| … | |
… | |
| 429 | appropriate error message. |
429 | appropriate error message. |
| 430 | |
430 | |
| 431 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
431 | TLS mode requires Net::SSLeay to be installed (it will be loaded |
| 432 | automatically when you try to create a TLS handle): this module doesn't |
432 | automatically when you try to create a TLS handle): this module doesn't |
| 433 | have a dependency on that module, so if your module requires it, you have |
433 | have a dependency on that module, so if your module requires it, you have |
| 434 | to add the dependency yourself. |
434 | to add the dependency yourself. If Net::SSLeay cannot be loaded or is too |
|
|
435 | old, you get an C<EPROTO> error. |
| 435 | |
436 | |
| 436 | Unlike TCP, TLS has a server and client side: for the TLS server side, use |
437 | Unlike TCP, TLS has a server and client side: for the TLS server side, use |
| 437 | C<accept>, and for the TLS client side of a connection, use C<connect> |
438 | C<accept>, and for the TLS client side of a connection, use C<connect> |
| 438 | mode. |
439 | mode. |
| 439 | |
440 | |
| … | |
… | |
| 1937 | |
1938 | |
| 1938 | =item $handle->starttls ($tls[, $tls_ctx]) |
1939 | =item $handle->starttls ($tls[, $tls_ctx]) |
| 1939 | |
1940 | |
| 1940 | Instead of starting TLS negotiation immediately when the AnyEvent::Handle |
1941 | Instead of starting TLS negotiation immediately when the AnyEvent::Handle |
| 1941 | object is created, you can also do that at a later time by calling |
1942 | object is created, you can also do that at a later time by calling |
| 1942 | C<starttls>. |
1943 | C<starttls>. See the C<tls> constructor argument for general info. |
| 1943 | |
1944 | |
| 1944 | Starting TLS is currently an asynchronous operation - when you push some |
1945 | Starting TLS is currently an asynchronous operation - when you push some |
| 1945 | write data and then call C<< ->starttls >> then TLS negotiation will start |
1946 | write data and then call C<< ->starttls >> then TLS negotiation will start |
| 1946 | immediately, after which the queued write data is then sent. |
1947 | immediately, after which the queued write data is then sent. This might |
|
|
1948 | change in future versions, so best make sure you have no outstanding write |
|
|
1949 | data when calling this method. |
| 1947 | |
1950 | |
| 1948 | The first argument is the same as the C<tls> constructor argument (either |
1951 | The first argument is the same as the C<tls> constructor argument (either |
| 1949 | C<"connect">, C<"accept"> or an existing Net::SSLeay object). |
1952 | C<"connect">, C<"accept"> or an existing Net::SSLeay object). |
| 1950 | |
1953 | |
| 1951 | The second argument is the optional C<AnyEvent::TLS> object that is used |
1954 | The second argument is the optional C<AnyEvent::TLS> object that is used |
| … | |
… | |
| 1973 | my ($self, $tls, $ctx) = @_; |
1976 | my ($self, $tls, $ctx) = @_; |
| 1974 | |
1977 | |
| 1975 | Carp::croak "It is an error to call starttls on an AnyEvent::Handle object while TLS is already active, caught" |
1978 | Carp::croak "It is an error to call starttls on an AnyEvent::Handle object while TLS is already active, caught" |
| 1976 | if $self->{tls}; |
1979 | if $self->{tls}; |
| 1977 | |
1980 | |
|
|
1981 | unless (defined $AnyEvent::TLS::VERSION) { |
|
|
1982 | eval { |
|
|
1983 | require Net::SSLeay; |
|
|
1984 | require AnyEvent::TLS; |
|
|
1985 | 1 |
|
|
1986 | } or return $self->_error (Errno::EPROTO, 1, "TLS support not available on this system"); |
|
|
1987 | } |
|
|
1988 | |
| 1978 | $self->{tls} = $tls; |
1989 | $self->{tls} = $tls; |
| 1979 | $self->{tls_ctx} = $ctx if @_ > 2; |
1990 | $self->{tls_ctx} = $ctx if @_ > 2; |
| 1980 | |
1991 | |
| 1981 | return unless $self->{fh}; |
1992 | return unless $self->{fh}; |
| 1982 | |
1993 | |
| 1983 | require Net::SSLeay; |
|
|
| 1984 | |
|
|
| 1985 | $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); |
1994 | $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); |
| 1986 | $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); |
1995 | $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); |
| 1987 | |
1996 | |
| 1988 | $tls = delete $self->{tls}; |
1997 | $tls = delete $self->{tls}; |
| 1989 | $ctx = $self->{tls_ctx}; |
1998 | $ctx = $self->{tls_ctx}; |
| 1990 | |
1999 | |
| 1991 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session |
2000 | local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session |
| 1992 | |
2001 | |
| 1993 | if ("HASH" eq ref $ctx) { |
2002 | if ("HASH" eq ref $ctx) { |
| 1994 | require AnyEvent::TLS; |
|
|
| 1995 | |
|
|
| 1996 | if ($ctx->{cache}) { |
2003 | if ($ctx->{cache}) { |
| 1997 | my $key = $ctx+0; |
2004 | my $key = $ctx+0; |
| 1998 | $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx; |
2005 | $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx; |
| 1999 | } else { |
2006 | } else { |
| 2000 | $ctx = new AnyEvent::TLS %$ctx; |
2007 | $ctx = new AnyEvent::TLS %$ctx; |
