ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/AnyEvent/lib/AnyEvent/Handle.pm
(Generate patch)

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.142 by root, Mon Jul 6 20:24:47 2009 UTC vs.
Revision 1.146 by root, Wed Jul 8 13:46:46 2009 UTC

14 14
15AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent 15AnyEvent::Handle - non-blocking I/O on file handles via AnyEvent
16 16
17=cut 17=cut
18 18
19our $VERSION = 4.452; 19our $VERSION = 4.8;
20 20
21=head1 SYNOPSIS 21=head1 SYNOPSIS
22 22
23 use AnyEvent; 23 use AnyEvent;
24 use AnyEvent::Handle; 24 use AnyEvent::Handle;
249 249
250A string used to identify the remote site - usually the DNS hostname 250A string used to identify the remote site - usually the DNS hostname
251(I<not> IDN!) used to create the connection, rarely the IP address. 251(I<not> IDN!) used to create the connection, rarely the IP address.
252 252
253Apart from being useful in error messages, this string is also used in TLS 253Apart from being useful in error messages, this string is also used in TLS
254peername verification (see C<verify_peername> in L<AnyEvent::TLS>). 254peername verification (see C<verify_peername> in L<AnyEvent::TLS>). This
255verification will be skipped when C<peername> is not specified or
256C<undef>.
255 257
256=item tls => "accept" | "connect" | Net::SSLeay::SSL object 258=item tls => "accept" | "connect" | Net::SSLeay::SSL object
257 259
258When this parameter is given, it enables TLS (SSL) mode, that means 260When this parameter is given, it enables TLS (SSL) mode, that means
259AnyEvent will start a TLS handshake as soon as the conenction has been 261AnyEvent will start a TLS handshake as soon as the conenction has been
296 298
297Instead of an object, you can also specify a hash reference with C<< key 299Instead of an object, you can also specify a hash reference with C<< key
298=> value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a 300=> value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a
299new TLS context object. 301new TLS context object.
300 302
301=item on_starttls => $cb->($handle, $success) 303=item on_starttls => $cb->($handle, $success[, $error_message])
302 304
303This callback will be invoked when the TLS/SSL handshake has finished. If 305This callback will be invoked when the TLS/SSL handshake has finished. If
304C<$success> is true, then the TLS handshake succeeded, otherwise it failed 306C<$success> is true, then the TLS handshake succeeded, otherwise it failed
305(C<on_stoptls> will not be called in this case). 307(C<on_stoptls> will not be called in this case).
306 308
307The session in C<< $handle->{tls} >> can still be examined in this 309The session in C<< $handle->{tls} >> can still be examined in this
308callback, even when the handshake was not successful. 310callback, even when the handshake was not successful.
311
312TLS handshake failures will not cause C<on_error> to be invoked when this
313callback is in effect, instead, the error message will be passed to C<on_starttls>.
314
315Without this callback, handshake failures lead to C<on_error> being
316called, as normal.
317
318Note that you cannot call C<starttls> right again in this callback. If you
319need to do that, start an zero-second timer instead whose callback can
320then call C<< ->starttls >> again.
