ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/AnyEvent/lib/AnyEvent/Handle.pm
(Generate patch)

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.130 by root, Mon Jun 29 21:00:32 2009 UTC vs.
Revision 1.134 by root, Fri Jul 3 00:09:04 2009 UTC

63 63
64=head1 METHODS 64=head1 METHODS
65 65
66=over 4 66=over 4
67 67
68=item B<new (%args)> 68=item $handle = B<new> AnyEvent::TLS fh => $filehandle, key => value...
69 69
70The constructor supports these arguments (all as key => value pairs). 70The constructor supports these arguments (all as C<< key => value >> pairs).
71 71
72=over 4 72=over 4
73 73
74=item fh => $filehandle [MANDATORY] 74=item fh => $filehandle [MANDATORY]
75 75
95waiting for data. 95waiting for data.
96 96
97If an EOF condition has been detected but no C<on_eof> callback has been 97If an EOF condition has been detected but no C<on_eof> callback has been
98set, then a fatal error will be raised with C<$!> set to <0>. 98set, then a fatal error will be raised with C<$!> set to <0>.
99 99
100=item on_error => $cb->($handle, $fatal) 100=item on_error => $cb->($handle, $fatal, $message)
101 101
102This is the error callback, which is called when, well, some error 102This is the error callback, which is called when, well, some error
103occured, such as not being able to resolve the hostname, failure to 103occured, such as not being able to resolve the hostname, failure to
104connect or a read error. 104connect or a read error.
105 105
107fatal errors the handle object will be shut down and will not be usable 107fatal errors the handle object will be shut down and will not be usable
108(but you are free to look at the current C<< ->rbuf >>). Examples of fatal 108(but you are free to look at the current C<< ->rbuf >>). Examples of fatal
109errors are an EOF condition with active (but unsatisifable) read watchers 109errors are an EOF condition with active (but unsatisifable) read watchers
110(C<EPIPE>) or I/O errors. 110(C<EPIPE>) or I/O errors.
111 111
112AnyEvent::Handle tries to find an appropriate error code for you to check
113against, but in some cases (TLS errors), this does not work well. It is
114recommended to always output the C<$message> argument in human-readable
115error messages (it's usually the same as C<"$!">).
116
112Non-fatal errors can be retried by simply returning, but it is recommended 117Non-fatal errors can be retried by simply returning, but it is recommended
113to simply ignore this parameter and instead abondon the handle object 118to simply ignore this parameter and instead abondon the handle object
114when this callback is invoked. Examples of non-fatal errors are timeouts 119when this callback is invoked. Examples of non-fatal errors are timeouts
115C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>). 120C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>).
116 121
117On callback entrance, the value of C<$!> contains the operating system 122On callback entrance, the value of C<$!> contains the operating system
118error (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT> or C<EBADMSG>). 123error code (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT>, C<EBADMSG> or
124C<EPROTO>).
119 125
120While not mandatory, it is I<highly> recommended to set this callback, as 126While not mandatory, it is I<highly> recommended to set this callback, as
121you will not be notified of errors otherwise. The default simply calls 127you will not be notified of errors otherwise. The default simply calls
122C<croak>. 128C<croak>.
123 129
237 243
238This will not work for partial TLS data that could not be encoded 244This will not work for partial TLS data that could not be encoded
239yet. This data will be lost. Calling the C<stoptls> method in time might 245yet. This data will be lost. Calling the C<stoptls> method in time might
240help. 246help.
241 247
248=item peername => $string
249
250A string used to identify the remote site - usually the DNS hostname
251(I<not> IDN!) used to create the connection, rarely the IP address.
252
253Apart from being useful in error messages, this string is also used in TLS
254common name verification (see C<verify_cn> in L<AnyEvent::TLS>).
255
242=item tls => "accept" | "connect" | Net::SSLeay::SSL object 256=item tls => "accept" | "connect" | Net::SSLeay::SSL object
243 257
244When this parameter is given, it enables TLS (SSL) mode, that means 258When this parameter is given, it enables TLS (SSL) mode, that means
245AnyEvent will start a TLS handshake as soon as the conenction has been 259AnyEvent will start a TLS handshake as soon as the conenction has been
246established and will transparently encrypt/decrypt data afterwards. 260established and will transparently encrypt/decrypt data afterwards.
261
262All TLS protocol errors will be signalled as C<EPROTO>, with an
263appropriate error message.
247 264
248TLS mode requires Net::SSLeay to be installed (it will be loaded 265TLS mode requires Net::SSLeay to be installed (it will be loaded
249automatically when you try to create a TLS handle): this module doesn't 266automatically when you try to create a TLS handle): this module doesn't
250have a dependency on that module, so if your module requires it, you have 267have a dependency on that module, so if your module requires it, you have
251to add the dependency yourself. 268to add the dependency yourself.
255mode. 272mode.
256 273
257You can also provide your own TLS connection object, but you have 274You can also provide your own TLS connection object, but you have
258to make sure that you call either C<Net::SSLeay::set_connect_state> 275to make sure that you call either C<Net::SSLeay::set_connect_state>
259or C<Net::SSLeay::set_accept_state> on it before you pass it to 276or C<Net::SSLeay::set_accept_state> on it before you pass it to
260AnyEvent::Handle. 277AnyEvent::Handle. Also, this module will take ownership of this connection
278object.
279
280At some future point, AnyEvent::Handle might switch to another TLS
281implementation, then the option to use your own session object will go
282away.
261 283
262B<IMPORTANT:> since Net::SSLeay "objects" are really only integers, 284B<IMPORTANT:> since Net::SSLeay "objects" are really only integers,
263passing in the wrong integer will lead to certain crash. This most often 285passing in the wrong integer will lead to certain crash. This most often
264happens when one uses a stylish C<< tls => 1 >> and is surprised about the 286happens when one uses a stylish C<< tls => 1 >> and is surprised about the
265segmentation fault. 287segmentation fault.
266 288
267See the C<< ->starttls >> method for when need to start TLS negotiation later. 289See the C<< ->starttls >> method for when need to start TLS negotiation later.
268 290
269=item tls_ctx => $ssl_ctx 291=item tls_ctx => $anyevent_tls
270 292
271Use the given C<Net::SSLeay::CTX> object to create the new TLS connection 293Use the given C<AnyEvent::TLS> object to create the new TLS connection
272(unless a connection object was specified directly). If this parameter is 294(unless a connection object was specified directly). If this parameter is
273missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>. 295missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>.
296
297Instead of an object, you can also specify a hash reference with C<< key
298=> value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a
299new TLS context object.
274 300
275=item json => JSON or JSON::XS object 301=item json => JSON or JSON::XS object
276 302
277This is the json coder object used by the C<json> read and write types. 303This is the json coder object used by the C<json> read and write types.
278 304
287 313
288=cut 314=cut
289 315
290sub new { 316sub new {
291 my $class = shift; 317 my $class = shift;
292
293 my $self = bless { @_ }, $class; 318 my $self = bless { @_ }, $class;
294 319
295 $self->{fh} or Carp::croak "mandatory argument fh is missing"; 320 $self->{fh} or Carp::croak "mandatory argument fh is missing";
296 321
297 AnyEvent::Util::fh_nonblocking $self->{fh}, 1; 322 AnyEvent::Util::fh_nonblocking $self->{fh}, 1;
323
324 $self->{_activity} = AnyEvent->now;
325 $self->_timeout;
326
327 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
298 328
299 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) 329 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx})
300 if $self->{tls}; 330 if $self->{tls};
301 331
302 $self->{_activity} = AnyEvent->now;
303 $self->_timeout;
304
305 $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; 332 $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain};
306 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
307 333
308 $self->start_read 334 $self->start_read
309 if $self->{on_read}; 335 if $self->{on_read};
310 336
311 $self 337 $self->{fh} && $self
312} 338}
313 339
314sub _shutdown { 340sub _shutdown {
315 my ($self) = @_; 341 my ($self) = @_;
316 342
317 delete @$self{qw(_tw _rw _ww fh rbuf wbuf on_read _queue)}; 343 delete @$self{qw(_tw _rw _ww fh wbuf on_read _queue)};
344 $self->{_eof} = 1; # tell starttls et. al to stop trying
318 345
319 &_freetls; 346 &_freetls;
320} 347}
321 348
322sub _error { 349sub _error {
323 my ($self, $errno, $fatal) = @_; 350 my ($self, $errno, $fatal, $message) = @_;
324 351
325 $self->_shutdown 352 $self->_shutdown
326 if $fatal; 353 if $fatal;
327 354
328 $! = $errno; 355 $! = $errno;
356 $message ||= "$!";
329 357
330 if ($self->{on_error}) { 358 if ($self->{on_error}) {
331 $self->{on_error}($self, $fatal); 359 $self->{on_error}($self, $fatal, $message);
332 } elsif ($self->{fh}) { 360 } elsif ($self->{fh}) {
333 Carp::croak "AnyEvent::Handle uncaught error: $!"; 361 Carp::croak "AnyEvent::Handle uncaught error: $message";
334 } 362 }
335} 363}
336 364
337=item $fh = $handle->fh 365=item $fh = $handle->fh
338 366
650 678
651 pack "w/a*", Storable::nfreeze ($ref) 679 pack "w/a*", Storable::nfreeze ($ref)
652}; 680};
653 681
654=back 682=back
683
684=item $handle->push_shutdown
685
686Sometimes you know you want to close the socket after writing your data
687before it was actually written. One way to do that is to replace your
688C<on_drain> handler by a callback that shuts down the socket. This method
689is a shorthand for just that, and replaces the C<on_drain> callback with:
690
691 sub { shutdown $_[0]{fh}, 1 } # for push_shutdown
692
693This simply shuts down the write side and signals an EOF condition to the
694the peer.
695
696You can rely on the normal read queue and C<on_eof> handling
697afterwards. This is the cleanest way to close a connection.
698
699=cut
700
701sub push_shutdown {
702 $_[0]->{on_drain} = sub { shutdown $_[0]{fh}, 1 };
703}
655 704
656=item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args) 705=item AnyEvent::Handle::register_write_type type => $coderef->($handle, @args)
657 706
658This function (not method) lets you add your own types to C<push_write>. 707This function (not method) lets you add your own types to C<push_write>.
659Whenever the given C<type> is used, C<push_write> will invoke the code 708Whenever the given C<type> is used, C<push_write> will invoke the code
1326 } 1375 }
1327 }); 1376 });
1328 } 1377 }
1329} 1378}
1330 1379
1380our $ERROR_SYSCALL;
1381our $ERROR_WANT_READ;
1382our $ERROR_ZERO_RETURN;
1383
1384sub _tls_error {
1385 my ($self, $err) = @_;
1386 warn "$err,$!\n";#d#
1387
1388 return $self->_error ($!, 1)
1389 if $err == Net::SSLeay::ERROR_SYSCALL ();
1390
1391 $self->_error (&Errno::EPROTO, 1,
1392 Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ()));
1393}
1394
1331# poll the write BIO and send the data if applicable 1395# poll the write BIO and send the data if applicable
1396# also decode read data if possible
1397# this is basiclaly our TLS state machine
1398# more efficient implementations are possible with openssl,
1399# but not with the buggy and incomplete Net::SSLeay.
1332sub _dotls { 1400sub _dotls {
1333 my ($self) = @_; 1401 my ($self) = @_;
1334 1402
1335 my $tmp; 1403 my $tmp;
1336 1404
1337 if (length $self->{_tls_wbuf}) { 1405 if (length $self->{_tls_wbuf}) {
1338 while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) { 1406 while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) {
1339 substr $self->{_tls_wbuf}, 0, $tmp, ""; 1407 substr $self->{_tls_wbuf}, 0, $tmp, "";
1340 } 1408 }
1409
1410 $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp);
1411 return $self->_tls_error ($tmp)
1412 if $tmp != $ERROR_WANT_READ
1413 && ($tmp != $ERROR_SYSCALL || $!)
1414 && $tmp != $ERROR_ZERO_RETURN;
1341 } 1415 }
1342 1416
1343 while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { 1417 while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) {
1344 unless (length $tmp) { 1418 unless (length $tmp) {
1345 # let's treat SSL-eof as we treat normal EOF 1419 # let's treat SSL-eof as we treat normal EOF
1352 $self->_drain_rbuf unless $self->{_in_drain}; 1426 $self->_drain_rbuf unless $self->{_in_drain};
1353 $self->{tls} or return; # tls session might have gone away in callback 1427 $self->{tls} or return; # tls session might have gone away in callback
1354 } 1428 }
1355 1429
1356 $tmp = Net::SSLeay::get_error ($self->{tls}, -1); 1430 $tmp = Net::SSLeay::get_error ($self->{tls}, -1);
1357
1358 if ($tmp != Net::SSLeay::ERROR_WANT_READ ()) {
1359 if ($tmp == Net::SSLeay::ERROR_SYSCALL ()) {
1360 return $self->_error ($!, 1); 1431 return $self->_tls_error ($tmp)
1361 } elsif ($tmp == Net::SSLeay::ERROR_SSL ()) { 1432 if $tmp != $ERROR_WANT_READ
1362 return $self->_error (&Errno::EIO, 1); 1433 && ($tmp != $ERROR_SYSCALL || $!)
1363 } 1434 && $tmp != $ERROR_ZERO_RETURN;
1364
1365 # all other errors are fine for our purposes
1366 }
1367 1435
1368 while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) { 1436 while (length ($tmp = Net::SSLeay::BIO_read ($self->{_wbio}))) {
1369 $self->{wbuf} .= $tmp; 1437 $self->{wbuf} .= $tmp;
1370 $self->_drain_wbuf; 1438 $self->_drain_wbuf;
1371 } 1439 }
1378C<starttls>. 1446C<starttls>.
1379 1447
1380The first argument is the same as the C<tls> constructor argument (either 1448The first argument is the same as the C<tls> constructor argument (either
1381C<"connect">, C<"accept"> or an existing Net::SSLeay object). 1449C<"connect">, C<"accept"> or an existing Net::SSLeay object).
1382 1450
1383The second argument is the optional C<Net::SSLeay::CTX> object that is 1451The second argument is the optional C<AnyEvent::TLS> object that is used
1384used when AnyEvent::Handle has to create its own TLS connection object. 1452when AnyEvent::Handle has to create its own TLS connection object, or
1453a hash reference with C<< key => value >> pairs that will be used to
1454construct a new context.
1385 1455
1386The TLS connection object will end up in C<< $handle->{tls} >> after this 1456The TLS connection object will end up in C<< $handle->{tls} >>, the TLS
1387call and can be used or changed to your liking. Note that the handshake 1457context in C<< $handle->{tls_ctx} >> after this call and can be used or
1388might have already started when this function returns. 1458changed to your liking. Note that the handshake might have already started
1459when this function returns.
1389 1460
1390If it an error to start a TLS handshake more than once per 1461If it an error to start a TLS handshake more than once per
1391AnyEvent::Handle object (this is due to bugs in OpenSSL). 1462AnyEvent::Handle object (this is due to bugs in OpenSSL).
1392 1463
1393=cut 1464=cut
1397 1468
1398 require Net::SSLeay; 1469 require Net::SSLeay;
1399 1470
1400 Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object" 1471 Carp::croak "it is an error to call starttls more than once on an AnyEvent::Handle object"
1401 if $self->{tls}; 1472 if $self->{tls};
1473
1474 $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL ();
1475 $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ ();
1476 $ERROR_ZERO_RETURN = Net::SSLeay::ERROR_ZERO_RETURN ();
1477
1478 $ctx ||= $self->{tls_ctx};
1479
1480 if ("HASH" eq ref $ctx) {
1481 require AnyEvent::TLS;
1482
1483 local $Carp::CarpLevel = 1; # skip ourselves when creating a new context
1484 $ctx = new AnyEvent::TLS %$ctx;
1485 }
1402 1486
1403 if ($ssl eq "accept") { 1487 $self->{tls_ctx} = $ctx || TLS_CTX ();
1404 $ssl = Net::SSLeay::new ($ctx || TLS_CTX ()); 1488 $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername});
1405 Net::SSLeay::set_accept_state ($ssl);
1406 } elsif ($ssl eq "connect") {
1407 $ssl = Net::SSLeay::new ($ctx || TLS_CTX ());
1408 Net::SSLeay::set_connect_state ($ssl);
1409 }
1410
1411 $self->{tls} = $ssl;
1412 1489
1413 # basically, this is deep magic (because SSL_read should have the same issues) 1490 # basically, this is deep magic (because SSL_read should have the same issues)
1414 # but the openssl maintainers basically said: "trust us, it just works". 1491 # but the openssl maintainers basically said: "trust us, it just works".
1415 # (unfortunately, we have to hardcode constants because the abysmally misdesigned 1492 # (unfortunately, we have to hardcode constants because the abysmally misdesigned
1416 # and mismaintained ssleay-module doesn't even offer them). 1493 # and mismaintained ssleay-module doesn't even offer them).
1420 # 1497 #
1421 # note that we do not try to keep the length constant between writes as we are required to do. 1498 # note that we do not try to keep the length constant between writes as we are required to do.
1422 # we assume that most (but not all) of this insanity only applies to non-blocking cases, 1499 # we assume that most (but not all) of this insanity only applies to non-blocking cases,
1423 # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to 1500 # and we drive openssl fully in blocking mode here. Or maybe we don't - openssl seems to
1424 # have identity issues in that area. 1501 # have identity issues in that area.
1425 Net::SSLeay::CTX_set_mode ($self->{tls}, 1502# Net::SSLeay::CTX_set_mode ($ssl,
1426 (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1) 1503# (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ENABLE_PARTIAL_WRITE () } || 1)
1427 | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2)); 1504# | (eval { local $SIG{__DIE__}; Net::SSLeay::MODE_ACCEPT_MOVING_WRITE_BUFFER () } || 2));
1505 Net::SSLeay::CTX_set_mode ($ssl, 1|2);
1428 1506
1429 $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); 1507 $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
1430 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); 1508 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
1431 1509
1432 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); 1510 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio});
1461sub _freetls { 1539sub _freetls {
1462 my ($self) = @_; 1540 my ($self) = @_;
1463 1541
1464 return unless $self->{tls}; 1542 return unless $self->{tls};
1465 1543
1466 Net::SSLeay::free (delete $self->{tls}); 1544 $self->{tls_ctx}->_put_session (delete $self->{tls});
1467 1545
1468 delete @$self{qw(_rbio _wbio _tls_wbuf)}; 1546 delete @$self{qw(_rbio _wbio _tls_wbuf)};
1469} 1547}
1470 1548
1471sub DESTROY { 1549sub DESTROY {
1521 %$self = (); 1599 %$self = ();
1522} 1600}
1523 1601
1524=item AnyEvent::Handle::TLS_CTX 1602=item AnyEvent::Handle::TLS_CTX
1525 1603
1526This function creates and returns the Net::SSLeay::CTX object used by 1604This function creates and returns the AnyEvent::TLS object used by default
1527default for TLS mode. 1605for TLS mode.
1528 1606
1529The context is created like this: 1607The context is created by calling L<AnyEvent::TLS> without any arguments.
1530
1531 Net::SSLeay::load_error_strings;
1532 Net::SSLeay::SSLeay_add_ssl_algorithms;
1533 Net::SSLeay::randomize;
1534
1535 my $CTX = Net::SSLeay::CTX_new;
1536
1537 Net::SSLeay::CTX_set_options $CTX, Net::SSLeay::OP_ALL
1538 1608
1539=cut 1609=cut
1540 1610
1541our $TLS_CTX; 1611our $TLS_CTX;
1542 1612
1543sub TLS_CTX() { 1613sub TLS_CTX() {
1544 $TLS_CTX || do { 1614 $TLS_CTX ||= do {
1545 require Net::SSLeay; 1615 require AnyEvent::TLS;
1546 1616
1547 Net::SSLeay::load_error_strings (); 1617 new AnyEvent::TLS
1548 Net::SSLeay::SSLeay_add_ssl_algorithms ();
1549 Net::SSLeay::randomize ();
1550
1551 $TLS_CTX = Net::SSLeay::CTX_new ();
1552
1553 Net::SSLeay::CTX_set_options ($TLS_CTX, Net::SSLeay::OP_ALL ());
1554
1555 $TLS_CTX
1556 } 1618 }
1557} 1619}
1558 1620
1559=back 1621=back
1560 1622

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines