1 |
package AnyEvent::TLS; |
2 |
|
3 |
use Carp qw(croak); |
4 |
use Scalar::Util (); |
5 |
|
6 |
use AnyEvent (); BEGIN { AnyEvent::common_sense } |
7 |
use AnyEvent::Util (); |
8 |
|
9 |
use Net::SSLeay; |
10 |
|
11 |
=head1 NAME |
12 |
|
13 |
AnyEvent::TLS - SSLv2/SSLv3/TLSv1 contexts for use in AnyEvent::Handle |
14 |
|
15 |
=cut |
16 |
|
17 |
our $VERSION = $AnyEvent::VERSION; |
18 |
|
19 |
=head1 SYNOPSIS |
20 |
|
21 |
# via AnyEvent::Handle |
22 |
|
23 |
use AnyEvent; |
24 |
use AnyEvent::Handle; |
25 |
use AnyEvent::Socket; |
26 |
|
27 |
# simple https-client |
28 |
my $handle = new AnyEvent::Handle |
29 |
connect => [$host, $port], |
30 |
tls => "connect", |
31 |
tls_ctx => { verify => 1, verify_peername => "https" }, |
32 |
... |
33 |
|
34 |
# simple ssl-server |
35 |
tcp_server undef, $port, sub { |
36 |
my ($fh) = @_; |
37 |
|
38 |
my $handle = new AnyEvent::Handle |
39 |
fh => $fh, |
40 |
tls => "accept", |
41 |
tls_ctx => { cert_file => "my-server-keycert.pem" }, |
42 |
... |
43 |
|
44 |
# directly |
45 |
|
46 |
my $tls = new AnyEvent::TLS |
47 |
verify => 1, |
48 |
verify_peername => "ldaps", |
49 |
ca_file => "/etc/cacertificates.pem"; |
50 |
|
51 |
=head1 DESCRIPTION |
52 |
|
53 |
This module is a helper module that implements TLS/SSL (Transport Layer |
54 |
Security/Secure Sockets Layer) contexts. A TLS context is a common set of |
55 |
configuration values for use in establishing TLS connections. |
56 |
|
57 |
For some quick facts about SSL/TLS, see the section of the same name near |
58 |
the end of the document. |
59 |
|
60 |
A single TLS context can be used for any number of TLS connections that |
61 |
wish to use the same certificates, policies etc. |
62 |
|
63 |
Note that this module is inherently tied to L<Net::SSLeay>, as this |
64 |
library is used to implement it. Since that perl module is rather ugly, |
65 |
and OpenSSL has a rather ugly license, AnyEvent might switch TLS providers |
66 |
at some future point, at which this API will change dramatically, at least |
67 |
in the Net::SSLeay-specific parts (most constructor arguments should still |
68 |
work, though). |
69 |
|
70 |
Although this module does not require a specific version of Net::SSLeay, |
71 |
many features will gradually stop working, or bugs will be introduced with |
72 |
old versions (verification might succeed when it shouldn't - this is a |
73 |
real security issue). Version 1.35 is recommended, 1.33 should work, 1.32 |
74 |
might, and older versions are yours to keep. |
75 |
|
76 |
=head1 USAGE EXAMPLES |
77 |
|
78 |
See the L<AnyEvent::Handle> manpage, NONFREQUENTLY ASKED QUESTIONS, for |
79 |
some actual usage examples. |
80 |
|
81 |
=head1 PUBLIC METHODS AND FUNCTIONS |
82 |
|
83 |
=over 4 |
84 |
|
85 |
=cut |
86 |
|
87 |
our $REF_IDX; # our session ex_data id |
88 |
|
89 |
# create temp file, populate it, and return a guard and filename |
90 |
sub _tmpfile($) { |
91 |
require File::Temp unless $File::Temp::VERSION; |
92 |
|
93 |
# File::Temp opens the file with mode 0600 |
94 |
my ($fh, $path) = File::Temp::tempfile ("aetlsXXXXXXXXX", TMPDIR => 1, EXLOCK => 0); |
95 |
my $guard = AnyEvent::Util::guard { unlink $path }; |
96 |
|
97 |
syswrite $fh, $_[0]; |
98 |
close $fh; |
99 |
|
100 |
($path, $guard) |
101 |
} |
102 |
|
103 |
our %DH_PARAMS = ( |
104 |
# These are the DH parameters from "Assigned Number for SKIP Protocols" |
105 |
# (http://www.skip-vpn.org/spec/numbers.html). |
106 |
# (or http://web.archive.org/web/20011212141438/http://www.skip-vpn.org/spec/numbers.html#params) |
107 |
# See there for how they were generated. |
108 |
# Note that g might not be a generator, |
109 |
# but this is not a problem since p is a safe prime. |
110 |
skip512 => "MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak|XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC", |
111 |
skip1024 => "MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY|jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6|ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC", |
112 |
skip2048 => "MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV|89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50|T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb|zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX|Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT|CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==", |
113 |
skip4096 => "MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ|l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt|Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS|Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98|VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc|alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM|sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9|ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte|OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH|AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL|KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=", |
114 |
|
115 |
# generated on a linux desktop with openssl using /dev/urandom - entropy_avail was >= 3600 each time |
116 |
# the 8192 bit key took 25 hours to generate :/ |
117 |
schmorp1024 => "MIGHAoGBAN+GjqAhNxLesSuGfDzYe6HdexXtHuxe85umshfPHfnmLSkGWl/FE27+|v+50mwY5XaNnCmo1VvGju4iTKxWoZTGgslUSc8KX197XWAXIpab8ESyg442if9Kr|vSOuu0fopwvvTOgHK8mkEWI4joU5G4/MQy+pnC5NIEVBP4HtGiTrAgEC", |
118 |
schmorp1539 => "MIHHAoHBByJzpVGUsXysX8w/+uuXRUCL9exhAixoHkaJU5lf4noJUtp9F0yr/5rb|hF8M9mSZJ+RlPyB+Zt37GPp1WQDO1+/2yZJX9kHE3+h5JCRoR8PKc2G+ts9jhM7r|CnTQ0z0b6s12Pusf+UhQPwLust4JAYE/LPuTK8yFiVx5L2a+aZhGMVlYN/12SEtY|jRl3lGXdZj9g8E2PzTQbA9CGy5dGIvz/ENTzTVleKuQ+80bzpVEPjZL9tv43Zc+l|MFLzxuE5uwIBAg==", |
119 |
schmorp2048 => "MIIBCAKCAQEAhR5Fn9h3Tgnc+q4o3CMkZtre3lLUyDT+1bf3aiVOt22JdDQndZLc|FeKz8AqliB3UIgNExc6oDtuG4znKPgklfOnHv/a9tl1AYQbV+QFM/E0jYl6oG8tF|Epgxezt1GCivvtu64ql0s213wr64QffNMt3hva8lNqK1PXfqp13PzzLzAVsfghrv|fMAX7/bYm1T5fAJdcah6FeZkKof+mqbs8HtRjfvrUF2npEM2WdupFu190vcwABnN|TTJheXCWv2BF2f9EEr61q3OUhSNWIThtZP+NKe2bACm1PebT0drAcaxKoMz9LjKr|y5onGs0TOuQ7JmhtZL45Zr4LwBcyTucLUwIBAg==", |
120 |
schmorp4096 => "MIICCAKCAgEA5WwA5lQg09YRYqc/JILCd2AfBmYBkF19wmCEJB8G3JhTxv8EGvYk|xyP2ecKVUvHTG8Xw/qpW8nRqzPIyV8QRf6YFYSf33Qnx2xYhcnqOumU3nfC0SNOL|/w2q1BA9BbHtW4574P+6hOQx9ftRtbtZ2HPKBMRcAKGjpYZiKopv0+UAM4NpEC2p|bfajp7pyVLeb/Aqm/oWP3L63wPlY1SDp+XRzrOAKB+/uLGqEwV0bBaxxGL29BpOp|O2z1ALGXiDCcLs9WTn9WqUhWDzUN6fahm53rd7zxwpFCb6K2YhaK0peG95jzSUJ8|aoL0KgWuC6v5+gPJHRu0HrQIdfAdN4VchqYOKE46uNNkQl8VJGu4RjYB7lFBpRwO|g2HCsGMo2X7BRmA1st66fh+JOd1smXMZG/2ozTOooL+ixcx4spNneg4aQerWl5cb|nWXKtPCp8yPzt/zoNzL3Fon2Ses3sNgMos0M/ZbnigScDxz84Ms6V/X8Z0L4m/qX|mL42dP40tgvmgqi6BdsBzcIWeHlEcIhmGcsEBxxKEg7gjb0OjjvatpUCJhmRrGjJ|LtMkBR68qr42OBMN/PBB4KPOWNUqTauXZajfCwYdbpvV24ZhtkcRdw1zisyARBSh|aTKW/GV8iLsUzlYN27LgVEwMwnWQaoecW6eOTNKGUURC3In6XZSvVzsCAQI=", |
121 |
schmorp8192 => "MIIECAKCBAEA/SAEbRSSLenVxoInHiltm/ztSwehGOhOiUKfzDcKlRBZHlCC9jBl|S/aeklM6Ucg8E6J2bnfoh6CAdnE/glQOn6CifhZr8X/rnlL9/eP+r9m+aiAw4l0D|MBd8BondbEqwTZthMmLtx0SslnevsFAZ1Cj8WgmUNaSPOukvJ1N7aQ98U+E99Pw3|VG8ANBydXqLqW2sogS8FtZoMbVywcQuaGmC7M6i3Akxe3CCSIpR/JkEZIytREBSC|CH+x3oW/w+wHzq3w8DGB9hqz1iMXqDMiPIMSdXC0DaIPokLnd7X8u6N14yCAco2h|P0gspD3J8pS2FpUY8ZTVjzbVCjhNNmTryBZAxHSWBuX4xYcCHUtfGlUe/IGLSVE1|xIdFpZUfvlvAJjVq0/TtDMg3r2JSXrhQVlr8MPJwSApDVr5kOBHT/uABio4z+5yR|PAvundznfyo9GGAWhIA36GQqsxSQfoRTjWssFoR/cu+9aomRwwOLkvObu8nCVVLH|nLdKDk5cIR0TvNs9HZ6ZmkzL7ah7cPzEKl7U6eE6yZLVYMNecnPLS6PSAIG4gxcq|CVQrrZjQLfTDrJn0OGgpShX85RaDsuiRtp2bpDZ23YDqdwr4wRjvIargjqc2zcF+|jIb7dUS6ci7bVG/CGOQUuiMWAiXZ3a1f343SMf9A05/sf1xwnMeco6STBLZ3X+PA|4urU+grtpWaFtS/fPD2ILn8nrJ3WuSKKUeSnVM46mmJQsOkyn7z8l3jNLB17GYKo|qc+0UuU/2PM9qtZdZElSM/ACLV2vdCuaibop4B9UIP9z3F8kfZ72+zKxpGiE+Bo1|x8SfG8FQw90mYIx+qZzJ8MCvc2wh+l4wDX5KxrhwvcouE2tHQlwfDgv/DiIXp173|hAmUCV0+bPRW8IIJvBODdAWtJe9hNwxj1FFYmPA7l4wa3gXV4I6tb+iO1MbwVjZ/|116tD5MdCo3JuSisgPYCHfkQccwEO0FHEuBbmfN+fQimQ8H0dePP8XctwbkplsB+|aLT5hYKmva/j9smEswgyHglPwc3WvZ+2DgKk7A7DHi7a2gDwCRQlHaXtNWx3992R|dfNgkSeB1CvGSQoo95WpC9ZoqGmcSlVqdetDU8iglPmfYTKO8aIPA6TuTQ/lQ0IW|90LQmqP23FwnNFiyqX8+rztLq4KVkTyeHIQwig6vFxgD8N+SbZCW2PPiB72TVF2U|WePU8MRTv1OIGBUBajF49k28HnZPSGlILHtFEkYkbPvomcE5ENnoejwzjktOTS5d|/R3SIOvCauOzadtzwTYOXT78ORaR1KI1cm8DzkkwJTd/Rrk07Q5vnvnSJQMwFUeH|PwJIgWBQf/GZ/OsDHmkbYR2ZWDClbKw2mwIBAg==", |
122 |
|
123 |
# finite field dhe parameters, some taken from firefox, some directly from RFC 7919 |
124 |
ffdhe2048 => "MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==", |
125 |
ffdhe3072 => "MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaDssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff37lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYuN///////////AgEC", |
126 |
ffdhe4096 => "MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXTmmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhghfDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYMfbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshqZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEIARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBIHNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=", |
127 |
ffdhe6144 => |
128 |
"MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaDssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff37lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qxiu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0KzAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMqOiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYEHziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAjw1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQOZf//////////AgEC", |
129 |
ffdhe8192 => "MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaDssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff37lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qxiu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0KzAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMqOiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYEHziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAjw1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/RqqjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uIKVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2CUVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEhe2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCmbt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRhTgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg==", |
130 |
); |
131 |
|
132 |
=item $tls = new AnyEvent::TLS key => value... |
133 |
|
134 |
The constructor supports these arguments (all as key => value pairs). |
135 |
|
136 |
=over 4 |
137 |
|
138 |
=item method => "sslv2" | "sslv3" | "tlsv1" | "tlsv1_1" | "tlsv1_2" | "tls" | "any" |
139 |
|
140 |
The protocol parser to use. C<sslv2>, C<sslv3>, C<tlsv1_1> |
141 |
and C<tlsv1_2> will use a parser for those protocols only (so will |
142 |
I<not> accept or create connections with/to other protocol versions), |
143 |
while C<any> (the default) uses a parser capable of all three |
144 |
protocols. |
145 |
|
146 |
The default is to use C<"any"> but disable SSLv2. This has the effect of |
147 |
sending a SSLv2 hello, indicating the support for SSLv3 and TLSv1, but not |
148 |
actually negotiating an (insecure) SSLv2 connection. |
149 |
|
150 |
Specifying a specific version is almost always wrong to use for a server |
151 |
speaking to a wide variety of clients (e.g. web browsers), and often wrong |
152 |
for a client. If you only want to allow a specific protocol version, use |
153 |
the C<tlsv1_1> method and separately specify C<tlsv1>, C<tlsv1_1> or |
154 |
C<tlsv1_2> arguments instead. |
155 |
|
156 |
For new services it is usually a good idea to enforce the C<TLSv1> method |
157 |
from the beginning. |
158 |
|
159 |
C<tlsv1_1> and C<Tlsv1_2> require L<Net::SSLeay> >= 1.55 and OpenSSL |
160 |
>= 1.0.1. C<tls> requires >= OpenSSL 1.1. Check the L<Net::SSLeay> |
161 |
and OpenSSL documentations for more details. |
162 |
|
163 |
=item sslv2 => $enabled |
164 |
|
165 |
Enable or disable SSLv2 (default set by Net::SSLeay and OpenSSL). |
166 |
|
167 |
=item sslv3 => $enabled |
168 |
|
169 |
Enable or disable SSLv3 (default set by Net::SSLeay and OpenSSL). |
170 |
|
171 |
=item tlsv1 => $enabled |
172 |
|
173 |
Enable or disable TLSv1 (default set by Net::SSLeay and OpenSSL). |
174 |
|
175 |
=item tlsv1_1 => $enabled |
176 |
|
177 |
Enable or disable TLSv1_1 (default set by Net::SSLeay and OpenSSL). |
178 |
|
179 |
This requires L<Net::SSLeay> >= 1.55 and OpenSSL >= 1.0.1. Check the |
180 |
L<Net::SSLeay> and OpenSSL documentations for more details. |
181 |
|
182 |
=item tlsv1_2 => $enabled |
183 |
|
184 |
Enable or disable TLSv1_2 (default set by Net::SSLeay and OpenSSL). |
185 |
|
186 |
This requires L<Net::SSLeay> >= 1.55 and OpenSSL >= 1.0.1. Check the |
187 |
L<Net::SSLeay> and OpenSSL documentations for more details. |
188 |
|
189 |
=item tlsv1_3 => $enabled |
190 |
|
191 |
Enable or disable TLSv1_3 (default set by Net::SSLeay and OpenSSL). |
192 |
|
193 |
This requires a new enough L<Net::SSLeay> and OpenSSL version, but |
194 |
NEt::SSLeay doesn't document much and trherefore the exact requirements |
195 |
are unknown. |
196 |
|
197 |
=item verify => $enable |
198 |
|
199 |
Enable or disable peer certificate checking (default is I<disabled>, which |
200 |
is I<not recommended>). |
201 |
|
202 |
This is the "master switch" for all verify-related parameters and |
203 |
functions. |
204 |
|
205 |
If it is disabled, then no peer certificate verification will be done |
206 |
- the connection will be encrypted, but the peer certificate won't be |
207 |
verified against any known CAs, or whether it is still valid or not. No |
208 |
peername verification or custom verification will be done either. |
209 |
|
210 |
If enabled, then the peer certificate (required in client mode, optional |
211 |
in server mode, see C<verify_require_client_cert>) will be checked against |
212 |
its CA certificate chain - that means there must be a signing chain from |
213 |
the peer certificate to any of the CA certificates you trust locally, as |
214 |
specified by the C<ca_file> and/or C<ca_path> and/or C<ca_cert> parameters |
215 |
(or the system default CA repository, if all of those parameters are |
216 |
missing - see also the L<AnyEvent> manpage for the description of |
217 |
PERL_ANYEVENT_CA_FILE). |
218 |
|
219 |
Other basic checks, such as checking the validity period, will also be |
220 |
done, as well as optional peername/hostname/common name verification |
221 |
C<verify_peername>. |
222 |
|
223 |
An optional C<verify_cb> callback can also be set, which will be invoked |
224 |
with the verification results, and which can override the decision. |
225 |
|
226 |
=item verify_require_client_cert => $enable |
227 |
|
228 |
Enable or disable mandatory client certificates (default is |
229 |
I<disabled>). When this mode is enabled, then a client certificate will be |
230 |
required in server mode (a server certificate is mandatory, so in client |
231 |
mode, this switch has no effect). |
232 |
|
233 |
=item verify_peername => $scheme | $callback->($tls, $cert, $peername) |
234 |
|
235 |
TLS only protects the data that is sent - it cannot automatically verify |
236 |
that you are really talking to the right peer. The reason is that |
237 |
certificates contain a "common name" (and a set of possible alternative |
238 |
"names") that need to be checked against the peername (usually, but not |
239 |
always, the DNS name of the server) in a protocol-dependent way. |
240 |
|
241 |
This can be implemented by specifying a callback that has to verify that |
242 |
the actual C<$peername> matches the given certificate in C<$cert>. |
243 |
|
244 |
Since this can be rather hard to implement, AnyEvent::TLS offers a variety |
245 |
of predefined "schemes" (lifted from L<IO::Socket::SSL>) that are named |
246 |
like the protocols that use them: |
247 |
|
248 |
=over 4 |
249 |
|
250 |
=item ldap (rfc4513), pop3,imap,acap (rfc2995), nntp (rfc4642) |
251 |
|
252 |
Simple wildcards in subjectAltNames are possible, e.g. *.example.org |
253 |
matches www.example.org but not lala.www.example.org. If nothing from |
254 |
subjectAltNames matches, it checks against the common name, but there are |
255 |
no wildcards allowed. |
256 |
|
257 |
=item http (rfc2818) |
258 |
|
259 |
Extended wildcards in subjectAltNames are possible, e.g. *.example.org or |
260 |
even www*.example.org. Wildcards in the common name are not allowed. The |
261 |
common name will be only checked if no host names are given in |
262 |
subjectAltNames. |
263 |
|
264 |
=item smtp (rfc3207) |
265 |
|
266 |
This RFC isn't very useful in determining how to do verification so it |
267 |
just assumes that subjectAltNames are possible, but no wildcards are |
268 |
possible anywhere. |
269 |
|
270 |
=item [$wildcards_in_alt, $wildcards_in_cn, $check_cn] |
271 |
|
272 |
You can also specify a scheme yourself by using an array reference with |
273 |
three integers. |
274 |
|
275 |
C<$wildcards_in_alt> and C<$wildcards_in_cn> specify whether and where |
276 |
wildcards (C<*>) are allowed in subjectAltNames and the common name, |
277 |
respectively. C<0> means no wildcards are allowed, C<1> means they |
278 |
are allowed only as the first component (C<*.example.org>), and C<2> |
279 |
means they can be used anywhere (C<www*.example.org>), except that very |
280 |
dangerous matches will not be allowed (C<*.org> or C<*>). |
281 |
|
282 |
C<$check_cn> specifies if and how the common name field is checked: C<0> |
283 |
means it will be completely ignored, C<1> means it will only be used if |
284 |
no host names have been found in the subjectAltNames, and C<2> means the |
285 |
common name will always be checked against the peername. |
286 |
|
287 |
=back |
288 |
|
289 |
You can specify either the name of the parent protocol (recommended, |
290 |
e.g. C<http>, C<ldap>), the protocol name as usually used in URIs |
291 |
(e.g. C<https>, C<ldaps>) or the RFC (not recommended, e.g. C<rfc2995>, |
292 |
C<rfc3920>). |
293 |
|
294 |
This verification will only be done when verification is enabled (C<< |
295 |
verify => 1 >>). |
296 |
|
297 |
=item verify_cb => $callback->($tls, $ref, $cn, $depth, $preverify_ok, $x509_store_ctx, $cert) |
298 |
|
299 |
Provide a custom peer verification callback used by TLS sessions, |
300 |
which is called with the result of any other verification (C<verify>, |
301 |
C<verify_peername>). |
302 |
|
303 |
This callback will only be called when verification is enabled (C<< verify |
304 |
=> 1 >>). |
305 |
|
306 |
C<$tls> is the C<AnyEvent::TLS> object associated with the session, |
307 |
while C<$ref> is whatever the user associated with the session (usually |
308 |
an L<AnyEvent::Handle> object when used by AnyEvent::Handle). |
309 |
|
310 |
C<$depth> is the current verification depth - C<$depth = 0> means the |
311 |
certificate to verify is the peer certificate, higher levels are its CA |
312 |
certificate and so on. In most cases, you can just return C<$preverify_ok> |
313 |
if the C<$depth> is non-zero: |
314 |
|
315 |
verify_cb => sub { |
316 |
my ($tls, $ref, $cn, $depth, $preverify_ok, $x509_store_ctx, $cert) = @_; |
317 |
|
318 |
return $preverify_ok |
319 |
if $depth; |
320 |
|
321 |
# more verification |
322 |
}, |
323 |
|
324 |
C<$preverify_ok> is true iff the basic verification of the certificates |
325 |
was successful (a valid CA chain must exist, the certificate has passed |
326 |
basic validity checks, peername verification succeeded). |
327 |
|
328 |
C<$x509_store_ctx> is the Net::SSLeay::X509_CTX> object. |
329 |
|
330 |
C<$cert> is the C<Net::SSLeay::X509> object representing the |
331 |
peer certificate, or zero if there was an error. You can call |
332 |
C<AnyEvent::TLS::certname $cert> to get a nice user-readable string to |
333 |
identify the certificate. |
334 |
|
335 |
The callback must return either C<0> to indicate failure, or C<1> to |
336 |
indicate success. |
337 |
|
338 |
=item verify_client_once => $enable |
339 |
|
340 |
Enable or disable skipping the client certificate verification on |
341 |
renegotiations (default is I<disabled>, the certificate will always be |
342 |
checked). Only makes sense in server mode. |
343 |
|
344 |
=item ca_file => $path |
345 |
|
346 |
If this parameter is specified and non-empty, it will be the path to a |
347 |
file with (server) CA certificates in PEM format that will be loaded. Each |
348 |
certificate will look like: |
349 |
|
350 |
-----BEGIN CERTIFICATE----- |
351 |
... (CA certificate in base64 encoding) ... |
352 |
-----END CERTIFICATE----- |
353 |
|
354 |
You have to enable verify mode (C<< verify => 1 >>) for this parameter to |
355 |
have any effect. |
356 |
|
357 |
=item ca_path => $path |
358 |
|
359 |
If this parameter is specified and non-empty, it will be |
360 |
the path to a directory with hashed CA certificate files in |
361 |
PEM format. When the ca certificate is being verified, the |
362 |
certificate will be hashed and looked up in that directory (see |
363 |
L<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html> for |
364 |
details) |
365 |
|
366 |
The certificates specified via C<ca_file> take precedence over the ones |
367 |
found in C<ca_path>. |
368 |
|
369 |
You have to enable verify mode (C<< verify => 1 >>) for this parameter to |
370 |
have any effect. |
371 |
|
372 |
=item ca_cert => $string |
373 |
|
374 |
In addition or instead of using C<ca_file> and/or C<ca_path>, you can |
375 |
also use C<ca_cert> to directly specify the CA certificates (there can be |
376 |
multiple) in PEM format, in a string. |
377 |
|
378 |
=item check_crl => $enable |
379 |
|
380 |
Enable or disable certificate revocation list checking. If enabled, then |
381 |
peer certificates will be checked against a list of revoked certificates |
382 |
issued by the CA. The revocation lists will be expected in the C<ca_path> |
383 |
directory. |
384 |
|
385 |
certificate verification will fail if this is enabled but no revocation |
386 |
list was found. |
387 |
|
388 |
This requires OpenSSL >= 0.9.7b. Check the OpenSSL documentation for more |
389 |
details. |
390 |
|
391 |
=item key_file => $path |
392 |
|
393 |
Path to the local private key file in PEM format (might be a combined |
394 |
certificate/private key file). |
395 |
|
396 |
The local certificate is used to authenticate against the peer - servers |
397 |
mandatorily need a certificate and key, clients can use a certificate and |
398 |
key optionally to authenticate, e.g. for log-in purposes. |
399 |
|
400 |
The key in the file should look similar this: |
401 |
|
402 |
-----BEGIN RSA PRIVATE KEY----- |
403 |
...header data |
404 |
... (key data in base64 encoding) ... |
405 |
-----END RSA PRIVATE KEY----- |
406 |
|
407 |
=item key => $string |
408 |
|
409 |
The private key string in PEM format (see C<key_file>, only one of |
410 |
C<key_file> or C<key> can be specified). |
411 |
|
412 |
The idea behind being able to specify a string is to avoid blocking in |
413 |
I/O. Unfortunately, Net::SSLeay fails to implement any interface to the |
414 |
needed OpenSSL functionality, this is currently implemented by writing to |
415 |
a temporary file. |
416 |
|
417 |
=item cert_file => $path |
418 |
|
419 |
The path to the local certificate file in PEM format (might be a combined |
420 |
certificate/private key file, including chained certificates). |
421 |
|
422 |
The local certificate (and key) are used to authenticate against the |
423 |
peer - servers mandatorily need a certificate and key, clients can use |
424 |
certificate and key optionally to authenticate, e.g. for log-in purposes. |
425 |
|
426 |
The certificate in the file should look like this: |
427 |
|
428 |
-----BEGIN CERTIFICATE----- |
429 |
... (certificate in base64 encoding) ... |
430 |
-----END CERTIFICATE----- |
431 |
|
432 |
If the certificate file or string contain both the certificate and |
433 |
private key, then there is no need to specify a separate C<key_file> or |
434 |
C<key>. |
435 |
|
436 |
Additional signing certifiates to send to the peer (in SSLv3 and newer) |
437 |
can be specified by appending them to the certificate proper: the order |
438 |
must be from issuer certificate over any intermediate CA certificates to |
439 |
the root CA. |
440 |
|
441 |
So the recommended ordering for a combined key/cert/chain file, specified |
442 |
via C<cert_file> or C<cert> looks like this: |
443 |
|
444 |
certificate private key |
445 |
client/server certificate |
446 |
ca 1, signing client/server certficate |
447 |
ca 2, signing ca 1 |
448 |
... |
449 |
|
450 |
=item cert => $string |
451 |
|
452 |
The local certificate in PEM format (might be a combined |
453 |
certificate/private key file). See C<cert_file>. |
454 |
|
455 |
The idea behind being able to specify a string is to avoid blocking in |
456 |
I/O. Unfortunately, Net::SSLeay fails to implement any interface to the |
457 |
needed OpenSSL functionality, this is currently implemented by writing to |
458 |
a temporary file. |
459 |
|
460 |
=item cert_password => $string | $callback->($tls) |
461 |
|
462 |
The certificate password - if the certificate is password-protected, then |
463 |
you can specify its password here. |
464 |
|
465 |
Instead of providing a password directly (which is not so recommended), |
466 |
you can also provide a password-query callback. The callback will be |
467 |
called whenever a password is required to decode a local certificate, and |
468 |
is supposed to return the password. |
469 |
|
470 |
=item dh_file => $path |
471 |
|
472 |
Path to a file containing Diffie-Hellman parameters in PEM format, for |
473 |
use in servers. See also C<dh> on how to specify them directly, or use a |
474 |
pre-generated set. |
475 |
|
476 |
Diffie-Hellman key exchange generates temporary encryption keys that |
477 |
are not transferred over the connection, which means that even if the |
478 |
certificate key(s) are made public at a later time and a full dump of the |
479 |
connection exists, the key still cannot be deduced. |
480 |
|
481 |
These ciphers are only available with SSLv3 and later (which is the |
482 |
default with AnyEvent::TLS), and are only used in server/accept |
483 |
mode. Anonymous DH protocols are usually disabled by default, and usually |
484 |
not even compiled into the underlying library, as they provide no direct |
485 |
protection against man-in-the-middle attacks. The same is true for the |
486 |
common practise of self-signed certificates that you have to accept first, |
487 |
of course. |
488 |
|
489 |
=item dh => $string |
490 |
|
491 |
Specify the Diffie-Hellman parameters in PEM format directly as a string |
492 |
(see C<dh_file>), the default is C<ffdhe3072> unless C<dh_file> was |
493 |
specified. |
494 |
|
495 |
AnyEvent::TLS supports supports a number of precomputed DH parameters, |
496 |
since computing them is expensive. They are: |
497 |
|
498 |
# from RFC 7919 - recommended |
499 |
ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 |
500 |
|
501 |
# from "Assigned Number for SKIP Protocols" |
502 |
skip512, skip1024, skip2048, skip4096 |
503 |
|
504 |
# from schmorp |
505 |
schmorp1024, schmorp1539, schmorp2048, schmorp4096, schmorp8192 |
506 |
|
507 |
It is said that 2048 bit DH parameters are safe till 2030, and DH |
508 |
parameters shorter than 900 bits are totally insecure. |
509 |
|
510 |
To disable DH protocols completely, specify C<undef> as C<dh> parameter. |
511 |
|
512 |
=item dh_single_use => $enable |
513 |
|
514 |
Enables or disables "use only once" mode when using Diffie-Hellman key |
515 |
exchange. When enabled (default), each time a new key is exchanged a new |
516 |
Diffie-Hellman key is generated, which improves security as each key is |
517 |
only used once. When disabled, the key will be created as soon as the |
518 |
AnyEvent::TLS object is created and will be reused. |
519 |
|
520 |
All the DH parameters supplied with AnyEvent::TLS should be safe with |
521 |
C<dh_single_use> switched off, but YMMV. |
522 |
|
523 |
=item cipher_list => $string |
524 |
|
525 |
The list of ciphers to use, as a string (example: |
526 |
C<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>). The format |
527 |
of this string and its default value is documented at |
528 |
L<https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html>. |
529 |
|
530 |
=item session_ticket => $enable |
531 |
|
532 |
Enables or disables RC5077 support (Session Resumption without Server-Side |
533 |
State). The default is disabled for clients, as many (buggy) TLS/SSL |
534 |
servers choke on it, but enabled for servers. |
535 |
|
536 |
When enabled and supported by the server, a session ticket will be |
537 |
provided to the client, which allows fast resuming of connections. |
538 |
|
539 |
=item prepare => $coderef->($tls) |
540 |
|
541 |
If this argument is present, then it will be called with the new |
542 |
AnyEvent::TLS object after any other initialisation has been done, in case |
543 |
you wish to fine-tune something... |
544 |
|
545 |
=cut |
546 |
|
547 |
#=item trust => $trust |
548 |
# |
549 |
#Sets the expected (root) certificate use on this context, i.e. what |
550 |
#certificates to trust. The default is C<compat>, and the following strings |
551 |
#are supported: |
552 |
# |
553 |
# compat any certifictae will do |
554 |
# ssl_client only trust client certificates |
555 |
# ssl_server only trust server certificates |
556 |
# email only trust e-mail certificates |
557 |
# object_sign only trust signing (CA) certificates |
558 |
# ocsp_sign only trust ocsp signing certs |
559 |
# ocsp_request only trust ocsp request certs |
560 |
|
561 |
# purpose? |
562 |
|
563 |
#TODO |
564 |
# verify_depth? |
565 |
# reuse_ctx |
566 |
# session_cache_size |
567 |
# session_cache |
568 |
|
569 |
#=item debug => $level |
570 |
# |
571 |
#Enable or disable sending debugging output to STDERR. This is, as |
572 |
#the name says, mostly for debugging. The default is taken from the |
573 |
#C<PERL_ANYEVENT_TLS_DEBUG> environment variable. |
574 |
# |
575 |
#=cut |
576 |
|
577 |
=back |
578 |
|
579 |
=cut |
580 |
|
581 |
sub init (); |
582 |
|
583 |
#our %X509_TRUST = ( |
584 |
# compat => 1, |
585 |
# ssl_client => 2, |
586 |
# ssl_server => 3, |
587 |
# email => 4, |
588 |
# object_sign => 5, |
589 |
# ocsp_sign => 6, |
590 |
# ocsp_request => 7, |
591 |
#); |
592 |
|
593 |
BEGIN { |
594 |
eval 'sub _check_tls_gt_1 (){' |
595 |
. (($Net::SSLeay::VERSION >= 1.55 && Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x1000100f) * 1) |
596 |
. '}'; |
597 |
|
598 |
# As of this writing, Net::SSLeay (1.88-1) has not really been ported |
599 |
# to OpenSSL 1.1, but many distributions and users compile it against |
600 |
# openssl 1.1, leading to many symbols not being defined because they |
601 |
# are now enums instead of macros and have different prefixes. |
602 |
# The only one we use is SSL_ST_OK, or TLS_ST_OK, which should be |
603 |
# available as Net::SSLeay::ST_OK. If it is not callable, we define it |
604 |
# to be 1, which hopefully will not change. |
605 |
unless (eval 'Net::SSLeay::ST_OK (); 1') { |
606 |
AE::log 5 => "Your Net::SSLeay module is BROKEN, hardcoding constants as last resort."; |
607 |
*Net::SSLeay::ST_OK = sub () { 1 }; |
608 |
} |
609 |
} |
610 |
|
611 |
our %SSL_METHODS = ( |
612 |
any => \&Net::SSLeay::CTX_new, |
613 |
sslv23 => \&Net::SSLeay::CTX_new, # deliberately undocumented |
614 |
sslv2 => \&Net::SSLeay::CTX_v2_new, |
615 |
sslv3 => \&Net::SSLeay::CTX_v3_new, |
616 |
tlsv1 => \&Net::SSLeay::CTX_tlsv1_new, |
617 |
); |
618 |
|
619 |
# Add TLSv1_1 and TLSv1_2 if Net::SSLeay and openssl allow them |
620 |
if (_check_tls_gt_1) { |
621 |
$SSL_METHODS{tlsv1_1} = \&Net::SSLeay::CTX_tlsv1_1_new; |
622 |
$SSL_METHODS{tlsv1_2} = \&Net::SSLeay::CTX_tlsv1_2_new; |
623 |
} else { |
624 |
for my $method (qw(tlsv1_1 tlsv1_2)) { |
625 |
$SSL_METHODS{$method} = sub { croak "AnyEvent::TLS method '$method' requires openssl v1.0.1 and Net::SSLeay 1.55 or higher" }; |
626 |
} |
627 |
} |
628 |
|
629 |
if (Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x10100000 && defined &Net::SSLeay::TLS_method) { |
630 |
$SSL_METHODS{tls} = sub { |
631 |
Net::SSLeay::CTX_new_with_method (Net::SSLeay::TLS_method ()) |
632 |
}; |
633 |
} else { |
634 |
$SSL_METHODS{tls} = sub { croak "AnyEvent::TLS method 'tls' requires openssl v1.1 and Net::SSLeay with support for it" }; |
635 |
} |
636 |
|
637 |
sub new { |
638 |
my ($class, %arg) = @_; |
639 |
|
640 |
init unless $REF_IDX; |
641 |
|
642 |
my $method = lc $arg{method} || "any"; |
643 |
|
644 |
my $ctx = ($SSL_METHODS{$method} |
645 |
|| croak "'$method' is not a valid AnyEvent::TLS method (must be one of @{[ sort keys %SSL_METHODS ]})")->(); |
646 |
|
647 |
my $self = bless { ctx => $ctx }, $class; # to make sure it's destroyed if we croak |
648 |
|
649 |
my $op = Net::SSLeay::OP_ALL (); |
650 |
|
651 |
$op |= Net::SSLeay::OP_NO_SSLv2 () unless $arg{sslv2}; |
652 |
$op |= Net::SSLeay::OP_NO_SSLv3 () if exists $arg{sslv3} && !$arg{sslv3}; |
653 |
$op |= Net::SSLeay::OP_NO_TLSv1 () if exists $arg{tlsv1} && !$arg{tlsv1}; |
654 |
$op |= Net::SSLeay::OP_NO_TLSv1_1 () if exists $arg{tlsv1_1} && !$arg{tlsv1_1} && _check_tls_gt_1; |
655 |
$op |= Net::SSLeay::OP_NO_TLSv1_2 () if exists $arg{tlsv1_2} && !$arg{tlsv1_2} && _check_tls_gt_1; |
656 |
$op |= Net::SSLeay::OP_NO_TLSv1_3 () if exists $arg{tlsv1_3} && !$arg{tlsv1_3} && _check_tls_gt_1; |
657 |
$op |= Net::SSLeay::OP_SINGLE_DH_USE () if !exists $arg{dh_single_use} || $arg{dh_single_use}; |
658 |
|
659 |
Net::SSLeay::CTX_set_options ($ctx, $op); |
660 |
|
661 |
Net::SSLeay::CTX_set_cipher_list ($ctx, $arg{cipher_list}) |
662 |
or croak "'$arg{cipher_list}' was not accepted as a valid cipher list by AnyEvent::TLS" |
663 |
if exists $arg{cipher_list}; |
664 |
|
665 |
my ($dh_bio, $dh_file); |
666 |
|
667 |
if (exists $arg{dh_file}) { |
668 |
$dh_file = $arg{dh_file}; |
669 |
|
670 |
$dh_bio = Net::SSLeay::BIO_new_file ($dh_file, "r") |
671 |
or croak "$dh_file: failed to open DH parameter file: $!"; |
672 |
} else { |
673 |
$arg{dh} = "ffdhe3072" unless exists $arg{dh}; |
674 |
|
675 |
if (defined $arg{dh}) { |
676 |
$dh_file = "dh string"; |
677 |
|
678 |
if ($arg{dh} =~ /^\w+$/) { |
679 |
$dh_file = "dh params $arg{dh}"; |
680 |
$arg{dh} = "-----BEGIN DH PARAMETERS-----\n" |
681 |
. (join "\n", unpack "(a74)*", $DH_PARAMS{$arg{dh}}) . "\n" |
682 |
. "-----END DH PARAMETERS-----"; |
683 |
$arg{dh} =~ s/\|/\n/g; |
684 |
} |
685 |
|
686 |
$dh_bio = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); |
687 |
Net::SSLeay::BIO_write ($dh_bio, $arg{dh}); |
688 |
} |
689 |
} |
690 |
|
691 |
if ($dh_bio) { |
692 |
my $dh = Net::SSLeay::PEM_read_bio_DHparams ($dh_bio); |
693 |
Net::SSLeay::BIO_free ($dh_bio); |
694 |
$dh or croak "$dh_file: failed to parse DH parameters - not PEM format?"; |
695 |
my $rv = Net::SSLeay::CTX_set_tmp_dh ($ctx, $dh); |
696 |
Net::SSLeay::DH_free ($dh); |
697 |
$rv or croak "$dh_file: failed to set DH parameters"; |
698 |
} |
699 |
|
700 |
if ($arg{verify}) { |
701 |
$self->{verify_mode} = Net::SSLeay::VERIFY_PEER (); |
702 |
|
703 |
$self->{verify_mode} |= Net::SSLeay::VERIFY_FAIL_IF_NO_PEER_CERT () |
704 |
if $arg{verify_require_client_cert}; |
705 |
|
706 |
$self->{verify_mode} |= Net::SSLeay::VERIFY_CLIENT_ONCE () |
707 |
if $arg{verify_client_once}; |
708 |
|
709 |
} else { |
710 |
$self->{verify_mode} = Net::SSLeay::VERIFY_NONE (); |
711 |
} |
712 |
|
713 |
$self->{verify_peername} = $arg{verify_peername} |
714 |
if exists $arg{verify_peername}; |
715 |
|
716 |
$self->{verify_cb} = $arg{verify_cb} |
717 |
if exists $arg{verify_cb}; |
718 |
|
719 |
$self->{session_ticket} = $arg{session_ticket} |
720 |
if exists $arg{session_ticket}; |
721 |
|
722 |
$self->{debug} = $ENV{PERL_ANYEVENT_TLS_DEBUG} |
723 |
if length $ENV{PERL_ANYEVENT_TLS_DEBUG}; |
724 |
|
725 |
$self->{debug} = $arg{debug} |
726 |
if exists $arg{debug}; |
727 |
|
728 |
my $pw = $arg{cert_password}; |
729 |
Net::SSLeay::CTX_set_default_passwd_cb ($ctx, ref $pw ? $pw : sub { $pw }); |
730 |
|
731 |
if ($self->{verify_mode}) { |
732 |
if (exists $arg{ca_file} or exists $arg{ca_path} or exists $arg{ca_cert}) { |
733 |
# either specified: use them |
734 |
if (exists $arg{ca_cert}) { |
735 |
my ($ca_file, $g1) = _tmpfile delete $arg{ca_cert}; |
736 |
Net::SSLeay::CTX_load_verify_locations ($ctx, $ca_file, undef); |
737 |
} |
738 |
if (exists $arg{ca_file} or exists $arg{ca_path}) { |
739 |
Net::SSLeay::CTX_load_verify_locations ($ctx, $arg{ca_file}, $arg{ca_path}); |
740 |
} |
741 |
} elsif (length $ENV{PERL_ANYEVENT_CA_FILE} or length $ENV{PERL_ANYEVENT_CA_PATH}) { |
742 |
Net::SSLeay::CTX_load_verify_locations ( |
743 |
$ctx, |
744 |
$ENV{PERL_ANYEVENT_CA_FILE}, |
745 |
$ENV{PERL_ANYEVENT_CA_PATH}, |
746 |
); |
747 |
} else { |
748 |
# else fall back to defaults |
749 |
Net::SSLeay::CTX_set_default_verify_paths ($ctx); |
750 |
} |
751 |
} |
752 |
|
753 |
if (exists $arg{cert} or exists $arg{cert_file}) { |
754 |
my ($g1, $g2); |
755 |
|
756 |
if (exists $arg{cert}) { |
757 |
croak "specifying both cert_file and cert is not allowed" |
758 |
if exists $arg{cert_file}; |
759 |
|
760 |
($arg{cert_file}, $g1) = _tmpfile delete $arg{cert}; |
761 |
} |
762 |
|
763 |
if (exists $arg{key} or exists $arg{key_file}) { |
764 |
if (exists $arg{key}) { |
765 |
croak "specifying both key_file and key is not allowed" |
766 |
if exists $arg{key_file}; |
767 |
($arg{key_file}, $g2) = _tmpfile delete $arg{key}; |
768 |
} |
769 |
} else { |
770 |
$arg{key_file} = $arg{cert_file}; |
771 |
} |
772 |
|
773 |
Net::SSLeay::CTX_use_PrivateKey_file |
774 |
($ctx, $arg{key_file}, Net::SSLeay::FILETYPE_PEM ()) |
775 |
or croak "$arg{key_file}: failed to load local private key (key_file or key)"; |
776 |
|
777 |
Net::SSLeay::CTX_use_certificate_chain_file ($ctx, $arg{cert_file}) |
778 |
or croak "$arg{cert_file}: failed to use local certificate chain (cert_file or cert)"; |
779 |
} |
780 |
|
781 |
if ($arg{check_crl}) { |
782 |
Net::SSLeay::OPENSSL_VERSION_NUMBER () >= 0x00090702f |
783 |
or croak "check_crl requires openssl v0.9.7b or higher"; |
784 |
|
785 |
Net::SSLeay::X509_STORE_set_flags ( |
786 |
Net::SSLeay::CTX_get_cert_store ($ctx), |
787 |
Net::SSLeay::X509_V_FLAG_CRL_CHECK ()); |
788 |
} |
789 |
|
790 |
Net::SSLeay::CTX_set_read_ahead ($ctx, 1); |
791 |
|
792 |
$arg{prepare}->($self) |
793 |
if $arg{prepare}; |
794 |
|
795 |
$self |
796 |
} |
797 |
|
798 |
=item $tls = new_from_ssleay AnyEvent::TLS $ctx |
799 |
|
800 |
This constructor takes an existing L<Net::SSLeay> SSL_CTX object |
801 |
(which is just an integer) and converts it into an C<AnyEvent::TLS> |
802 |
object. This only works because AnyEvent::TLS is currently implemented |
803 |
using Net::SSLeay. As this is such a horrible perl module and OpenSSL has |
804 |
such an annoying license, this might change in the future, in which case |
805 |
this method might vanish. |
806 |
|
807 |
=cut |
808 |
|
809 |
sub new_from_ssleay { |
810 |
my ($class, $ctx) = @_; |
811 |
|
812 |
bless { ctx => $ctx }, $class |
813 |
} |
814 |
|
815 |
=item $ctx = $tls->ctx |
816 |
|
817 |
Returns the actual L<Net::SSLeay::CTX> object (just an integer). |
818 |
|
819 |
=cut |
820 |
|
821 |
sub ctx { |
822 |
$_[0]{ctx} |
823 |
} |
824 |
|
825 |
sub verify_hostname($$$); |
826 |
|
827 |
sub _verify_hostname { |
828 |
my ($self, $cn, $cert) = @_; |
829 |
|
830 |
return 1 |
831 |
unless defined $cn; |
832 |
|
833 |
return 1 |
834 |
unless exists $self->{verify_peername} && "none" ne lc $self->{verify_peername}; |
835 |
|
836 |
return $self->{verify_peername}->($self, $cn, $cert) |
837 |
if ref $self->{verify_peername} && "ARRAY" ne ref $self->{verify_peername}; |
838 |
|
839 |
verify_hostname $cn, $cert, $self->{verify_peername} |
840 |
} |
841 |
|
842 |
sub verify { |
843 |
my ($self, $session, $ref, $cn, $preverify_ok, $x509_store_ctx) = @_; |
844 |
|
845 |
my $cert = $x509_store_ctx |
846 |
? Net::SSLeay::X509_STORE_CTX_get_current_cert ($x509_store_ctx) |
847 |
: undef; |
848 |
my $depth = Net::SSLeay::X509_STORE_CTX_get_error_depth ($x509_store_ctx); |
849 |
|
850 |
$preverify_ok &&= $self->_verify_hostname ($cn, $cert) |
851 |
unless $depth; |
852 |
|
853 |
$preverify_ok = $self->{verify_cb}->($self, $ref, $cn, $depth, $preverify_ok, $x509_store_ctx, $cert) |
854 |
if $self->{verify_cb}; |
855 |
|
856 |
$preverify_ok |
857 |
} |
858 |
|
859 |
#=item $ssl = $tls->_get_session ($mode[, $ref]) |
860 |
# |
861 |
#Creates a new Net::SSLeay::SSL session object, puts it into C<$mode> |
862 |
#(C<accept> or C<connect>) and optionally associates it with the given |
863 |
#C<$ref>. If C<$mode> is already a C<Net::SSLeay::SSL> object, then just |
864 |
#associate data with it. |
865 |
# |
866 |
#=cut |
867 |
|
868 |
#our %REF_MAP; |
869 |
our $TLS_SNI_WARNED; |
870 |
|
871 |
sub _get_session($$;$$) { |
872 |
my ($self, $mode, $ref, $cn) = @_; |
873 |
|
874 |
my $session; |
875 |
|
876 |
if ($mode eq "accept") { |
877 |
$session = Net::SSLeay::new ($self->{ctx}); |
878 |
Net::SSLeay::set_accept_state ($session); |
879 |
|
880 |
Net::SSLeay::set_options ($session, eval { Net::SSLeay::OP_NO_TICKET () }) |
881 |
unless $self->{session_ticket} || !exists $self->{session_ticket}; |
882 |
|
883 |
} elsif ($mode eq "connect") { |
884 |
$session = Net::SSLeay::new ($self->{ctx}); |
885 |
|
886 |
if (defined &Net::SSLeay::set_tlsext_host_name) { |
887 |
Net::SSLeay::set_tlsext_host_name ($session, $cn) |
888 |
if length $cn; |
889 |
} else { |
890 |
AE::log 6 => "TLS SNI not supported by your Net::SSLeay module, connecting without" |
891 |
unless $TLS_SNI_WARNED++; |
892 |
} |
893 |
|
894 |
Net::SSLeay::set_connect_state ($session); |
895 |
|
896 |
Net::SSLeay::set_options ($session, eval { Net::SSLeay::OP_NO_TICKET () }) |
897 |
unless $self->{session_ticket}; |
898 |
} else { |
899 |
croak "'$mode': unsupported TLS mode (must be either 'connect' or 'accept')" |
900 |
} |
901 |
|
902 |
# # associate data |
903 |
# Net::SSLeay::set_ex_data ($session, $REF_IDX, $ref+0); |
904 |
# Scalar::Util::weaken ($REF_MAP{$ref+0} = $ref) |
905 |
# if ref $ref; |
906 |
|
907 |
if ($self->{debug}) { |
908 |
#d# Net::SSLeay::set_info_callback ($session, 50000); |
909 |
} |
910 |
|
911 |
if ($self->{verify_mode}) { |
912 |
Scalar::Util::weaken $self; |
913 |
Scalar::Util::weaken $ref; |
914 |
|
915 |
# we have to provide a dummy callbacks as at least Net::SSLeay <= 1.35 |
916 |
# try to call it even if specified as 0 or undef. |
917 |
Net::SSLeay::set_verify |
918 |
$session, |
919 |
$self->{verify_mode}, |
920 |
sub { $self->verify ($session, $ref, $cn, @_) }; |
921 |
} |
922 |
|
923 |
$session |
924 |
} |
925 |
|
926 |
sub _put_session($$) { |
927 |
my ($self, $session) = @_; |
928 |
|
929 |
# clear callback, if any |
930 |
# this leaks memoryin Net::SSLeay up to at least 1.35, but there |
931 |
# apparently is no other way. |
932 |
Net::SSLeay::set_verify $session, 0, undef; |
933 |
|
934 |
# # disassociate data |
935 |
# delete $REF_MAP{Net::SSLeay::get_ex_data ($session, $REF_IDX)}; |
936 |
|
937 |
Net::SSLeay::free ($session); |
938 |
} |
939 |
|
940 |
#sub _ref($) { |
941 |
# $REF_MAP{Net::SSLeay::get_ex_data ($_[0], $REF_IDX)} |
942 |
#} |
943 |
|
944 |
sub DESTROY { |
945 |
my ($self) = @_; |
946 |
|
947 |
# better be safe than sorry with net-ssleay |
948 |
Net::SSLeay::CTX_set_default_passwd_cb ($self->{ctx}); |
949 |
|
950 |
Net::SSLeay::CTX_free ($self->{ctx}); |
951 |
} |
952 |
|
953 |
=item AnyEvent::TLS::init |
954 |
|
955 |
AnyEvent::TLS does on-demand initialisation, and normally there is no need to call an initialise |
956 |
function. |
957 |
|
958 |
As initialisation might take some time (to read e.g. C</dev/urandom>), this |
959 |
could be annoying in some highly interactive programs. In that case, you can |
960 |
call C<AnyEvent::TLS::init> to make sure there will be no costly initialisation |
961 |
later. It is harmless to call C<AnyEvent::TLS::init> multiple times. |
962 |
|
963 |
=cut |
964 |
|
965 |
sub init() { |
966 |
return if $REF_IDX; |
967 |
|
968 |
AE::log 5 => "Net::SSLeay versions older than 1.33 might malfunction." |
969 |
if $Net::SSLeay::VERSION < 1.33; |
970 |
|
971 |
Net::SSLeay::load_error_strings (); |
972 |
Net::SSLeay::SSLeay_add_ssl_algorithms (); |
973 |
Net::SSLeay::randomize (); |
974 |
|
975 |
$REF_IDX = Net::SSLeay::get_ex_new_index (0, 0, 0, 0, 0) |
976 |
until $REF_IDX; # Net::SSLeay uses id #0 for its own stuff without allocating it |
977 |
} |
978 |
|
979 |
=item $certname = AnyEvent::TLS::certname $x509 |
980 |
|
981 |
Utility function that returns a user-readable string identifying the X509 |
982 |
certificate object. |
983 |
|
984 |
=cut |
985 |
|
986 |
sub certname { |
987 |
$_[0] |
988 |
? Net::SSLeay::X509_NAME_oneline (Net::SSLeay::X509_get_issuer_name ($_[0])) |
989 |
. Net::SSLeay::X509_NAME_oneline (Net::SSLeay::X509_get_subject_name ($_[0])) |
990 |
: undef |
991 |
} |
992 |
|
993 |
our %CN_SCHEME = ( |
994 |
# each tuple is [$cn_wildcards, $alt_wildcards, $check_cn] |
995 |
# where *_wildcards is 0 for none allowed, 1 for allowed at beginning and 2 for allowed everywhere |
996 |
# and check_cn is 0 for do not check, 1 for check when no alternate dns names and 2 always |
997 |
# all of this is from IO::Socket::SSL |
998 |
|
999 |
rfc4513 => [0, 1, 2], |
1000 |
rfc2818 => [0, 2, 1], |
1001 |
rfc3207 => [0, 0, 2], # see IO::Socket::SSL, rfc seems unclear |
1002 |
none => [], # do not check |
1003 |
|
1004 |
ldap => "rfc4513", ldaps => "ldap", |
1005 |
http => "rfc2818", https => "http", |
1006 |
smtp => "rfc3207", smtps => "smtp", |
1007 |
|
1008 |
xmpp => "rfc3920", rfc3920 => "http", |
1009 |
pop3 => "rfc2595", rfc2595 => "ldap", pop3s => "pop3", |
1010 |
imap => "rfc2595", rfc2595 => "ldap", imaps => "imap", |
1011 |
acap => "rfc2595", rfc2595 => "ldap", |
1012 |
nntp => "rfc4642", rfc4642 => "ldap", nntps => "nntp", |
1013 |
ftp => "rfc4217", rfc4217 => "http", ftps => "ftp" , |
1014 |
); |
1015 |
|
1016 |
sub match_cn($$$) { |
1017 |
my ($name, $cn, $type) = @_; |
1018 |
|
1019 |
# remove leading and trailing garbage |
1020 |
for ($name, $cn) { |
1021 |
s/[\x00-\x1f]+$//; |
1022 |
s/^[\x00-\x1f]+//; |
1023 |
} |
1024 |
|
1025 |
my $pattern; |
1026 |
|
1027 |
### IMPORTANT! |
1028 |
# we accept only a single wildcard and only for a single part of the FQDN |
1029 |
# e.g *.example.org does match www.example.org but not bla.www.example.org |
1030 |
# The RFCs are in this regard unspecific but we don't want to have to |
1031 |
# deal with certificates like *.com, *.co.uk or even * |
1032 |
# see also http://nils.toedtmann.net/pub/subjectAltName.txt |
1033 |
if ($type == 2 and $name =~m{^([^.]*)\*(.+)} ) { |
1034 |
$pattern = qr{^\Q$1\E[^.]*\Q$2\E$}i; |
1035 |
} elsif ($type == 1 and $name =~m{^\*(\..+)$} ) { |
1036 |
$pattern = qr{^[^.]*\Q$1\E$}i; |
1037 |
} else { |
1038 |
$pattern = qr{^\Q$name\E$}i; |
1039 |
} |
1040 |
|
1041 |
$cn =~ $pattern |
1042 |
} |
1043 |
|
1044 |
# taken verbatim from IO::Socket::SSL, then changed to take advantage of |
1045 |
# AnyEvent utilities. |
1046 |
sub verify_hostname($$$) { |
1047 |
my ($cn, $cert, $scheme) = @_; |
1048 |
|
1049 |
while (!ref $scheme) { |
1050 |
$scheme = $CN_SCHEME{$scheme} |
1051 |
or return 1; |
1052 |
} |
1053 |
|
1054 |
my $cert_cn = |
1055 |
Net::SSLeay::X509_NAME_get_text_by_NID ( |
1056 |
Net::SSLeay::X509_get_subject_name ($cert), Net::SSLeay::NID_commonName ()); |
1057 |
|
1058 |
my @cert_alt = Net::SSLeay::X509_get_subjectAltNames ($cert); |
1059 |
|
1060 |
# rfc2460 - convert to network byte order |
1061 |
require AnyEvent::Socket; |
1062 |
my $ip = AnyEvent::Socket::parse_address ($cn); |
1063 |
|
1064 |
my $alt_dns_count; |
1065 |
|
1066 |
while (my ($type, $name) = splice @cert_alt, 0, 2) { |
1067 |
if ($type == Net::SSLeay::GEN_IPADD ()) { |
1068 |
# $name is already packed format (inet_xton) |
1069 |
return 1 if $ip eq $name; |
1070 |
} elsif ($type == Net::SSLeay::GEN_DNS ()) { |
1071 |
$alt_dns_count++; |
1072 |
|
1073 |
return 1 if match_cn $name, $cn, $scheme->[1]; |
1074 |
} |
1075 |
} |
1076 |
|
1077 |
if ($scheme->[2] == 2 |
1078 |
|| ($scheme->[2] == 1 && !$alt_dns_count)) { |
1079 |
return 1 if match_cn $cert_cn, $cn, $scheme->[0]; |
1080 |
} |
1081 |
|
1082 |
0 |
1083 |
} |
1084 |
|
1085 |
=back |
1086 |
|
1087 |
=head1 SSL/TLS QUICK FACTS |
1088 |
|
1089 |
Here are some quick facts about TLS/SSL that might help you: |
1090 |
|
1091 |
=over 4 |
1092 |
|
1093 |
=item * A certificate is the public key part, a key is the private key part. |
1094 |
|
1095 |
While not strictly true, certificates are the things you can hand around |
1096 |
publicly as a kind of identity, while keys should really be kept private, |
1097 |
as proving that you have the private key is usually interpreted as being |
1098 |
the entity behind the certificate. |
1099 |
|
1100 |
=item * A certificate is signed by a CA (Certificate Authority). |
1101 |
|
1102 |
By signing, the CA basically claims that the certificate it signs |
1103 |
really belongs to the identity named in it, verified according to the |
1104 |
CA policies. For e.g. HTTPS, the CA usually makes some checks that the |
1105 |
hostname mentioned in the certificate really belongs to the company/person |
1106 |
that requested the signing and owns the domain. |
1107 |
|
1108 |
=item * CAs can be certified by other CAs. |
1109 |
|
1110 |
Or by themselves - a certificate that is signed by a CA that is itself |
1111 |
is called a self-signed certificate, a trust chain of length zero. When |
1112 |
you find a certificate signed by another CA, which is in turn signed by |
1113 |
another CA you trust, you have a trust chain of depth two. |
1114 |
|
1115 |
=item * "Trusting" a CA means trusting all certificates it has signed. |
1116 |
|
1117 |
If you "trust" a CA certificate, then all certificates signed by it are |
1118 |
automatically considered trusted as well. |
1119 |
|
1120 |
=item * A successfully verified certificate means that you can be |
1121 |
reasonably sure that whoever you are talking with really is who he claims |
1122 |
he is. |
1123 |
|
1124 |
By verifying certificates against a number of CAs that you trust (meaning |
1125 |
it is signed directly or indirectly by such a CA), you can find out that |
1126 |
the other side really is whoever he claims, according to the CA policies, |
1127 |
and your belief in the integrity of the CA. |
1128 |
|
1129 |
=item * Verifying the certificate signature is not everything. |
1130 |
|
1131 |
Even when the certificate is correct, it might belong to somebody else: if |
1132 |
www.attacker.com can make your computer believe that it is really called |
1133 |
www.mybank.com (by making your DNS server believe this for example), |
1134 |
then it could send you the certificate for www.attacker.com that your |
1135 |
software trusts because it is signed by a CA you trust, and intercept |
1136 |
all your traffic that you think goes to www.mybank.com. This works |
1137 |
because your software sees that the certificate is correctly signed (for |
1138 |
www.attacker.com) and you think you are talking to your bank. |
1139 |
|
1140 |
To thwart this attack vector, peername verification should be used, which |
1141 |
basically checks that the certificate (for www.attacker.com) really |
1142 |
belongs to the host you are trying to talk to (www.mybank.com), which in |
1143 |
this example is not the case, as www.attacker.com (from the certificate) |
1144 |
doesn't match www.mybank.com (the hostname used to create the connection). |
1145 |
|
1146 |
So peername verification is almost as important as checking the CA |
1147 |
signing. Unfortunately, every protocol implements this differently, if at |
1148 |
all... |
1149 |
|
1150 |
=item * Switching off verification is sometimes reasonable. |
1151 |
|
1152 |
You can switch off verification. You still get an encrypted connection |
1153 |
that is protected against eavesdropping and injection - you just lose |
1154 |
protection against man in the middle attacks, i.e. somebody else with |
1155 |
enough abilities to intercept all traffic can masquerade herself as the |
1156 |
other side. |
1157 |
|
1158 |
For many applications, switching off verification is entirely |
1159 |
reasonable. Downloading random stuff from websites using HTTPS for no |
1160 |
reason is such an application. Talking to your bank and entering TANs is |
1161 |
not such an application. |
1162 |
|
1163 |
=item * A SSL/TLS server always needs a certificate/key pair to operate, |
1164 |
for clients this is optional. |
1165 |
|
1166 |
Apart from (usually disabled) anonymous cipher suites, a server always |
1167 |
needs a certificate/key pair to operate. |
1168 |
|
1169 |
Clients almost never use certificates, but if they do, they can be used |
1170 |
to authenticate the client, just as server certificates can be used to |
1171 |
authenticate the server. |
1172 |
|
1173 |
=item * SSL version 2 is very insecure. |
1174 |
|
1175 |
SSL version 2 is old and not only has it some security issues, SSLv2-only |
1176 |
implementations are usually buggy, too, due to their age. |
1177 |
|
1178 |
=item * Sometimes, even losing your "private" key might not expose all your |
1179 |
data. |
1180 |
|
1181 |
With Diffie-Hellman ephemeral key exchange, you can lose the DH parameters |
1182 |
(the "keys"), but all your connections are still protected. Diffie-Hellman |
1183 |
needs special set-up (done by default by AnyEvent::TLS). |
1184 |
|
1185 |
=back |
1186 |
|
1187 |
=head1 SECURITY CONSIDERATIONS |
1188 |
|
1189 |
When you use any of the options that pass in keys or certificates |
1190 |
as strings (e.g. C<ca_cert>), then, due to serious shortcomings in |
1191 |
L<Net::SSLeay>, this module creates a temporary file to store the string - |
1192 |
see L<File::Temp> and possibly its C<safe_level> setting for more details |
1193 |
on what to watch out for. |
1194 |
|
1195 |
=head1 BUGS |
1196 |
|
1197 |
Due to the abysmal code quality of Net::SSLeay, this module will leak small |
1198 |
amounts of memory per TLS connection (currently at least one perl scalar). |
1199 |
|
1200 |
=head1 AUTHORS |
1201 |
|
1202 |
Marc Lehmann <schmorp@schmorp.de>. |
1203 |
|
1204 |
Some of the API, documentation and implementation (verify_hostname), |
1205 |
and a lot of ideas/workarounds/knowledge have been taken from the |
1206 |
L<IO::Socket::SSL> module. Care has been taken to keep the API similar to |
1207 |
that and other modules, to the extent possible while providing a sensible |
1208 |
API for AnyEvent. |
1209 |
|
1210 |
=cut |
1211 |
|
1212 |
1 |
1213 |
|