-fatal errors are timeouts |
116 | when this callback is invoked. Examples of non-fatal errors are timeouts |
| 115 | C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>). |
117 | C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>). |
| 116 | |
118 | |
| 117 | On callback entrance, the value of C<$!> contains the operating system |
119 | On callback entrance, the value of C<$!> contains the operating system |
| 118 | error (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT> or C<EBADMSG>). |
120 | error code (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT>, C<EBADMSG> or |
|
|
121 | C<EPROTO>). |
| 119 | |
122 | |
| 120 | While not mandatory, it is I<highly> recommended to set this callback, as |
123 | While not mandatory, it is I<highly> recommended to set this callback, as |
| 121 | you will not be notified of errors otherwise. The default simply calls |
124 | you will not be notified of errors otherwise. The default simply calls |
| 122 | C<croak>. |
125 | C<croak>. |
| 123 | |
126 | |
| … | |
… | |
| 127 | and no read request is in the queue (unlike read queue callbacks, this |
130 | and no read request is in the queue (unlike read queue callbacks, this |
| 128 | callback will only be called when at least one octet of data is in the |
131 | callback will only be called when at least one octet of data is in the |
| 129 | read buffer). |
132 | read buffer). |
| 130 | |
133 | |
| 131 | To access (and remove data from) the read buffer, use the C<< ->rbuf >> |
134 | To access (and remove data from) the read buffer, use the C<< ->rbuf >> |
| 132 | method or access the C<$handle->{rbuf}> member directly. Note that you |
135 | method or access the C<< $handle->{rbuf} >> member directly. Note that you |
| 133 | must not enlarge or modify the read buffer, you can only remove data at |
136 | must not enlarge or modify the read buffer, you can only remove data at |
| 134 | the beginning from it. |
137 | the beginning from it. |
| 135 | |
138 | |
| 136 | When an EOF condition is detected then AnyEvent::Handle will first try to |
139 | When an EOF condition is detected then AnyEvent::Handle will first try to |
| 137 | feed all the remaining data to the queued callbacks and C<on_read> before |
140 | feed all the remaining data to the queued callbacks and C<on_read> before |
| 138 | calling the C<on_eof> callback. If no progress can be made, then a fatal |
141 | calling the C<on_eof> callback. If no progress can be made, then a fatal |
| 139 | error will be raised (with C<$!> set to C<EPIPE>). |
142 | error will be raised (with C<$!> set to C<EPIPE>). |
|
|
143 | |
|
|
144 | Note that, unlike requests in the read queue, an C<on_read> callback |
|
|
145 | doesn't mean you I<require> some data: if there is an EOF and there |
|
|
146 | are outstanding read requests then an error will be flagged. With an |
|
|
147 | C<on_read> callback, the C<on_eof> callback will be invoked. |
| 140 | |
148 | |
| 141 | =item on_drain => $cb->($handle) |
149 | =item on_drain => $cb->($handle) |
| 142 | |
150 | |
| 143 | This sets the callback that is called when the write buffer becomes empty |
151 | This sets the callback that is called when the write buffer becomes empty |
| 144 | (or when the callback is set and the buffer is empty already). |
152 | (or when the callback is set and the buffer is empty already). |
| … | |
… | |
| 237 | |
245 | |
| 238 | This will not work for partial TLS data that could not be encoded |
246 | This will not work for partial TLS data that could not be encoded |
| 239 | yet. This data will be lost. Calling the C<stoptls> method in time might |
247 | yet. This data will be lost. Calling the C<stoptls> method in time might |
| 240 | help. |
248 | help. |
| 241 | |
249 | |
| 242 | =item common_name => $string |
250 | =item peername => $string |
| 243 | |
251 | |
| 244 | The common name used by some verification methods (most notably SSL/TLS) |
252 | A string used to identify the remote site - usually the DNS hostname |
| 245 | associated with this connection. Usually this is the remote hostname used |
253 | (I<not> IDN!) used to create the connection, rarely the IP address. |
| 246 | to connect, but can be almost anything. |
254 | |
|
|
255 | Apart from being useful in error messages, this string is also used in TLS |
|
|
256 | peername verification (see C<verify_peername> in L<AnyEvent::TLS>). This |
|
|
257 | verification will be skipped when C<peername> is not specified or |
|
|
258 | C<undef>. |
| 247 | |
259 | |
| 248 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
260 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
| 249 | |
261 | |
| 250 | When this parameter is given, it enables TLS (SSL) mode, that means |
262 | When this parameter is given, it enables TLS (SSL) mode, that means |
| 251 | AnyEvent will start a TLS handshake as soon as the conenction has been |
263 | AnyEvent will start a TLS handshake as soon as the conenction has been |
| 252 | established and will transparently encrypt/decrypt data afterwards. |
264 | established and will transparently encrypt/decrypt data afterwards. |
|
|
265 | |
|
|
266 | All TLS protocol errors will be signalled as C<EPROTO>, with an |
|
|
267 | appropriate error message. |
| 253 | |
268 | |
| 254 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
269 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
| 255 | automatically when you try to create a TLS handle): this module doesn't |
270 | automatically when you try to create a TLS handle): this module doesn't |
| 256 | have a dependency on that module, so if your module requires it, you have |
271 | have a dependency on that module, so if your module requires it, you have |
| 257 | to add the dependency yourself. |
272 | to add the dependency yourself. |
| … | |
… | |
| 285 | |
300 | |
| 286 | Instead of an object, you can also specify a hash reference with C<< key |
301 | Instead of an object, you can also specify a hash reference with C<< key |
| 287 | => value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a |
302 | => value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a |
| 288 | new TLS context object. |
303 | new TLS context object. |
| 289 | |
304 | |
|
|
305 | =item on_starttls => $cb->($handle, $success[, $error_message]) |
|
|
306 | |
|
|
307 | This callback will be invoked when the TLS/SSL handshake has finished. If |
|
|
308 | C<$success> is true, then the TLS handshake succeeded, otherwise it failed |
|
|
309 | (C<on_stoptls> will not be called in this case). |
|
|
310 | |
|
|
311 | The session in C<< $handle->{tls} >> can still be examined in this |
|
|
312 | callback, even when the handshake was not successful. |
|
|
313 | |
|
|
314 | TLS handshake failures will not cause C<on_error> to be invoked when this |
|
|
315 | callback is in effect, instead, the error message will be passed to C<on_starttls>. |
|
|
316 | |
|
|
317 | Without this callback, handshake failures lead to C<on_error> being |
|
|
318 | called, as normal. |
|
|
319 | |
|
|
320 | Note that you cannot call C<starttls> right again in this callback. If you |
|
|
321 | need to do that, start an zero-second timer instead whose callback can |
|
|
322 | then call C<< ->starttls >> again. |
|
|
323 | |
|
|
324 | =item on_stoptls => $cb->($handle) |
|
|
325 | |
|
|
326 | When a SSLv3/TLS shutdown/close notify/EOF is detected and this callback is |
|
|
327 | set, then it will be invoked after freeing the TLS session. If it is not, |
|
|
328 | then a TLS shutdown condition will be treated like a normal EOF condition |
|
|
329 | on the handle. |
|
|
330 | |
|
|
331 | The session in C<< $handle->{tls} >> can still be examined in this |
|
|
332 | callback. |
|
|
333 | |
|
|
334 | This callback will only be called on TLS shutdowns, not when the |
|
|
335 | underlying handle signals EOF. |
|
|
336 | |
| 290 | =item json => JSON or JSON::XS object |
337 | =item json => JSON or JSON::XS object |
| 291 | |
338 | |
| 292 | This is the json coder object used by the C<json> read and write types. |
339 | This is the json coder object used by the C<json> read and write types. |
| 293 | |
340 | |
| 294 | If you don't supply it, then AnyEvent::Handle will create and use a |
341 | If you don't supply it, then AnyEvent::Handle will create and use a |
| … | |
… | |
| 316 | $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay}; |
363 | $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay}; |
| 317 | |
364 | |
| 318 | $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) |
365 | $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) |
| 319 | if $self->{tls}; |
366 | if $self->{tls}; |
| 320 | |
367 | |
| 321 | $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; |
368 | $self->on_drain (delete $self->{on_drain}) if $self->{on_drain}; |
| 322 | |
369 | |
| 323 | $self->start_read |
370 | $self->start_read |
| 324 | if $self->{on_read}; |
371 | if $self->{on_read}; |
| 325 | |
372 | |
| 326 | $self->{fh} && $self |
373 | $self->{fh} && $self |
| 327 | } |
374 | } |
| 328 | |
375 | |
| 329 | sub _shutdown { |
376 | #sub _shutdown { |
| 330 | my ($self) = @_; |
377 | # my ($self) = @_; |
| 331 | |
378 | # |
| 332 | delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)}; |
379 | # delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)}; |
| 333 | $self->{_eof} = 1; # tell starttls et. al to stop trying |
380 | # $self->{_eof} = 1; # tell starttls et. al to stop trying |
| 334 | |
381 | # |
| 335 | &_freetls; |
382 | # &_freetls; |
| 336 | } |
383 | #} |
| 337 | |
384 | |
| 338 | sub _error { |
385 | sub _error { |
| 339 | my ($self, $errno, $fatal) = @_; |
386 | my ($self, $errno, $fatal, $message) = @_; |
| 340 | |
|
|
| 341 | $self->_shutdown |
|
|
| 342 | if $fatal; |
|
|
| 343 | |
387 | |
| 344 | $! = $errno; |
388 | $! = $errno; |
|
|
389 | $message ||= "$!"; |
| 345 | |
390 | |
| 346 | if ($self->{on_error}) { |
391 | if ($self->{on_error}) { |
| 347 | $self->{on_error}($self, $fatal); |
392 | $self->{on_error}($self, $fatal, $message); |
|
|
393 | $self->destroy; |
| 348 | } elsif ($self->{fh}) { |
394 | } elsif ($self->{fh}) { |
|
|
395 | $self->destroy; |
| 349 | Carp::croak "AnyEvent::Handle uncaught error: $!"; |
396 | Carp::croak "AnyEvent::Handle uncaught error: $message"; |
| 350 | } |
397 | } |
| 351 | } |
398 | } |
| 352 | |
399 | |
| 353 | =item $fh = $handle->fh |
400 | =item $fh = $handle->fh |
| 354 | |
401 | |
| … | |
… | |
| 415 | local $SIG{__DIE__}; |
462 | local $SIG{__DIE__}; |
| 416 | setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1]; |
463 | setsockopt $_[0]{fh}, &Socket::IPPROTO_TCP, &Socket::TCP_NODELAY, int $_[1]; |
| 417 | }; |
464 | }; |
| 418 | } |
465 | } |
| 419 | |
466 | |
|
|
467 | =item $handle->on_starttls ($cb) |
|
|
468 | |
|
|
469 | Replace the current C<on_starttls> callback (see the C<on_starttls> constructor argument). |
|
|
470 | |
|
|
471 | =cut |
|
|
472 | |
|
|
473 | sub on_starttls { |
|
|
474 | $_[0]{on_starttls} = $_[1]; |
|
|
475 | } |
|
|
476 | |
|
|
477 | =item $handle->on_stoptls ($cb) |
|
|
478 | |
|
|
479 | Replace the current C<on_stoptls> callback (see the C<on_stoptls> constructor argument). |
|
|
480 | |
|
|
481 | =cut |
|
|
482 | |
|
|
483 | sub on_starttls { |
|
|
484 | $_[0]{on_stoptls} = $_[1]; |
|
|
485 | } |
|
|
486 | |
| 420 | ############################################################################# |
487 | ############################################################################# |
| 421 | |
488 | |
| 422 | =item $handle->timeout ($seconds) |
489 | =item $handle->timeout ($seconds) |
| 423 | |
490 | |
| 424 | Configures (or disables) the inactivity timeout. |
491 | Configures (or disables) the inactivity timeout. |
| … | |
… | |
| 448 | $self->{_activity} = $NOW; |
515 | $self->{_activity} = $NOW; |
| 449 | |
516 | |
| 450 | if ($self->{on_timeout}) { |
517 | if ($self->{on_timeout}) { |
| 451 | $self->{on_timeout}($self); |
518 | $self->{on_timeout}($self); |
| 452 | } else { |
519 | } else { |
| 453 | $self->_error (&Errno::ETIMEDOUT); |
520 | $self->_error (Errno::ETIMEDOUT); |
| 454 | } |
521 | } |
| 455 | |
522 | |
| 456 | # callback could have changed timeout value, optimise |
523 | # callback could have changed timeout value, optimise |
| 457 | return unless $self->{timeout}; |
524 | return unless $self->{timeout}; |
| 458 | |
525 | |
| … | |
… | |
| 521 | Scalar::Util::weaken $self; |
588 | Scalar::Util::weaken $self; |
| 522 | |
589 | |
| 523 | my $cb = sub { |
590 | my $cb = sub { |
| 524 | my $len = syswrite $self->{fh}, $self->{wbuf}; |
591 | my $len = syswrite $self->{fh}, $self->{wbuf}; |
| 525 | |
592 | |
| 526 | if ($len >= 0) { |
593 | if (defined $len) { |
| 527 | substr $self->{wbuf}, 0, $len, ""; |
594 | substr $self->{wbuf}, 0, $len, ""; |
| 528 | |
595 | |
| 529 | $self->{_activity} = AnyEvent->now; |
596 | $self->{_activity} = AnyEvent->now; |
| 530 | |
597 | |
| 531 | $self->{on_drain}($self) |
598 | $self->{on_drain}($self) |
| … | |
… | |
| 666 | |
733 | |
| 667 | pack "w/a*", Storable::nfreeze ($ref) |
734 | pack "w/a*", Storable::nfreeze ($ref) |
| 668 | }; |
735 | }; |
| 669 | |
736 | |
| 670 | =back |
737 | =back |
|
|
738 | |
|
|
739 | =item $handle->push_shutdown |
|
|
740 | |
|
|
741 | Sometimes you know you want to close the socket after writing your data |
|
|
742 | before it was actually written. One way to do that is to replace your |
|
|
743 | C<on_drain> handler by a callback that shuts down the socket (and set |
|
|
744 | C<low_water_mark> to C<0>). This method is a shorthand for just that, and |
|
|
745 | replaces the C<on_drain> callback with: |
|
|
746 | |
|
|
747 | sub { shutdown $_[0]{fh}, 1 } # for push_shutdown |
|
|
748 | |
|
|
749 | This simply shuts down the write side and signals an EOF condition to the |
|
|
750 | the peer. |
|
|
751 | |
|
|
752 | You can rely on the normal read queue and C<on_eof> handling |
|
|
753 | afterwards. This is the cleanest way to close a connection. |
|
|
754 | |
|
|
755 | =cut |
|
|
756 | |
|
|
757 | sub push_shutdown { |
|
|
758 | my ($self) = @_; |
|
|
759 | |
|
|
760 | delete $self->{low_water_mark}; |
|
|
761 | $self->on_drain (sub { shutdown $_[0]{fh}, 1 }); |
|
|
762 | } |
| 671 | |
763 | |
| 672 | =item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args) |
764 | =item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args) |
| 673 | |
765 | |
| 674 | This function (not method) lets you add your own types to C<push_write>. |
766 | This function (not method) lets you add your own types to C<push_write>. |
| 675 | Whenever the given C<type> is used, C<push_write> will invoke the code |
767 | Whenever the given C<type> is used, C<push_write> will invoke the code |
| … | |
… | |
| 775 | |
867 | |
| 776 | if ( |
868 | if ( |
| 777 | defined $self->{rbuf_max} |
869 | defined $self->{rbuf_max} |
| 778 | && $self->{rbuf_max} < length $self->{rbuf} |
870 | && $self->{rbuf_max} < length $self->{rbuf} |
| 779 | ) { |
871 | ) { |
| 780 | $self->_error (&Errno::ENOSPC, 1), return; |
872 | $self->_error (Errno::ENOSPC, 1), return; |
| 781 | } |
873 | } |
| 782 | |
874 | |
| 783 | while () { |
875 | while () { |
| 784 | # we need to use a separate tls read buffer, as we must not receive data while |
876 | # we need to use a separate tls read buffer, as we must not receive data while |
| 785 | # we are draining the buffer, and this can only happen with TLS. |
877 | # we are draining the buffer, and this can only happen with TLS. |
| … | |
… | |
| 789 | |
881 | |
| 790 | if (my $cb = shift @{ $self->{_queue} }) { |
882 | if (my $cb = shift @{ $self->{_queue} }) { |
| 791 | unless ($cb->($self)) { |
883 | unless ($cb->($self)) { |
| 792 | if ($self->{_eof}) { |
884 | if ($self->{_eof}) { |
| 793 | # no progress can be made (not enough data and no data forthcoming) |
885 | # no progress can be made (not enough data and no data forthcoming) |
| 794 | $self->_error (&Errno::EPIPE, 1), return; |
886 | $self->_error (Errno::EPIPE, 1), return; |
| 795 | } |
887 | } |
| 796 | |
888 | |
| 797 | unshift @{ $self->{_queue} }, $cb; |
889 | unshift @{ $self->{_queue} }, $cb; |
| 798 | last; |
890 | last; |
| 799 | } |
891 | } |
| … | |
… | |
| 807 | && !@{ $self->{_queue} } # and the queue is still empty |
899 | && !@{ $self->{_queue} } # and the queue is still empty |
| 808 | && $self->{on_read} # but we still have on_read |
900 | && $self->{on_read} # but we still have on_read |
| 809 | ) { |
901 | ) { |
| 810 | # no further data will arrive |
902 | # no further data will arrive |
| 811 | # so no progress can be made |
903 | # so no progress can be made |
| 812 | $self->_error (&Errno::EPIPE, 1), return |
904 | $self->_error (Errno::EPIPE, 1), return |
| 813 | if $self->{_eof}; |
905 | if $self->{_eof}; |
| 814 | |
906 | |
| 815 | last; # more data might arrive |
907 | last; # more data might arrive |
| 816 | } |
908 | } |
| 817 | } else { |
909 | } else { |
| … | |
… | |
| 823 | |
915 | |
| 824 | if ($self->{_eof}) { |
916 | if ($self->{_eof}) { |
| 825 | if ($self->{on_eof}) { |
917 | if ($self->{on_eof}) { |
| 826 | $self->{on_eof}($self) |
918 | $self->{on_eof}($self) |
| 827 | } else { |
919 | } else { |
| 828 | $self->_error (0, 1); |
920 | $self->_error (0, 1, "Unexpected end-of-file"); |
| 829 | } |
921 | } |
| 830 | } |
922 | } |
| 831 | |
923 | |
| 832 | # may need to restart read watcher |
924 | # may need to restart read watcher |
| 833 | unless ($self->{_rw}) { |
925 | unless ($self->{_rw}) { |
| … | |
… | |
| 1067 | return 1; |
1159 | return 1; |
| 1068 | } |
1160 | } |
| 1069 | |
1161 | |
| 1070 | # reject |
1162 | # reject |
| 1071 | if ($reject && $$rbuf =~ $reject) { |
1163 | if ($reject && $$rbuf =~ $reject) { |
| 1072 | $self->_error (&Errno::EBADMSG); |
1164 | $self->_error (Errno::EBADMSG); |
| 1073 | } |
1165 | } |
| 1074 | |
1166 | |
| 1075 | # skip |
1167 | # skip |
| 1076 | if ($skip && $$rbuf =~ $skip) { |
1168 | if ($skip && $$rbuf =~ $skip) { |
| 1077 | $data .= substr $$rbuf, 0, $+[0], ""; |
1169 | $data .= substr $$rbuf, 0, $+[0], ""; |
| … | |
… | |
| 1093 | my ($self, $cb) = @_; |
1185 | my ($self, $cb) = @_; |
| 1094 | |
1186 | |
| 1095 | sub { |
1187 | sub { |
| 1096 | unless ($_[0]{rbuf} =~ s/^(0|[1-9][0-9]*)://) { |
1188 | unless ($_[0]{rbuf} =~ s/^(0|[1-9][0-9]*)://) { |
| 1097 | if ($_[0]{rbuf} =~ /[^0-9]/) { |
1189 | if ($_[0]{rbuf} =~ /[^0-9]/) { |
| 1098 | $self->_error (&Errno::EBADMSG); |
1190 | $self->_error (Errno::EBADMSG); |
| 1099 | } |
1191 | } |
| 1100 | return; |
1192 | return; |
| 1101 | } |
1193 | } |
| 1102 | |
1194 | |
| 1103 | my $len = $1; |
1195 | my $len = $1; |
| … | |
… | |
| 1106 | my $string = $_[1]; |
1198 | my $string = $_[1]; |
| 1107 | $_[0]->unshift_read (chunk => 1, sub { |
1199 | $_[0]->unshift_read (chunk => 1, sub { |
| 1108 | if ($_[1] eq ",") { |
1200 | if ($_[1] eq ",") { |
| 1109 | $cb->($_[0], $string); |
1201 | $cb->($_[0], $string); |
| 1110 | } else { |
1202 | } else { |
| 1111 | $self->_error (&Errno::EBADMSG); |
1203 | $self->_error (Errno::EBADMSG); |
| 1112 | } |
1204 | } |
| 1113 | }); |
1205 | }); |
| 1114 | }); |
1206 | }); |
| 1115 | |
1207 | |
| 1116 | 1 |
1208 | 1 |
| … | |
… | |
| 1183 | =cut |
1275 | =cut |
| 1184 | |
1276 | |
| 1185 | register_read_type json => sub { |
1277 | register_read_type json => sub { |
| 1186 | my ($self, $cb) = @_; |
1278 | my ($self, $cb) = @_; |
| 1187 | |
1279 | |
| 1188 | require JSON; |
1280 | my $json = $self->{json} ||= |
|
|
1281 | eval { require JSON::XS; JSON::XS->new->utf8 } |
|
|
1282 | || do { require JSON; JSON->new->utf8 }; |
| 1189 | |
1283 | |
| 1190 | my $data; |
1284 | my $data; |
| 1191 | my $rbuf = \$self->{rbuf}; |
1285 | my $rbuf = \$self->{rbuf}; |
| 1192 | |
|
|
| 1193 | my $json = $self->{json} ||= JSON->new->utf8; |
|
|
| 1194 | |
1286 | |
| 1195 | sub { |
1287 | sub { |
| 1196 | my $ref = eval { $json->incr_parse ($self->{rbuf}) }; |
1288 | my $ref = eval { $json->incr_parse ($self->{rbuf}) }; |
| 1197 | |
1289 | |
| 1198 | if ($ref) { |
1290 | if ($ref) { |
| … | |
… | |
| 1206 | $json->incr_skip; |
1298 | $json->incr_skip; |
| 1207 | |
1299 | |
| 1208 | $self->{rbuf} = $json->incr_text; |
1300 | $self->{rbuf} = $json->incr_text; |
| 1209 | $json->incr_text = ""; |
1301 | $json->incr_text = ""; |
| 1210 | |
1302 | |
| 1211 | $self->_error (&Errno::EBADMSG); |
1303 | $self->_error (Errno::EBADMSG); |
| 1212 | |
1304 | |
| 1213 | () |
1305 | () |
| 1214 | } else { |
1306 | } else { |
| 1215 | $self->{rbuf} = ""; |
1307 | $self->{rbuf} = ""; |
| 1216 | |
1308 | |
| … | |
… | |
| 1253 | # read remaining chunk |
1345 | # read remaining chunk |
| 1254 | $_[0]->unshift_read (chunk => $len, sub { |
1346 | $_[0]->unshift_read (chunk => $len, sub { |
| 1255 | if (my $ref = eval { Storable::thaw ($_[1]) }) { |
1347 | if (my $ref = eval { Storable::thaw ($_[1]) }) { |
| 1256 | $cb->($_[0], $ref); |
1348 | $cb->($_[0], $ref); |
| 1257 | } else { |
1349 | } else { |
| 1258 | $self->_error (&Errno::EBADMSG); |
1350 | $self->_error (Errno::EBADMSG); |
| 1259 | } |
1351 | } |
| 1260 | }); |
1352 | }); |
| 1261 | } |
1353 | } |
| 1262 | |
1354 | |
| 1263 | 1 |
1355 | 1 |
| … | |
… | |
| 1342 | } |
1434 | } |
| 1343 | }); |
1435 | }); |
| 1344 | } |
1436 | } |
| 1345 | } |
1437 | } |
| 1346 | |
1438 | |
|
|
1439 | our $ERROR_SYSCALL; |
|
|
1440 | our $ERROR_WANT_READ; |
|
|
1441 | |
|
|
1442 | sub _tls_error { |
|
|
1443 | my ($self, $err) = @_; |
|
|
1444 | |
|
|
1445 | return $self->_error ($!, 1) |
|
|
1446 | if $err == Net::SSLeay::ERROR_SYSCALL (); |
|
|
1447 | |
|
|
1448 | my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ()); |
|
|
1449 | |
|
|
1450 | # reduce error string to look less scary |
|
|
1451 | $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /; |
|
|
1452 | |
|
|
1453 | if ($self->{_on_starttls}) { |
|
|
1454 | (delete $self->{_on_starttls})->($self, undef, $err); |
|
|
1455 | &_freetls; |
|
|
1456 | } else { |
|
|
1457 | &_freetls; |
|
|
1458 | $self->_error (Errno::EPROTO, 1, $err); |
|
|
1459 | } |
|
|
1460 | } |
|
|
1461 | |
| 1347 | # poll the write BIO and send the data if applicable |
1462 | # poll the write BIO and send the data if applicable |
|
|
1463 | # also decode read data if possible |
|
|
1464 | # this is basiclaly our TLS state machine |
|
|
1465 | # more efficient implementations are possible with openssl, |
|
|
1466 | # but not with the buggy and incomplete Net::SSLeay. |
| 1348 | sub _dotls { |
1467 | sub _dotls { |
| 1349 | my ($self) = @_; |
1468 | my ($self) = @_; |
| 1350 | |
1469 | |
| 1351 | my $tmp; |
1470 | my $tmp; |
| 1352 | |
1471 | |
| 1353 | if (length $self->{_tls_wbuf}) { |
1472 | if (length $self->{_tls_wbuf}) { |
| 1354 | while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) { |
1473 | while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) { |
| 1355 | substr $self->{_tls_wbuf}, 0, $tmp, ""; |
1474 | substr $self->{_tls_wbuf}, 0, $tmp, ""; |
| 1356 | } |
1475 | } |
|
|
1476 | |
|
|
1477 | $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp); |
|
|
1478 | return $self->_tls_error ($tmp) |
|
|
1479 | if $tmp != $ERROR_WANT_READ |
|
|
1480 | && ($tmp != $ERROR_SYSCALL || $!); |
| 1357 | } |
1481 | } |
| 1358 | |
1482 | |
| 1359 | while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { |
1483 | while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { |
| 1360 | unless (length $tmp) { |
1484 | unless (length $tmp) { |
| 1361 | # let's treat SSL-eof as we treat normal EOF |
1485 | $self->{_on_starttls} |
| 1362 | delete $self->{_rw}; |
1486 | and (delete $self->{_on_starttls})->($self, undef, "EOF during handshake"); # ??? |
| 1363 | $self->{_eof} = 1; |
|
|
| 1364 | &_freetls; |
1487 | &_freetls; |
|
|
1488 | |
|
|
1489 | if ($self->{on_stoptls}) { |
|
|
1490 | $self->{on_stoptls}($self); |
|
|
1491 | return; |
|
|
1492 | } else { |
|
|
1493 | # let's treat SSL-eof as we treat normal EOF |
|
|
1494 | delete $self->{_rw}; |
|
|
1495 | $self->{_eof} = 1; |
|
|
1496 | } |
| 1365 | } |
1497 | } |
| 1366 | |
1498 | |
| 1367 | $self->{_tls_rbuf} .= $tmp; |
1499 | $self->{_tls_rbuf} .= $tmp; |
| 1368 | $self->_drain_rbuf unless $self->{_in_drain}; |
1500 | $self->_drain_rbuf unless $self->{_in_drain}; |
| 1369 | $self->{tls} or return; # tls session might have gone away in callback |
1501 | $self->{tls} or return; # tls session might have gone away in callback |
| 1370 | } |
1502 | } |
| 1371 | |
1503 | |
| 1372 | $tmp = Net::SSLeay::get_error ($self->{tls}, -1); |
1504 | $tmp = Net::SSLeay::get_error ($self->{tls}, -1); |
| 1373 | |
|
|
| 1374 | if ($tmp != Net::SSLeay::ERROR_WANT_READ ()) { |
|
|
| 1375 | if ($tmp == Net::SSLeay::ERROR_SYSCALL ()) { |
|
|
| 1376 | return $self->_error ($!, 1); |
1505 | return $self->_tls_error ($tmp) |
| 1377 | } elsif ($tmp == Net::SSLeay::ERROR_SSL ()) { |
1506 | if $tmp != $ERROR_WANT_READ |
| 1378 | return $self->_error (&Errno::EIO, 1); |
1507 | && ($tmp != $ERROR_SYSCALL || $!); |
| 1379 | } |
|
|
| 1380 | |
|
|
| 1381 | # all other errors are fine for our purposes |
|
|
| 1382 | } |
|
|
| 1383 | |
1508 | |
| 1384 | while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) { |
1509 | while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) { |
| 1385 | $self->{wbuf} .= $tmp; |
1510 | $self->{wbuf} .= $tmp; |
| 1386 | $self->_drain_wbuf; |
1511 | $self->_drain_wbuf; |
| 1387 | } |
1512 | } |
|
|
1513 | |
|
|
1514 | $self->{_on_starttls} |
|
|
1515 | and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK () |
|
|
1516 | and (delete $self->{_on_starttls})->($self, 1, "TLS/SSL connection established"); |
| 1388 | } |
1517 | } |
| 1389 | |
1518 | |
| 1390 | =item $handle->starttls ($tls[, $tls_ctx]) |
1519 | =item $handle->starttls ($tls[, $tls_ctx]) |
| 1391 | |
1520 | |
| 1392 | Instead of starting TLS negotiation immediately when the AnyEvent::Handle |
1521 | Instead of starting TLS negotiation immediately when the AnyEvent::Handle |
| … | |
… | |
| 1409 | If it an error to start a TLS handshake more than once per |
1538 | If it an error to start a TLS handshake more than once per |
| 1410 | AnyEvent::Handle object (this is due to bugs in OpenSSL). |
1539 | AnyEvent::Handle object (this is due to bugs in OpenSSL). |
| 1411 | |
1540 | |
| 1412 | =cut |
1541 | =cut |
| 1413 | |
1542 | |
|
|
1543 | our %TLS_CACHE; #TODO not yet documented, should we? |
|
|
1544 | |
| 1414 | sub starttls { |
1545 | sub starttls { |
| 1415 | my ($self, $ssl, $ctx) = @_; |
1546 | my ($self, $ssl, $ctx) = @_; |
| 1416 | |
1547 | |
| 1417 | require Net::SSLeay; |
1548 | require Net::SSLeay; |
| 1418 | |
1549 | |
| 1419 | Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" |
1550 | Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" |
| 1420 | if $self->{tls}; |
1551 | if $self->{tls}; |
| 1421 | |
1552 | |
|
|
1553 | $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); |
|
|
1554 | $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); |
|
|
1555 | |
| 1422 | $ctx ||= $self->{tls_ctx}; |
1556 | $ctx ||= $self->{tls_ctx}; |
| 1423 | |
1557 | |
| 1424 | if ("HASH" eq ref $ctx) { |
1558 | if ("HASH" eq ref $ctx) { |
| 1425 | require AnyEvent::TLS; |
1559 | require AnyEvent::TLS; |
| 1426 | |
1560 | |
| 1427 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context |
1561 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context |
|
|
1562 | |
|
|
1563 | if ($ctx->{cache}) { |
|
|
1564 | my $key = $ctx+0; |
|
|
1565 | $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx; |
|
|
1566 | } else { |
| 1428 | $ctx = new AnyEvent::TLS %$ctx; |
1567 | $ctx = new AnyEvent::TLS %$ctx; |
|
|
1568 | } |
| 1429 | } |
1569 | } |
| 1430 | |
1570 | |
| 1431 | $self->{tls_ctx} = $ctx || TLS_CTX (); |
1571 | $self->{tls_ctx} = $ctx || TLS_CTX (); |
| 1432 | $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self); |
1572 | $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername}); |
| 1433 | |
1573 | |
| 1434 | # basically, this is deep magic (because SSL_read should have the same issues) |
1574 | # basically, this is deep magic (because SSL_read should have the same issues) |
| 1435 | # but the openssl maintainers basically said: "trust us, it just works". |
1575 | # but the openssl maintainers basically said: "trust us, it just works". |
| 1436 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
1576 | # (unfortunately, we have to hardcode constants because the abysmally misdesigned |
| 1437 | # and mismaintained ssleay-module doesn't even offer them). |
1577 | # and mismaintained ssleay-module doesn't even offer them). |
| … | |
… | |
| 1451 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1591 | $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
| 1452 | $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
1592 | $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
| 1453 | |
1593 | |
| 1454 | Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); |
1594 | Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); |
| 1455 | |
1595 | |
|
|
1596 | $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) } |
|
|
1597 | if $self->{on_starttls}; |
|
|
1598 | |
| 1456 | &_dotls; # need to trigger the initial handshake |
1599 | &_dotls; # need to trigger the initial handshake |
| 1457 | $self->start_read; # make sure we actually do read |
1600 | $self->start_read; # make sure we actually do read |
| 1458 | } |
1601 | } |
| 1459 | |
1602 | |
| 1460 | =item $handle->stoptls |
1603 | =item $handle->stoptls |
| … | |
… | |
| 1472 | if ($self->{tls}) { |
1615 | if ($self->{tls}) { |
| 1473 | Net::SSLeay::shutdown ($self->{tls}); |
1616 | Net::SSLeay::shutdown ($self->{tls}); |
| 1474 | |
1617 | |
| 1475 | &_dotls; |
1618 | &_dotls; |
| 1476 | |
1619 | |
| 1477 | # we don't give a shit. no, we do, but we can't. no... |
1620 | # # we don't give a shit. no, we do, but we can't. no...#d# |
| 1478 | # we, we... have to use openssl :/ |
1621 | # # we, we... have to use openssl :/#d# |
| 1479 | &_freetls; |
1622 | # &_freetls;#d# |
| 1480 | } |
1623 | } |
| 1481 | } |
1624 | } |
| 1482 | |
1625 | |
| 1483 | sub _freetls { |
1626 | sub _freetls { |
| 1484 | my ($self) = @_; |
1627 | my ($self) = @_; |
| 1485 | |
1628 | |
| 1486 | return unless $self->{tls}; |
1629 | return unless $self->{tls}; |
| 1487 | |
1630 | |
| 1488 | $self->{tls_ctx}->_put_session (delete $self->{tls}); |
1631 | $self->{tls_ctx}->_put_session (delete $self->{tls}); |
| 1489 | |
1632 | |
| 1490 | delete @$self{qw(_rbio _wbio _tls_wbuf)}; |
1633 | delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)}; |
| 1491 | } |
1634 | } |
| 1492 | |
1635 | |
| 1493 | sub DESTROY { |
1636 | sub DESTROY { |
| 1494 | my ($self) = @_; |
1637 | my ($self) = @_; |
| 1495 | |
1638 | |
| … | |
… | |
| 1519 | } |
1662 | } |
| 1520 | |
1663 | |
| 1521 | =item $handle->destroy |
1664 | =item $handle->destroy |
| 1522 | |
1665 | |
| 1523 | Shuts down the handle object as much as possible - this call ensures that |
1666 | Shuts down the handle object as much as possible - this call ensures that |
| 1524 | no further callbacks will be invoked and resources will be freed as much |
1667 | no further callbacks will be invoked and as many resources as possible |
| 1525 | as possible. You must not call any methods on the object afterwards. |
1668 | will be freed. You must not call any methods on the object afterwards. |
| 1526 | |
1669 | |
| 1527 | Normally, you can just "forget" any references to an AnyEvent::Handle |
1670 | Normally, you can just "forget" any references to an AnyEvent::Handle |
| 1528 | object and it will simply shut down. This works in fatal error and EOF |
1671 | object and it will simply shut down. This works in fatal error and EOF |
| 1529 | callbacks, as well as code outside. It does I<NOT> work in a read or write |
1672 | callbacks, as well as code outside. It does I<NOT> work in a read or write |
| 1530 | callback, so when you want to destroy the AnyEvent::Handle object from |
1673 | callback, so when you want to destroy the AnyEvent::Handle object from |
| 1531 | within such an callback. You I<MUST> call C<< ->destroy >> explicitly in |
1674 | within such an callback. You I<MUST> call C<< ->destroy >> explicitly in |
| 1532 | that case. |
1675 | that case. |
| 1533 | |
1676 | |
|
|
1677 | Destroying the handle object in this way has the advantage that callbacks |
|
|
1678 | will be removed as well, so if those are the only reference holders (as |
|
|
1679 | is common), then one doesn't need to do anything special to break any |
|
|
1680 | reference cycles. |
|
|
1681 | |
| 1534 | The handle might still linger in the background and write out remaining |
1682 | The handle might still linger in the background and write out remaining |
| 1535 | data, as specified by the C<linger> option, however. |
1683 | data, as specified by the C<linger> option, however. |
| 1536 | |
1684 | |
| 1537 | =cut |
1685 | =cut |
| 1538 | |
1686 | |
| … | |
… | |
| 1605 | |
1753 | |
| 1606 | $handle->on_read (sub { }); |
1754 | $handle->on_read (sub { }); |
| 1607 | $handle->on_eof (undef); |
1755 | $handle->on_eof (undef); |
| 1608 | $handle->on_error (sub { |
1756 | $handle->on_error (sub { |
| 1609 | my $data = delete $_[0]{rbuf}; |
1757 | my $data = delete $_[0]{rbuf}; |
| 1610 | undef $handle; |
|
|
| 1611 | }); |
1758 | }); |
| 1612 | |
1759 | |
| 1613 | The reason to use C<on_error> is that TCP connections, due to latencies |
1760 | The reason to use C<on_error> is that TCP connections, due to latencies |
| 1614 | and packets loss, might get closed quite violently with an error, when in |
1761 | and packets loss, might get closed quite violently with an error, when in |
| 1615 | fact, all data has been received. |
1762 | fact, all data has been received. |
| … | |
… | |
| 1631 | $handle->on_drain (sub { |
1778 | $handle->on_drain (sub { |
| 1632 | warn "all data submitted to the kernel\n"; |
1779 | warn "all data submitted to the kernel\n"; |
| 1633 | undef $handle; |
1780 | undef $handle; |
| 1634 | }); |
1781 | }); |
| 1635 | |
1782 | |
|
|
1783 | If you just want to queue some data and then signal EOF to the other side, |
|
|
1784 | consider using C<< ->push_shutdown >> instead. |
|
|
1785 | |
|
|
1786 | =item I want to contact a TLS/SSL server, I don't care about security. |
|
|
1787 | |
|
|
1788 | If your TLS server is a pure TLS server (e.g. HTTPS) that only speaks TLS, |
|
|
1789 | simply connect to it and then create the AnyEvent::Handle with the C<tls> |
|
|
1790 | parameter: |
|
|
1791 | |
|
|
1792 | tcp_connect $host, $port, sub { |
|
|
1793 | my ($fh) = @_; |
|
|
1794 | |
|
|
1795 | my $handle = new AnyEvent::Handle |
|
|
1796 | fh => $fh, |
|
|
1797 | tls => "connect", |
|
|
1798 | on_error => sub { ... }; |
|
|
1799 | |
|
|
1800 | $handle->push_write (...); |
|
|
1801 | }; |
|
|
1802 | |
|
|
1803 | =item I want to contact a TLS/SSL server, I do care about security. |
|
|
1804 | |
|
|
1805 | Then you should additionally enable certificate verification, including |
|
|
1806 | peername verification, if the protocol you use supports it (see |
|
|
1807 | L<AnyEvent::TLS>, C<verify_peername>). |
|
|
1808 | |
|
|
1809 | E.g. for HTTPS: |
|
|
1810 | |
|
|
1811 | tcp_connect $host, $port, sub { |
|
|
1812 | my ($fh) = @_; |
|
|
1813 | |
|
|
1814 | my $handle = new AnyEvent::Handle |
|
|
1815 | fh => $fh, |
|
|
1816 | peername => $host, |
|
|
1817 | tls => "connect", |
|
|
1818 | tls_ctx => { verify => 1, verify_peername => "https" }, |
|
|
1819 | ... |
|
|
1820 | |
|
|
1821 | Note that you must specify the hostname you connected to (or whatever |
|
|
1822 | "peername" the protocol needs) as the C<peername> argument, otherwise no |
|
|
1823 | peername verification will be done. |
|
|
1824 | |
|
|
1825 | The above will use the system-dependent default set of trusted CA |
|
|
1826 | certificates. If you want to check against a specific CA, add the |
|
|
1827 | C<ca_file> (or C<ca_cert>) arguments to C<tls_ctx>: |
|
|
1828 | |
|
|
1829 | tls_ctx => { |
|
|
1830 | verify => 1, |
|
|
1831 | verify_peername => "https", |
|
|
1832 | ca_file => "my-ca-cert.pem", |
|
|
1833 | }, |
|
|
1834 | |
|
|
1835 | =item I want to create a TLS/SSL server, how do I do that? |
|
|
1836 | |
|
|
1837 | Well, you first need to get a server certificate and key. You have |
|
|
1838 | three options: a) ask a CA (buy one, use cacert.org etc.) b) create a |
|
|
1839 | self-signed certificate (cheap. check the search engine of your choice, |
|
|
1840 | there are many tutorials on the net) or c) make your own CA (tinyca2 is a |
|
|
1841 | nice program for that purpose). |
|
|
1842 | |
|
|
1843 | Then create a file with your private key (in PEM format, see |
|
|
1844 | L<AnyEvent::TLS>), followed by the certificate (also in PEM format). The |
|
|
1845 | file should then look like this: |
|
|
1846 | |
|
|
1847 | -----BEGIN RSA PRIVATE KEY----- |
|
|
1848 | ...header data |
|
|
1849 | ... lots of base64'y-stuff |
|
|
1850 | -----END RSA PRIVATE KEY----- |
|
|
1851 | |
|
|
1852 | -----BEGIN CERTIFICATE----- |
|
|
1853 | ... lots of base64'y-stuff |
|
|
1854 | -----END CERTIFICATE----- |
|
|
1855 | |
|
|
1856 | The important bits are the "PRIVATE KEY" and "CERTIFICATE" parts. Then |
|
|
1857 | specify this file as C<cert_file>: |
|
|
1858 | |
|
|
1859 | tcp_server undef, $port, sub { |
|
|
1860 | my ($fh) = @_; |
|
|
1861 | |
|
|
1862 | my $handle = new AnyEvent::Handle |
|
|
1863 | fh => $fh, |
|
|
1864 | tls => "accept", |
|
|
1865 | tls_ctx => { cert_file => "my-server-keycert.pem" }, |
|
|
1866 | ... |
|
|
1867 | |
|
|
1868 | When you have intermediate CA certificates that your clients might not |
|
|
1869 | know about, just append them to the C<cert_file>. |
|
|
1870 | |
| 1636 | =back |
1871 | =back |
| 1637 | |
1872 | |
| 1638 | |
1873 | |
| 1639 | =head1 SUBCLASSING AnyEvent::Handle |
1874 | =head1 SUBCLASSING AnyEvent::Handle |
| 1640 | |
1875 | |