309 321
310=item on_stoptls => $cb->($handle) 322=item on_stoptls => $cb->($handle)
311 323
312When a SSLv3/TLS shutdown/close notify/EOF is detected and this callback is 324When a SSLv3/TLS shutdown/close notify/EOF is detected and this callback is
313set, then it will be invoked after freeing the TLS session. If it is not, 325set, then it will be invoked after freeing the TLS session. If it is not,
349 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay}; 361 $self->no_delay (delete $self->{no_delay}) if exists $self->{no_delay};
350 362
351 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx}) 363 $self->starttls (delete $self->{tls}, delete $self->{tls_ctx})
352 if $self->{tls}; 364 if $self->{tls};
353 365
354 $self->on_drain (delete $self->{on_drain}) if exists $self->{on_drain}; 366 $self->on_drain (delete $self->{on_drain}) if $self->{on_drain};
355 367
356 $self->start_read 368 $self->start_read
357 if $self->{on_read}; 369 if $self->{on_read};
358 370
359 $self->{fh} && $self 371 $self->{fh} && $self
575 Scalar::Util::weaken $self; 587 Scalar::Util::weaken $self;
576 588
577 my $cb = sub { 589 my $cb = sub {
578 my $len = syswrite $self->{fh}, $self->{wbuf}; 590 my $len = syswrite $self->{fh}, $self->{wbuf};
579 591
580 if ($len >= 0) { 592 if (defined $len) {
581 substr $self->{wbuf}, 0, $len, ""; 593 substr $self->{wbuf}, 0, $len, "";
582 594
583 $self->{_activity} = AnyEvent->now; 595 $self->{_activity} = AnyEvent->now;
584 596
585 $self->{on_drain}($self) 597 $self->{on_drain}($self)
1435 my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ()); 1447 my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ());
1436 1448
1437 # reduce error string to look less scary 1449 # reduce error string to look less scary
1438 $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /; 1450 $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /;
1439 1451
1452 if ($self->{_on_starttls}) {
1453 (delete $self->{_on_starttls})->($self, undef, $err);
1454 &_freetls;
1455 } else {
1456 &_freetls;
1440 $self->_error (&Errno::EPROTO, 1, $err); 1457 $self->_error (&Errno::EPROTO, 1, $err);
1458 }
1441} 1459}
1442 1460
1443# poll the write BIO and send the data if applicable 1461# poll the write BIO and send the data if applicable
1444# also decode read data if possible 1462# also decode read data if possible
1445# this is basiclaly our TLS state machine 1463# this is basiclaly our TLS state machine
1461 && ($tmp != $ERROR_SYSCALL || $!); 1479 && ($tmp != $ERROR_SYSCALL || $!);
1462 } 1480 }
1463 1481
1464 while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { 1482 while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) {
1465 unless (length $tmp) { 1483 unless (length $tmp) {
1484 $self->{_on_starttls}
1485 and (delete $self->{_on_starttls})->($self, undef, "EOF during handshake"); # ???
1466 &_freetls; 1486 &_freetls;
1487
1467 if ($self->{on_stoptls}) { 1488 if ($self->{on_stoptls}) {
1468 $self->{on_stoptls}($self); 1489 $self->{on_stoptls}($self);
1469 return; 1490 return;
1470 } else { 1491 } else {
1471 # let's treat SSL-eof as we treat normal EOF 1492 # let's treat SSL-eof as we treat normal EOF
1489 $self->_drain_wbuf; 1510 $self->_drain_wbuf;
1490 } 1511 }
1491 1512
1492 $self->{_on_starttls} 1513 $self->{_on_starttls}
1493 and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK () 1514 and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK ()
1494 and (delete $self->{_on_starttls})->($self, 1); 1515 and (delete $self->{_on_starttls})->($self, 1, "TLS/SSL connection established");
1495} 1516}
1496 1517
1497=item $handle->starttls ($tls[, $tls_ctx]) 1518=item $handle->starttls ($tls[, $tls_ctx])
1498 1519
1499Instead of starting TLS negotiation immediately when the AnyEvent::Handle 1520Instead of starting TLS negotiation immediately when the AnyEvent::Handle
1570 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); 1591 $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
1571 1592
1572 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio}); 1593 Net::SSLeay::set_bio ($ssl, $self->{_rbio}, $self->{_wbio});
1573 1594
1574 $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) } 1595 $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) }
1575 if exists $self->{on_starttls}; 1596 if $self->{on_starttls};
1576 1597
1577 &_dotls; # need to trigger the initial handshake 1598 &_dotls; # need to trigger the initial handshake
1578 $self->start_read; # make sure we actually do read 1599 $self->start_read; # make sure we actually do read
1579} 1600}
1580 1601
1604sub _freetls { 1625sub _freetls {
1605 my ($self) = @_; 1626 my ($self) = @_;
1606 1627
1607 return unless $self->{tls}; 1628 return unless $self->{tls};
1608 1629
1609 $self->{_on_starttls}
1610 and (delete $self->{_on_starttls})->($self, undef);
1611
1612 $self->{tls_ctx}->_put_session (delete $self->{tls}); 1630 $self->{tls_ctx}->_put_session (delete $self->{tls});
1613 1631
1614 delete @$self{qw(_rbio _wbio _tls_wbuf)}; 1632 delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)};
1615} 1633}
1616 1634
1617sub DESTROY { 1635sub DESTROY {
1618 my ($self) = @_; 1636 my ($self) = @_;
1619 1637
1755 $handle->on_drain (sub { 1773 $handle->on_drain (sub {
1756 warn "all data submitted to the kernel\n"; 1774 warn "all data submitted to the kernel\n";
1757 undef $handle; 1775 undef $handle;
1758 }); 1776 });
1759 1777
1778If you just want to queue some data and then signal EOF to the other side,
1779consider using C<< ->push_shutdown >> instead.
1780
1781=item I want to contact a TLS/SSL server, I don't care about security.
1782
1783If your TLS server is a pure TLS server (e.g. HTTPS) that only speaks TLS,
1784simply connect to it and then create the AnyEvent::Handle with the C<tls>
1785parameter:
1786
1787 tcp_connect $host, $port, sub {
1788 my ($fh) = @_;
1789
1790 my $handle = new AnyEvent::Handle
1791 fh => $fh,
1792 tls => "connect",
1793 on_error => sub { ... };
1794
1795 $handle->push_write (...);
1796 };
1797
1798=item I want to contact a TLS/SSL server, I do care about security.
1799
1800Then you should additionally enable certificate verification, including
1801peername verification, if the protocol you use supports it (see
1802L<AnyEvent::TLS>, C<verify_peername>).
1803
1804E.g. for HTTPS:
1805
1806 tcp_connect $host, $port, sub {
1807 my ($fh) = @_;
1808
1809 my $handle = new AnyEvent::Handle
1810 fh => $fh,
1811 peername => $host,
1812 tls => "connect",
1813 tls_ctx => { verify => 1, verify_peername => "https" },
1814 ...
1815
1816Note that you must specify the hostname you connected to (or whatever
1817"peername" the protocol needs) as the C<peername> argument, otherwise no
1818peername verification will be done.
1819
1820The above will use the system-dependent default set of trusted CA
1821certificates. If you want to check against a specific CA, add the
1822C<ca_file> (or C<ca_cert>) arguments to C<tls_ctx>:
1823
1824 tls_ctx => {
1825 verify => 1,
1826 verify_peername => "https",
1827 ca_file => "my-ca-cert.pem",
1828 },
1829
1830=item I want to create a TLS/SSL server, how do I do that?
1831
1832Well, you first need to get a server certificate and key. You have
1833three options: a) ask a CA (buy one, use cacert.org etc.) b) create a
1834self-signed certificate (cheap. check the search engine of your choice,
1835there are many tutorials on the net) or c) make your own CA (tinyca2 is a
1836nice program for that purpose).
1837
1838Then create a file with your private key (in PEM format, see
1839L<AnyEvent::TLS>), followed by the certificate (also in PEM format). The
1840file should then look like this:
1841
1842 -----BEGIN RSA PRIVATE KEY-----
1843 ...header data
1844 ... lots of base64'y-stuff
1845 -----END RSA PRIVATE KEY-----
1846
1847 -----BEGIN CERTIFICATE-----
1848 ... lots of base64'y-stuff
1849 -----END CERTIFICATE-----
1850
1851The important bits are the "PRIVATE KEY" and "CERTIFICATE" parts. Then
1852specify this file as C<cert_file>:
1853
1854 tcp_server undef, $port, sub {
1855 my ($fh) = @_;
1856
1857 my $handle = new AnyEvent::Handle
1858 fh => $fh,
1859 tls => "accept",
1860 tls_ctx => { cert_file => "my-server-keycert.pem" },
1861 ...
1862
1863When you have intermediate CA certificates that your clients might not
1864know about, just append them to the C<cert_file>.
1865
1760=back 1866=back
1761 1867
1762 1868
1763=head1 SUBCLASSING AnyEvent::Handle 1869=head1 SUBCLASSING AnyEvent::Handle
1764 1870

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines