… | |
… | |
133 | and no read request is in the queue (unlike read queue callbacks, this |
133 | and no read request is in the queue (unlike read queue callbacks, this |
134 | callback will only be called when at least one octet of data is in the |
134 | callback will only be called when at least one octet of data is in the |
135 | read buffer). |
135 | read buffer). |
136 | |
136 | |
137 | To access (and remove data from) the read buffer, use the C<< ->rbuf >> |
137 | To access (and remove data from) the read buffer, use the C<< ->rbuf >> |
138 | method or access the C<$handle->{rbuf}> member directly. Note that you |
138 | method or access the C<< $handle->{rbuf} >> member directly. Note that you |
139 | must not enlarge or modify the read buffer, you can only remove data at |
139 | must not enlarge or modify the read buffer, you can only remove data at |
140 | the beginning from it. |
140 | the beginning from it. |
141 | |
141 | |
142 | When an EOF condition is detected then AnyEvent::Handle will first try to |
142 | When an EOF condition is detected then AnyEvent::Handle will first try to |
143 | feed all the remaining data to the queued callbacks and C<on_read> before |
143 | feed all the remaining data to the queued callbacks and C<on_read> before |
… | |
… | |
249 | |
249 | |
250 | A string used to identify the remote site - usually the DNS hostname |
250 | A string used to identify the remote site - usually the DNS hostname |
251 | (I<not> IDN!) used to create the connection, rarely the IP address. |
251 | (I<not> IDN!) used to create the connection, rarely the IP address. |
252 | |
252 | |
253 | Apart from being useful in error messages, this string is also used in TLS |
253 | Apart from being useful in error messages, this string is also used in TLS |
254 | common name verification (see C<verify_cn> in L<AnyEvent::TLS>). |
254 | peername verification (see C<verify_peername> in L<AnyEvent::TLS>). |
255 | |
255 | |
256 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
256 | =item tls => "accept" | "connect" | Net::SSLeay::SSL object |
257 | |
257 | |
258 | When this parameter is given, it enables TLS (SSL) mode, that means |
258 | When this parameter is given, it enables TLS (SSL) mode, that means |
259 | AnyEvent will start a TLS handshake as soon as the conenction has been |
259 | AnyEvent will start a TLS handshake as soon as the conenction has been |
… | |
… | |
1381 | our $ERROR_WANT_READ; |
1381 | our $ERROR_WANT_READ; |
1382 | our $ERROR_ZERO_RETURN; |
1382 | our $ERROR_ZERO_RETURN; |
1383 | |
1383 | |
1384 | sub _tls_error { |
1384 | sub _tls_error { |
1385 | my ($self, $err) = @_; |
1385 | my ($self, $err) = @_; |
1386 | warn "$err,$!\n";#d# |
|
|
1387 | |
1386 | |
1388 | return $self->_error ($!, 1) |
1387 | return $self->_error ($!, 1) |
1389 | if $err == Net::SSLeay::ERROR_SYSCALL (); |
1388 | if $err == Net::SSLeay::ERROR_SYSCALL (); |
1390 | |
1389 | |
|
|
1390 | my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ()); |
|
|
1391 | |
|
|
1392 | # reduce error string to look less scary |
|
|
1393 | $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /; |
|
|
1394 | |
1391 | $self->_error (&Errno::EPROTO, 1, |
1395 | $self->_error (&Errno::EPROTO, 1, $err); |
1392 | Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ())); |
|
|
1393 | } |
1396 | } |
1394 | |
1397 | |
1395 | # poll the write BIO and send the data if applicable |
1398 | # poll the write BIO and send the data if applicable |
1396 | # also decode read data if possible |
1399 | # also decode read data if possible |
1397 | # this is basiclaly our TLS state machine |
1400 | # this is basiclaly our TLS state machine |
… | |
… | |
1461 | If it an error to start a TLS handshake more than once per |
1464 | If it an error to start a TLS handshake more than once per |
1462 | AnyEvent::Handle object (this is due to bugs in OpenSSL). |
1465 | AnyEvent::Handle object (this is due to bugs in OpenSSL). |
1463 | |
1466 | |
1464 | =cut |
1467 | =cut |
1465 | |
1468 | |
|
|
1469 | our %TLS_CACHE; #TODO not yet documented, should we? |
|
|
1470 | |
1466 | sub starttls { |
1471 | sub starttls { |
1467 | my ($self, $ssl, $ctx) = @_; |
1472 | my ($self, $ssl, $ctx) = @_; |
1468 | |
1473 | |
1469 | require Net::SSLeay; |
1474 | require Net::SSLeay; |
1470 | |
1475 | |
… | |
… | |
1479 | |
1484 | |
1480 | if ("HASH" eq ref $ctx) { |
1485 | if ("HASH" eq ref $ctx) { |
1481 | require AnyEvent::TLS; |
1486 | require AnyEvent::TLS; |
1482 | |
1487 | |
1483 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context |
1488 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context |
|
|
1489 | |
|
|
1490 | if ($ctx->{cache}) { |
|
|
1491 | my $key = $ctx+0; |
|
|
1492 | $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx; |
|
|
1493 | } else { |
1484 | $ctx = new AnyEvent::TLS %$ctx; |
1494 | $ctx = new AnyEvent::TLS %$ctx; |
|
|
1495 | } |
1485 | } |
1496 | } |
1486 | |
1497 | |
1487 | $self->{tls_ctx} = $ctx || TLS_CTX (); |
1498 | $self->{tls_ctx} = $ctx || TLS_CTX (); |
1488 | $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername}); |
1499 | $self->{tls} = $ssl = $self->{tls_ctx}->_get_session ($ssl, $self, $self->{peername}); |
1489 | |
1500 | |