Commit 06d005918d5d038a989e77b8e16258edbff7788a - libcrypt-ssleay-perl

Imported Upstream version 0.58 gregor herrmann 12 years ago

14 changed file(s) with 1248 addition(s) and 988 deletion(s). Raw diff Collapse all Expand all

+63

-0

Changes less more

0	0	Revision history for Crypt-SSLeay
1	1	=================================
	2
	3	0.58 2010-08-25 14:06:30 UTC
	4
	5	- Bump version number for Crypt::SSLeay to 0.58 and Net::SSL to 2.85 in
	6	preparation for release.
	7	- Fix typo in POD is SSLeay.pm s/PEM0encoded/PEM encoded/ (checked
	8	http://github.com/gitpan/Crypt-SSLeay/blob/9a1582ee1e4d132ae7cf9497bb83144786425d73/SSLeay.pm)
	9	- Update Changes and TODO. Regenerate README and META.yml. Update package
	10	author. Minor POD fixes.
	11
	12	0.57_05 2010-08-15 17:41:21 UTC
	13
	14	- Fix for NO_PROXY support in Net::SSL (bug #57836)
	15	- Bump Net::SSL version number to 2.84_02 after changes
	16	- Fix file/dir permissions (bug #60338)
	17	- Review warnings when compiling SSLeay.xs against older versions of OpenSSL.
	18	Warnings are due to OpenSSL.
	19	- Add clarification regarding $ENV{HTTPS_CA_FILE} and $ENV{HTTPS_CA_DIR} to the
	20	POD.
	21	- Other POD related changes:
	22	* Remove historic information in README about platforms where the package
	23	was successfully built.
	24	* Reformat acknowledgements. TODO: Add more people.
	25	* Fix link to Net-SSLeay.
	26	* Add note about the --live-tests command line option
	27	* Generate README from POD.
	28	* Formatting fixes.
	29	* Update copyright notice.
	30
	31	0.57_04 2010-08-11 00:22:33 UTC
	32
	33	- Reorganize Makefile.PL to break individual steps in to subroutines so as to
	34	facilitate localized future modifications. Whether there was any point to
	35	this remains to be seen.
	36	- In Makefile.PL, accommodate ActiveState+MingW configuration.
	37	- Pick the correct lib location for Strawberry Perl (bug #60230).
	38	- Apply fixes in bug reports #59312 and #33954 to Net/SSL.pm.
	39	- Bump version number in Net/SSL.pm to indicate development release.
	40
	41	0.57_03 2010-08-09 20:12:30 UTC
	42
	43	- If the last component of $inc_dir is 'openssl', set $inc_dir to its parent
	44	and set $prefix to 'openssl'. Otherwise, leave $inc_dir as is and set $prefix
	45	to '' (I hope this fixes bugs #28431, #28680, #32084, #43084, #54103 without
	46	breaking anything).
	47	- Improved OpenSSL detection on Win32/Strawberry Perl (bug #49285).
	48	- Add MIME::Base64 as a prerequisite as Net::SSL needs it.
	49	- exit 0 if OpenSSL can't be found to avoid superfluous reports from CPAN
	50	Testers.
	51	- Add \ to $opt_bench in eg/net-ssl-test (bugs #30931, #39363).
	52
	53	0.57_02 2010-08-08 18:27:40 UTC
	54
	55	- Refactor the version detection algorithm in Makefile.PL to handle all known
	56	variations of version number encoding. Should fix bug #52408.
	57
	58	0.57_01 2008-02-18 14:42:32 UTC
	59
	60	- use #include <..> rather than #include "..." in
	61	crypt_ssleay_version.h.
	62	- add command-line switch to avoid live tests (bug #30268).
	63	- skip tests in t/01-connect.t if 443 is already in use (bug #30985).
	64	- make code gcc -Wwrite-strings compatible (bug #31926).
2	65
3	66	0.57 2007-09-17 20:45:20 UTC
4	67

-0

MANIFEST.SKIP less more

0	0	blib\/
1	1	\B.svn\b
	2	\B.git\b
2	3	pm_to_blib
3	4	README.old
4	5	crypt_ssleay_version.h

+22

-13

META.yml less more

0		--- #YAML:1.0
1		name: Crypt-SSLeay
2		version: 0.57
3		abstract: OpenSSL support for LWP
4		license: perl
5		generated_by: ExtUtils::MakeMaker version 6.36_01
6		distribution_type: module
7		requires:
8		meta-spec:
9		url: http://module-build.sourceforge.net/META-spec-v1.2.html
10		version: 1.2
11		author:
12		- David Landgren
	0	--- #YAML:1.0
	1	name: Crypt-SSLeay
	2	version: 0.58
	3	abstract: OpenSSL support for LWP
	4	author:
	5	- A. Sinan Unur <nanis@cpan.org>
	6	license: perl
	7	distribution_type: module
	8	configure_requires:
	9	ExtUtils::MakeMaker: 0
	10	build_requires:
	11	ExtUtils::MakeMaker: 0
	12	requires:
	13	MIME::Base64: 0
	14	no_index:
	15	directory:
	16	- t
	17	- inc
	18	generated_by: ExtUtils::MakeMaker version 6.56
	19	meta-spec:
	20	url: http://module-build.sourceforge.net/META-spec-v1.4.html
	21	version: 1.4

+484

-303

Makefile.PL less more

2	2
3	3	use Config;
4	4	use ExtUtils::MakeMaker;
5		use File::Basename qw(dirname);
	5	use File::Basename qw(basename dirname);
6	6	use Getopt::Long;
7	7
8	8	eval "use ExtUtils::MakeMaker::Coverage";
9	9	$@ or print "Adding testcover target\n";
10	10
11		use vars qw($opt_default $opt_libpath $opt_static);
	11	use vars qw($OPT_DEFAULT $OPT_LIBPATH $OPT_STATIC $OPT_LIVE_TESTS);
12	12
13	13	GetOptions(
14		"default", \$opt_default,
15		"lib=s", \$opt_libpath,
16		"static", \$opt_static,
	14	"default", \$OPT_DEFAULT,
	15	"lib=s", \$OPT_LIBPATH,
	16	"static", \$OPT_STATIC,
	17	"live-tests!", \$OPT_LIVE_TESTS,
17	18	);
18	19
19		$opt_default \|\|= $ENV{CRYPT_SSLEAY_DEFAULT};
	20	$OPT_DEFAULT \|\|= $ENV{CRYPT_SSLEAY_DEFAULT};
20	21
21	22	# FIND POSSIBLE SSL INSTALLATIONS
22	23
23		my @POSSIBLE_SSL_DIRS;
24		if ($opt_libpath) {
25		# explicit from command-line
26		@POSSIBLE_SSL_DIRS = ($opt_libpath);
27		$opt_default = 1;
28		}
29		elsif ($^O eq 'MSWin32') {
30		@POSSIBLE_SSL_DIRS = 'c:\\openssl';
31		}
32		elsif ($^O eq 'VMS') {
33		@POSSIBLE_SSL_DIRS = '/ssl$root';
34		}
35		else {
36		# Unix and the rest
37		@POSSIBLE_SSL_DIRS = qw(
38		/local
39		/local/ssl
40		/opt/ssl
41		/usr
42		/usr/local
43		/usr/local/ssl
44		/usr/local/openssl
45		);
46		}
47
48		my @CANDIDATE = do {
49		my %seen;
50		grep {!$seen{$_->{check}}++}
51		map {Candidate($_)}
52		@POSSIBLE_SSL_DIRS
53		};
54
55		if (@CANDIDATE == 0) {
56		$opt_default = 0;
57		my $bar = '=' x 72;
58		print <<"INFO";
59		$bar
60		No installed SSL libraries found in any of the following places.
61		INFO
62		print " $_\n" for @POSSIBLE_SSL_DIRS;
63		print <<"INFO";
64		You will have to either specify a directory location at the following
65		prompt, or rerun the Makefile.PL program and use the --lib switch
66		to specify the path. If the path in question is considered standard
67		on your platform, please consider filing a bug report in order to
68		have it taken into account in a subsequent version of Crypt::SSLeay.
69
70		INFO
71
72		if (-f '/etc/debian_version') {
73		print <<"DEBIAN_INFO";
74
75		This host looks like it is running Debian. Crypt::SSLeay needs to
76		be compiled with C headers that the libssl-dev package makes
77		available. Please install that package before trying to build this
78		module. (You can always deinstall the package afterwards, once
79		Crypt::SSLeay has been built).
80		DEBIAN_INFO
81		}
82		}
83
84		my $SSL_DIR;
85		my $pkg_config;
86
87		if (@CANDIDATE == 1) {
88		$pkg_config = $CANDIDATE[0];
89		if ($opt_default) {
90		$SSL_DIR = $pkg_config->{dir};
91		}
92		else {
93		print <<"INFO";
94		=======================================================
95		Only one $pkg_config->{type} installation found at $pkg_config->{dir}
96		Consider running 'perl Makefile.PL --default' the next
97		time Crypt::SSLeay is upgraded to select this directory
98		automatically thereby avoiding the following prompt.
99		=======================================================
100		INFO
101		}
102		}
103		elsif (@CANDIDATE > 1) {
104		print "Found multiple possibilities for OpenSSL\n";
105		for my $c (@CANDIDATE) {
106		print " $c->{dir} ($c->{type} $c->{ver})\n";
107		}
108		}
109
110		if (not $SSL_DIR) {
111		my %cand;
112		for my $c (@CANDIDATE) {
113		$cand{$c->{dir}} = {%$c};
114		}
115
116		$SSL_DIR = prompt "Which SSL install path do you want to use?",
117		$CANDIDATE[0]->{dir};
118
119		if (exists $cand{$SSL_DIR}) {
120		# we've already determined that this directory is usable
121		$pkg_config = $cand{$SSL_DIR};
122		}
123		else {
124		# unknown directory, better check it out
125		$pkg_config = Candidate($SSL_DIR);
126		if (not $pkg_config) {
127		die <<"INFO";
128		$SSL_DIR does not appear to be an SSL library installation, since
129		the required header files were not found. The build cannot proceed.
130		INFO
131		}
132		}
133		}
134
135		# note: $SSL_DIR is now sane at this point
136
137		my (@INC_FLAGS, @LIB_FLAGS);
138
139		if ($^O eq 'VMS') {
140		push @INC_FLAGS, "-I$pkg_config->{inc}";
141		push @LIB_FLAGS, qw(-L/SYS$SHARE -lSSL$LIBSSL_SHR32 -lSSL$LIBCRYPTO_SHR32);
142		}
143		elsif ($^O eq 'MSWin32') {
144		# external tools probably expect \ and not / for path separators
145		$SSL_DIR =~ tr{/}{\\};
146
147		# default to drive C: if no drive or relative path
148		$SSL_DIR = "c:$SSL_DIR" if $SSL_DIR !~ m{\A(?:[a-z]:\|\.\.[\\/])}i;
149
150		my $inc = $pkg_config->{inc};
151		$inc =~ tr{/}{\\};
152		$inc = "c:$inc" if $inc !~ m{\A(?:[a-z]:\|\.\.[\\/])}i;
153		push @INC_FLAGS, "-I$inc";
154		push @INC_FLAGS, "-I$SSL_DIR\\inc32" if -d "$SSL_DIR/inc32";
155
156		my $vanilla = $Config{cc} eq 'gcc' ? 1 : 0;
157		$vanilla and print "Assuming Vanilla/Strawberry Perl installation\n";
158
159		if ($vanilla and -d "$SSL_DIR\\lib\\MinGW") {
160		push @LIB_FLAGS, "-L$SSL_DIR\\lib\\MinGW";
161		}
162		elsif(-d "$SSL_DIR/lib") {
163		push @LIB_FLAGS, "-L$SSL_DIR\\lib";
164		}
165		else {
166		my $dir = $opt_static ? "$SSL_DIR\\out32" : "$SSL_DIR\\out32dll";
167		if (-d $dir) {
168		push @LIB_FLAGS, "-L$dir";
169		}
170		else {
171		# Allow developers to point at OpenSSL source...
172		push @LIB_FLAGS, "-L$SSL_DIR";
173		}
174		}
175
176		push @LIB_FLAGS, qw(-lssleay32 -llibeay32);
177		push @LIB_FLAGS, qw(-lRSAglue -lrsaref) if $pkg_config->{type} ne 'OpenSSL';
178		}
179		else {
180		push @INC_FLAGS, "-I$pkg_config->{inc}";
181
182		push @LIB_FLAGS, "-L$pkg_config->{lib}", qw(-lssl -lcrypto -lgcc);
183		push @LIB_FLAGS, qw(-lRSAglue -lrsaref) if $pkg_config->{type} ne 'OpenSSL';
184
185		# ccc on alpha support
186		if ($^O eq 'linux'
187		and `uname -m` =~ /alpha/
188		and !(system("nm $SSL_DIR/lib/libssl.a\|grep -q 'U _Ots'")>>8)
189		) {
190		push @LIB_FLAGS, '-lots';
191		}
192
193		# this fix was suggested for building on RedHat 9
194		push @INC_FLAGS, '-I/usr/kerberos/include' if -d '/usr/kerberos/include';
195		}
196
197		# write include file that determines ssl support
198		# we need to include crypto.h for SSLeay so the version gets picked up in SSLeay.xs
199
200		open(INCLUDE, ">crypt_ssleay_version.h") \|\| die("can't open crypt_ssleay_version.h for writing: $!");
201		print INCLUDE <<"INFO";
202		#include "$pkg_config->{prefix}ssl.h"
203		#include "$pkg_config->{prefix}crypto.h"
204		#include "$pkg_config->{prefix}err.h"
205		#include "$pkg_config->{prefix}rand.h"
206		#include "$pkg_config->{prefix}pkcs12.h"
207
208		INFO
209
210		if ($] < 5.005) {
211		print "adding PL_sv_undef symbol for this ancient perl installation";
212		print INCLUDE <<"INFO";
213		/* defining PL_sv_undef for very old perls ($]) */
214		#ifndef PL_sv_undef
215		#define PL_sv_undef sv_undef
216		#endif
217
218		INFO
219		}
220
221		if ($pkg_config->{type} eq 'OpenSSL') {
222		# OPENSSL_free defined in OpenSSL 0.9.6 and higher
223		if ($pkg_config->{ver} =~ /\b0\.9\.[2-5]/) {
224		print INCLUDE "#define CRYPT_SSLEAY_free free\n";
225		}
226		else {
227		print INCLUDE "#define CRYPT_SSLEAY_free OPENSSL_free\n";
228		}
229		}
230		else {
231		print INCLUDE "#define CRYPT_SSLEAY_free free\n";
232		}
233
234		close INCLUDE or die "Cannot close crypt_ssleay_version.h for output: $!\n";
235
236		print <<"INFO";
237
238		BUILD INFORMATION
239		================================================
240		ssl library: $pkg_config->{type} $pkg_config->{ver} in $SSL_DIR
241		ssl header: $pkg_config->{prefix}ssl.h
242		libraries: @LIB_FLAGS
243		include dir: @INC_FLAGS
244		================================================
245		INFO
246
247		my @license =
248		do {
249		my $version = $ExtUtils::MakeMaker::VERSION;
250		$version =~ tr/_//d;
251		$version} > 6.30
252		? qw(LICENSE perl)
253		: ();
	24	my $pkg_config = select_ssl_dir();
	25
	26	if ( $^O eq 'MSWin32' ) {
	27	fix_win32_paths( $pkg_config );
	28	}
	29
	30	my @INC_FLAGS = inc_flags( $pkg_config );
	31	my @LIB_FLAGS = lib_flags( $pkg_config );
	32
	33	# write include file that determines ssl support we need to include crypto.h
	34	# for SSLeay so the version gets picked up in SSLeay.xs
	35
	36	write_crypt_ssleay_version_h( $pkg_config );
	37
	38	show_build_information( $pkg_config, \@INC_FLAGS, \@LIB_FLAGS);
	39
	40	my @license = do {
	41	my $version = $ExtUtils::MakeMaker::VERSION;
	42	$version =~ tr/_//d;
	43	$version
	44	} > 6.3 ? (LICENSE => 'perl')
	45	: ();
254	46
255	47	WriteMakefile(
256	48	NAME => 'Crypt::SSLeay',
257		AUTHOR => 'David Landgren',
	49	AUTHOR => 'A. Sinan Unur <nanis@cpan.org>',
258	50	ABSTRACT_FROM => 'SSLeay.pm',
259	51	VERSION_FROM => 'SSLeay.pm',
260	52	LIBS => ["@LIB_FLAGS"],
261	53	INC => "@INC_FLAGS",
262	54	NEEDS_LINKING => 1,
	55	PREREQ_PM => {
	56	'MIME::Base64' => 0, # for Net::SSL
	57	},
263	58	clean => {
264	59	FILES => 'crypt_ssleay_version.h test.config',
265	60	},
266	61	@license,
267	62	);
268	63
269		if (open OUT, '> test.config') {
270		print OUT <<"INFO";
271		ssl $pkg_config->{type} $pkg_config->{ver} in $SSL_DIR
272		lib @LIB_FLAGS
273		inc @INC_FLAGS
274		cc $Config{cc}
275		INFO
276
277		print <<"INFO";
278		The test suite can attempt to connect to public servers
279		to ensure that the code is working properly. If you are
280		behind a strict firewall or have no network connectivity,
281		these tests may fail (through no fault of the code).
282
283		INFO
284		my $network_tests = prompt
285		"Do you want to run the live tests (y/N) ?",
286		'N';
287		print OUT "network_tests ", ($network_tests =~ /y/i) ? 1 : 0, "\n";
288		close OUT;
289		}
	64	write_test_config($pkg_config);
290	65
291	66	## HELPERS
292	67

294	69	my $dir = shift;
295	70	return unless -d $dir;
296	71
297		my $inc_dir;
298		my $version_file;
299		for (
300		"$dir/inc32/openssl/opensslv.h", # old win32 builds
301		"$dir/crypto/opensslv.h", # cygwin32 builds
302		"$dir/include/openssl/opensslv.h",
303		"$dir/../include/openssl/opensslv.h", # Solaris
304		"$dir/include/opensslv.h",
305		"$dir/include/crypto.h"
306		) {
307		if (-e $_) {
308		$version_file = $_;
309		last;
310		}
311		}
	72	my $version_file = find_version_file($dir);
312	73	return unless defined $version_file;
	74
313	75	my $fingerprint = join(':', (stat $version_file)[0,1]);
314	76
315		my $open_ssl = ($version_file =~ /openssl/i) ? 1 : 0;
316		$inc_dir = dirname($version_file);
	77	my $inc_dir = dirname $version_file;
317	78	return unless -e "$inc_dir/ssl.h";
318	79
319	80	my $prefix;
320		if ($^O eq 'MSWin32') {
321		$inc_dir =~ s{[\\/]openssl\z}{};
322		$prefix = 'openssl/';
323		}
324		elsif (index($inc_dir, '/../') > -1) {
325		# OpenSSL include directory is in a sibling directory
326		$inc_dir =~ s{\/openssl\z}{};
327		$prefix = 'openssl/';
	81	if ( 'openssl' eq lc basename $inc_dir ) {
	82	$prefix = 'openssl/';
	83	$inc_dir = dirname $inc_dir;
328	84	}
329	85	else {
330		$prefix = ($inc_dir =~ /\bopenssl/i) ? 'openssl/' : '';
331		}
332
333		open(VERSION_FILE, $version_file) or return;
334		my $version_match = $open_ssl ? "OPENSSL_VERSION_NUMBER" : "SSLEAY_VERSION_NUMBER";
335		my $version;
336		my $type;
337		while (<VERSION_FILE>) {
338		if (/^#define\s+$version_match\s+0x0+(\d\d\d)/) {
339		$version = $1;
340		$version =~ s/(\d)0(\d)/$1$2/;
341		$type = ($version > 92) ? "OpenSSL" : "SSLeay";
342		$version = join('.', split(//, "0$version"));
343		last;
344		}
345		}
346		close(VERSION_FILE);
	86	$prefix = '';
	87	}
	88
	89	my ($type, $version) = get_type_and_version( $version_file );
347	90
348	91	# Silly test to look for the library files
349	92	my $found_lib;
350	93	my $libd;
351		my $subdir = $opt_static ? 'out32' : 'out32dll';
	94	my $subdir = $OPT_STATIC ? 'out32' : 'out32dll';
352	95	if (-d "$dir/$subdir") {
353	96	$libd = [$subdir];
354	97	}
355	98	elsif ($^O eq 'MSWin32' and $Config{cc} eq 'gcc') {
356		$libd = ['lib/MinGW'];
	99	# don't miss c:\strawberry\c\lib
	100	$libd = ['lib', 'lib/MinGW'];
357	101	}
358	102	else {
359	103	# second attempt is for Solaris, like the include directory, the

391	135	};
392	136	}
393	137
	138	sub parse_openssl_version {
	139	my ($vstr) = @_;
	140
	141	# 0.9.6 or later : MNNFFPPS : major, minor, fix, patch, status (0-f)
	142	# 0.9.5a to before 0.9.6 : high bit of PP is set in MNNFFPPS
	143	# 0.9.3-dev to before 0.9.5a : MNNFFRBB : major, minor, fix, status (0-1), beta
	144	# prior to 0.9.3-dev, MNFP
	145
	146	if ( $vstr =~ /^(?:[1-9]\|0090[6-9])/ ) {
	147	return ( OpenSSL => parse_openssl_v096_or_later( $vstr ) );
	148	}
	149	elsif ( $vstr =~ /^00905[8-9]/ ) {
	150	return ( OpenSSL => parse_openssl_v095a_096( $vstr ) );
	151	}
	152	elsif ( $vstr =~ /^0090[3-5][01]/ ) {
	153	return ( OpenSSL => parse_openssl_v093dev_095a( $vstr ) );
	154	}
	155	else {
	156	return ( SSLeay => parse_openssl_pre_v093dev( $vstr ) );
	157	}
	158	return;
	159	}
	160
	161	sub parse_openssl_v096_or_later {
	162	my ($vstr) = @_;
	163
	164	# 0.9.6 or later : MNNFFPPS : major, minor, fix, patch, status (0-f)
	165	return unless my @v = $vstr =~ /^(.)(..)(..)(..)(.)$/;
	166
	167	my ($major, $minor, $fix, $patch, $status) = map hex, @v;
	168
	169	$patch = $patch ? chr( ord('a') + $patch - 1 ) : '';
	170
	171	if ( $status == 0 ) { $status = '-dev' }
	172	elsif ( $status == 15 ) { $status = '' }
	173	else { $status = "-beta$status" }
	174	return sprintf( '%u.%u.%u%s%s', $major, $minor, $fix, $patch, $status);
	175	}
	176
	177	sub parse_openssl_v095a_096 {
	178	my ($vstr) = @_;
	179
	180	# 0.9.5a to before 0.9.6 :
	181	# high bit of PP is set in MNNFFPPS
	182
	183	return parse_openssl_v096_or_later(
	184	sprintf '%08x', hex($vstr) & 0xfffff7ff
	185	);
	186	}
	187
	188	sub parse_openssl_v093dev_095a {
	189	my ($vstr) = @_;
	190
	191	# 0.9.3-dev to before 0.9.5a
	192	# MNNFFRBB : major, minor, fix, status (0-1), beta
	193
	194	return unless my @v = $vstr =~ /^(0)(09)(0[3-5])([0-1])(..)$/;
	195
	196	my ($major, $minor, $fix, $status, $patch) = map hex, @v;
	197
	198	$patch = $patch ? chr( ord('a') + $patch - 1 ) : '';
	199	$status = $status ? '' : '-dev';
	200	return sprintf( '%u.%u.%u%s%s', $major, $minor, $fix, $patch, $status );
	201	}
	202
	203	sub parse_openssl_pre_v093dev {
	204	my ($vstr) = @_;
	205
	206	# prior to 0.9.3-dev,
	207	# MNFP : major, minor, fix, patch
	208
	209	return unless my @v = $vstr =~ /^(0)(9)([12])([0-9])$/;
	210
	211	my ($major, $minor, $fix, $patch) = map hex, @v;
	212
	213	$patch = $patch ? chr( ord('a') + $patch - 1 ) : '';
	214	return sprintf( '%u.%u.%u%s', $major, $minor, $fix, $patch );
	215	}
	216
	217	sub find_version_file {
	218	my $dir = shift;
	219
	220	for my $file (
	221	"$dir/inc32/openssl/opensslv.h", # old win32 builds
	222	"$dir/crypto/opensslv.h", # cygwin32 builds
	223	"$dir/include/openssl/opensslv.h",
	224	"$dir/../include/openssl/opensslv.h", # Solaris
	225	"$dir/include/opensslv.h",
	226	"$dir/include/crypto.h"
	227	) {
	228	return $file if -e $file;
	229	}
	230	return;
	231	}
	232
	233	sub get_type_and_version {
	234	my $version_file = shift;
	235	my ($type, $version);
	236
	237	open VERSION_FILE, $version_file or return;
	238
	239	# Changed version number matching because
	240	# #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
	241	# in crypto/crypto.h in at least some early versions of OpenSSL
	242	while (<VERSION_FILE>) {
	243	next unless my ($vstr) =
	244	/^#define\s+(?:OPENSSL\|SSLEAY)_VERSION_NUMBER\s+0x([0-9A-Fa-f]+)/;
	245
	246	($type, $version) = parse_openssl_version( $vstr );
	247	last if defined $version;
	248	die "Failed to parse OpenSSL version '$vstr'" unless defined $version;
	249	}
	250	close VERSION_FILE;
	251	return ($type, $version);
	252	}
	253
	254	sub win32_ssl_dirs {
	255	return (
	256	'c:\\openssl',
	257	# $Config{usrinc} points to an include directory. Use dirname
	258	# so the lib directory is picked up correctly
	259	-d $Config{usrinc} ? dirname $Config{usrinc} : (),
	260	# pre-Oct2009 Strawberry Perl
	261	$Config{prefix},
	262	"$Config{prefix}\\..\\c",
	263	);
	264	}
	265
	266	sub vms_ssl_dirs {
	267	return (
	268	'/ssl$root',
	269	);
	270	}
	271
	272	sub unix_ssl_dirs {
	273	return qw(
	274	/local
	275	/local/ssl
	276	/opt/ssl
	277	/usr
	278	/usr/local
	279	/usr/local/ssl
	280	/usr/local/openssl
	281	);
	282	}
	283
	284	sub print_ssl_dir_not_found {
	285	my @possible_ssl_dirs = @_;
	286
	287	print '=' x 72, "\n";
	288	print <<"INFO";
	289	No installed SSL libraries found in any of the following places.
	290	INFO
	291	print " $_\n" for @possible_ssl_dirs;
	292	print <<"INFO";
	293	You will have to either specify a directory location at the following
	294	prompt, or rerun the Makefile.PL program and use the --lib switch
	295	to specify the path. If the path in question is considered standard
	296	on your platform, please consider filing a bug report in order to
	297	have it taken into account in a subsequent version of Crypt::SSLeay.
	298
	299	INFO
	300
	301	if (-f '/etc/debian_version') {
	302	print <<"DEBIAN_INFO";
	303
	304	It looks like this host is running Debian. Crypt::SSLeay needs
	305	to be compiled with C headers provided by the libssl-dev package.
	306	Please install that package before trying to build this module.
	307	(You can always deinstall the package afterwards, once
	308	Crypt::SSLeay has been built).
	309	DEBIAN_INFO
	310	}
	311	}
	312
	313	sub write_crypt_ssleay_version_h {
	314	my $pkg_config = shift;
	315	my $prefix = $pkg_config->{prefix};
	316
	317	my @include = map { "#include<$prefix$_>" }
	318	qw(ssl.h crypto.h err.h rand.h pkcs12.h);
	319
	320	if ($] < 5.005) {
	321	print "adding PL_sv_undef symbol for this ancient perl installation";
	322	push @include, (
	323	'/* defining PL_sv_undef for very old perls ($]) */',
	324	'#ifndef PL_sv_undef',
	325	'#define PL_sv_undef sv_undef',
	326	'#endif',
	327	'',
	328	);
	329	}
	330
	331	my $free;
	332	if ( $pkg_config->{type} eq 'OpenSSL'
	333	and $pkg_config->{ver} !~ /\b0\.9\.[2-5]/ ) {
	334	$free = 'OPENSSL_free';
	335	}
	336	else {
	337	$free = 'free';
	338	}
	339	push @include, "#define CRYPT_SSLEAY_free $free";
	340
	341	open INCLUDE, '>crypt_ssleay_version.h'
	342	or die "can't open crypt_ssleay_version.h for writing: $!";
	343
	344	print INCLUDE map { "$_\n" } @include;
	345
	346	close INCLUDE
	347	or die "Cannot close crypt_ssleay_version.h for output: $!\n";
	348	}
	349
	350	sub possible_ssl_dirs {
	351	if (defined $OPT_LIBPATH) {
	352	# explicit from command-line
	353	$OPT_DEFAULT = 1;
	354	return ($OPT_LIBPATH);
	355	}
	356	return win32_ssl_dirs() if $^O eq 'MSWin32';
	357	return vms_ssl_dirs() if $^O eq 'VMS';
	358
	359	# Unix and the rest
	360	return unix_ssl_dirs();
	361	}
	362
	363	sub candidate_ssl_dirs {
	364	my %seen;
	365	return
	366	grep { !$seen{$_->{check}}++ }
	367	map { Candidate($_) }
	368	@_;
	369	}
	370
	371	sub select_ssl_dir {
	372	my @possible_ssl_dirs = possible_ssl_dirs();
	373	my @candidate = candidate_ssl_dirs( @possible_ssl_dirs );
	374	if (@candidate == 0) {
	375	$OPT_DEFAULT = 0;
	376	print_ssl_dir_not_found( @possible_ssl_dirs );
	377	}
	378
	379	if (@candidate == 1) {
	380	return $candidate[0] if $OPT_DEFAULT;
	381	print <<"INFO";
	382	=======================================================
	383	Only one $candidate[0]->{type} installation found at $candidate[0]->{dir}
	384	Consider running 'perl Makefile.PL --default' the next
	385	time Crypt::SSLeay is upgraded to select this directory
	386	automatically thereby avoiding the following prompt.
	387	=======================================================
	388	INFO
	389
	390	}
	391	else {
	392	print "Found multiple possibilities for OpenSSL\n";
	393	for my $c (@candidate) {
	394	print " $c->{dir} ($c->{type} $c->{ver})\n";
	395	}
	396	}
	397
	398	my %cand = map { $_->{dir} => { %$_ } } @candidate;
	399	my $ssl_dir = prompt "Which SSL install path do you want to use?",
	400	$candidate[0]->{dir};
	401
	402	return $cand{$ssl_dir} if exists $cand{$ssl_dir};
	403
	404	my $pkg_config = Candidate($ssl_dir);
	405	return $pkg_config if $pkg_config;
	406
	407	warn <<"INFO";
	408	$ssl_dir does not appear to be an SSL library installation, since
	409	the required header files were not found. The build cannot proceed.
	410	INFO
	411	# avoid failure reports from CPAN Testers when OpenSSL was not found
	412	exit 0;
	413	}
	414
	415	sub inc_flags {
	416	return vms_inc_flags( @_ ) if $^O eq 'VMS';
	417	return win32_inc_flags( @_ ) if $^O eq 'MSWin32';
	418	return unix_inc_flags( @_ );
	419	}
	420
	421	sub vms_inc_flags {
	422	my $pkg_config = shift;
	423	return ( "-I$pkg_config->{inc}" );
	424	}
	425
	426	sub win32_inc_flags {
	427	my $pkg_config = shift;
	428	my $ssl_dir = $pkg_config->{dir};
	429	my $inc_dir = $pkg_config->{inc};
	430
	431	return (
	432	"-I$inc_dir",
	433	-d "$ssl_dir/inc32" ? "-I$ssl_dir\\inc32" : (),
	434	);
	435	}
	436
	437	sub unix_inc_flags {
	438	my $pkg_config = shift;
	439
	440	my @flags = ("-I$pkg_config->{inc}");
	441	# this fix was suggested for building on RedHat 9
	442	push @flags, '-I/usr/kerberos/include' if -d '/usr/kerberos/include';
	443	return @flags;
	444	}
	445
	446	sub lib_flags {
	447	return vms_lib_flags( @_ ) if $^O eq 'VMS';
	448	return win32_lib_flags( @_ ) if $^O eq 'MSWin32';
	449	return unix_lib_flags( @_ );
	450	}
	451
	452	sub vms_lib_flags {
	453	my $pkg_config = shift;
	454	return qw(-L/SYS$SHARE -lSSL$LIBSSL_SHR32 -lSSL$LIBCRYPTO_SHR32);
	455	}
	456
	457	sub win32_lib_flags {
	458	my $pkg_config = shift;
	459	my $ssl_dir = $pkg_config->{dir};
	460
	461	my $mingw = $Config{cc} =~ /gcc(?:\.exe)?\z/;
	462	$mingw and print "Assuming MingW\n";
	463
	464	my @flags;
	465
	466	if ($mingw and -d "$ssl_dir\\lib\\MinGW") {
	467	push @flags, "-L$ssl_dir\\lib\\MinGW";
	468	}
	469	elsif(-d "$ssl_dir/lib") {
	470	push @flags, "-L$ssl_dir\\lib";
	471	}
	472	else {
	473	my $dir = $OPT_STATIC ? "$ssl_dir\\out32" : "$ssl_dir\\out32dll";
	474	if (-d $dir) {
	475	push @flags, "-L$dir";
	476	}
	477	else {
	478	# Allow developers to point at OpenSSL source...
	479	push @flags, "-L$ssl_dir";
	480	}
	481	}
	482
	483	push @flags, qw(-lssleay32 -llibeay32);
	484	push @flags, qw(-lRSAglue -lrsaref) if $pkg_config->{type} ne 'OpenSSL';
	485	return @flags;
	486	}
	487
	488	sub unix_lib_flags {
	489	my $pkg_config = shift;
	490	my $dir = $pkg_config->{dir};
	491
	492	my @flags = (
	493	"-L$pkg_config->{lib}",
	494	qw(-lssl -lcrypto -lgcc),
	495	$pkg_config->{type} ne 'OpenSSL' ? qw(-lRSAglue -lrsaref) : (),
	496	);
	497
	498	# ccc on alpha support
	499	if ($^O eq 'linux'
	500	and `uname -m` =~ /alpha/
	501	and !(system("nm $dir/lib/libssl.a\|grep -q 'U _Ots'")>>8)
	502	) {
	503	push @flags, '-lots';
	504	}
	505
	506	return @flags;
	507	}
	508
	509	sub write_test_config {
	510	my $pkg_config = shift;
	511
	512	open OUT, '> test.config'
	513	or die "Cannot write test config: $!";
	514
	515	print OUT <<"INFO";
	516	ssl $pkg_config->{type} $pkg_config->{ver} in $pkg_config->{dir};
	517	lib @LIB_FLAGS
	518	inc @INC_FLAGS
	519	cc $Config{cc}
	520	INFO
	521
	522	print OUT "network_tests ", is_live_test_wanted() ? 1 : 0, "\n";
	523	close OUT
	524	or die "Cannot write test.config: $!";
	525	return;
	526	}
	527
	528	sub is_live_test_wanted {
	529	my $wanted = 'n';
	530	if (not defined $OPT_LIVE_TESTS) {
	531	print <<"INFO";
	532	The test suite can attempt to connect to public servers
	533	to ensure that the code is working properly. If you are
	534	behind a strict firewall or have no network connectivity,
	535	these tests may fail (through no fault of the code).
	536	INFO
	537	$wanted = prompt "Do you want to run the live tests (y/N)?", 'N';
	538	}
	539	elsif ($OPT_LIVE_TESTS) {
	540	$wanted = 'y';
	541	}
	542
	543	return $wanted =~ /\Ay(?:es)?/i;
	544	}
	545
	546	sub fix_win32_paths {
	547	my $pkg_config = shift;
	548
	549	for my $dir ($pkg_config->{dir}, $pkg_config->{inc}) {
	550	# external tools probably expect \ and not / for path separators
	551	$dir =~ tr{/}{\\};
	552
	553	# default to drive C: if no drive or relative path
	554	unless ( $dir =~ m{\A(?:[A-Za-z]:\|\.\.[\\/])} ) {
	555	$dir = "c:$dir";
	556	}
	557	}
	558	return;
	559	}
	560
	561	sub show_build_information {
	562	my ($pkg_config, $inc_flags, $lib_flags) = @_;
	563	print <<"INFO";
	564
	565	BUILD INFORMATION
	566	================================================
	567	ssl library: $pkg_config->{type} $pkg_config->{ver} in $pkg_config->{dir}
	568	ssl header: $pkg_config->{prefix}ssl.h
	569	libraries: @$lib_flags
	570	include dir: @$inc_flags
	571	================================================
	572	INFO
	573	return;
	574	}

+368

-423

README less more

0		NAME
1		Crypt::SSLeay - OpenSSL glue that provides LWP https support
2
3		SYNOPSIS
4		lwp-request https://www.example.com
5
6		use LWP::UserAgent;
7		my $ua = new LWP::UserAgent;
8		my $req = new HTTP::Request('GET', 'https://www.example.com');
9		my $res = $ua->request($req);
10		print $res->code."\n";
11
12		# PROXY SUPPORT
13		$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
14
15		# PROXY_BASIC_AUTH
16		$ENV{HTTPS_PROXY_USERNAME} = 'username';
17		$ENV{HTTPS_PROXY_PASSWORD} = 'password';
18
19		# DEBUGGING SWITCH / LOW LEVEL SSL DIAGNOSTICS
20		$ENV{HTTPS_DEBUG} = 1;
21
22		# DEFAULT SSL VERSION
23		$ENV{HTTPS_VERSION} = '3';
24
25		# CLIENT CERT SUPPORT
26		$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
27		$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
28
29		# CA CERT PEER VERIFICATION
30		$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
31		$ENV{HTTPS_CA_DIR} = 'certs/';
32
33		# CLIENT PKCS12 CERT SUPPORT
34		$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
35		$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
36
37		DESCRIPTION
38		This perl module provides support for the https protocol under LWP, so
39		that a LWP::UserAgent can make https GET & HEAD & POST requests. Please
40		see perldoc LWP for more information on POST requests.
41
42		The Crypt::SSLeay package contains Net::SSL, which is automatically
43		loaded by LWP::Protocol::https on https requests, and provides the
44		necessary SSL glue for that module to work via these deprecated modules:
45
46		Crypt::SSLeay::CTX
47		Crypt::SSLeay::Conn
48		Crypt::SSLeay::X509
49
50		Work on Crypt::SSLeay has been continued only to provide https support
51		for the LWP - libwww perl libraries. If you want access to the OpenSSL
52		API via perl, check out Sampo's Net::SSLeay.
53
54		INSTALL
55		OpenSSL
56		You must have OpenSSL or SSLeay installed before compiling this module.
57		You can get the latest OpenSSL package from:
58
59		http://www.openssl.org
60
61		On Debian systems, you will need to install the libssl-dev package,
62		at least for the duration of the build (it may be removed afterwards).
63
64		Other package-based systems may require something similar. The key is
65		that Crypt::SSLeay makes calls to the OpenSSL library, and how to do
66		so is specified in the C header files that come with the library.
67		Some systems break out the header files into a separate package from
68		that of the libraries. Once the program has been built, you don't
69		need the headers any more.
70
71		When installing openssl make sure your config looks like:
72
73		./config --openssldir=/usr/local/openssl
74		or
75		./config --openssldir=/usr/local/ssl
76
77		If you are planning on upgrading the default OpenSSL libraries on a
78		system like RedHat, not that I would recommend this, then you might try
79		something like:
80
81		./config --openssldir=/usr --shared
82
83		The --shared option to config will set up building the .so shared
84		libraries which is important for such systems.
85
86		then
87		make
88		make test
89		make install
90
91		This way Crypt::SSLeay will pick up the includes and libraries
92		automatically. If your includes end up going into a separate directory
93		like /usr/local/include, then you may need to symlink
94		/usr/local/openssl/include to /usr/local/include
95
96		Crypt::SSLeay
97		The latest Crypt::SSLeay can be found at your nearest CPAN, and also:
98
99		http://www.perl.com/CPAN-local/modules/by-module/Crypt/
100
101		Once you have downloaded it, Crypt::SSLeay installs easily using the
102		make or nmake commands as shown below.
103
104		perl Makefile.PL
105		make
106		make test
107		make install
108
109		* use nmake or dmake for win32
110
111		For unattended (batch) installations, to be absolutely certain that
112		F<Makefile.PL> does not prompt for questions on STDIN, set the
113		following environment variable beforehand:
114
115		PERL_MM_USE_DEFAULT=1
116
117		(This is true for any CPAN module that uses C<ExtUtils::MakeMaker>).
118
119		Windows
120		For Activestate users, the ActiveState company does not have a permit
121		from the Canadian Federal Government to distribute cryptographic
122		software. This prevents "Crypt::SSLeay" from being distributed as a PPM
123		package from their repository. See
124		<http://aspn.activestate.com/ASPN/docs/ActivePerl/5.8/faq/ActivePerl-faq2.html#crypto_packages>
125		for more information on this issue.
126
127		You may download it from Randy Kobes's PPM repository by using the
128		following command:
129
130		ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd
131
132		An alternative is to add the uwinnipeg.ca PPM repository to your local
133		installation. See <http://cpan.uwinnipeg.ca/htdocs/faqs/ppm.html> for
134		more details.
135
136		PROXY SUPPORT
137		LWP::UserAgent and Crypt::SSLeay have their own versions of proxy
138		support. Please read these sections to see which one may be right for
139		you.
140
141		LWP::UserAgent Proxy Support
142		LWP::UserAgent has its own methods of proxying which may work for you
143		and is likely incompatible with Crypt::SSLeay proxy support. To use
144		LWP::UserAgent proxy support, try something like:
145
146		my $ua = new LWP::UserAgent;
147		$ua->proxy([qw( https http )], "$proxy_ip:$proxy_port");
148
149		At the time of this writing, libwww v5.6 seems to proxy https requests
150		fine with an Apache mod_proxy server. It sends a line like:
151
152		GET https://www.example.com HTTP/1.1
153
154		to the proxy server, which is not the CONNECT request that some proxies
155		would expect, so this may not work with other proxy servers than
156		mod_proxy. The CONNECT method is used by Crypt::SSLeay's internal proxy
157		support.
158
159		Crypt::SSLeay Proxy Support
160		For native Crypt::SSLeay proxy support of https requests, you need to
161		set an environment variable HTTPS_PROXY to your proxy server & port, as
162		in:
163
164		# PROXY SUPPORT
165		$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
166		$ENV{HTTPS_PROXY} = '127.0.0.1:8080';
167
168		Use of the HTTPS_PROXY environment variable in this way is similar to
169		LWP::UserAgent->env_proxy() usage, but calling that method will likely
170		override or break the Crypt::SSLeay support, so do not mix the two.
171
172		Basic auth credentials to the proxy server can be provided this way:
173
174		# PROXY_BASIC_AUTH
175		$ENV{HTTPS_PROXY_USERNAME} = 'username';
176		$ENV{HTTPS_PROXY_PASSWORD} = 'password';
177
178		For an example of LWP scripting with Crypt::SSLeay native proxy support,
179		please see the source of the eg/lwp-ssl-test script in the Crypt::SSLeay
180		distribution.
181
182		CLIENT CERTIFICATE SUPPORT
183		Certificate support is new provided by patches from Tobias Manthey. Is
184		ALPHA as of .25, but looking pretty stable as of .29.
185
186		PEM encoded certificate and private key files may be used like this:
187
188		$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
189		$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
190
191		You may test your files with the eg/net-ssl-test program by issuing a
192		command like:
193
194		perl eg/net-ssl-test -cert=certs/notacacert.pem -key=certs/notacakeynopass.pem -d GET $HOST_NAME
195
196		Additionally, if you would like to tell the client where the CA file is,
197		you may set these. These CA configs are ALPHA as of version .29.
198
199		$ENV{HTTPS_CA_FILE} = "some_file";
200		$ENV{HTTPS_CA_DIR} = "some_dir";
201
202		There is no sample CA cert file at this time for testing, but you may
203		configure eg/net_ssl_test to use your CA cert with the -CAfile option.
204
205		Creating a Test Certificate
206		To create simple test certificates with openssl, you may:
207
208		/usr/local/openssl/bin/openssl req -config /usr/local/openssl/openssl.cnf -new -days 365 -newkey rsa:1024 -x509 -keyout notacakey.pem -out notacacert.pem
209
210		To remove the pass phrase from the key file, execute this:
211		/usr/local/openssl/bin/openssl rsa -in notacakey.pem -out
212		notacakeynopass.pem
213
214		PKCS12
215		New as of version .45 is PKCS12 certificate support thanks to Daisuke
216		Kuroda The directives for enabling use of these certificates is:
217
218		$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
219		$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
220
221		Use of this type of certificate will take precedence over previous
222		certificate settings described.
223
224		SSL VERSIONS
225		Crypt::SSLeay tries very hard to connect to ANY SSL web server trying to
226		accomodate servers that are buggy, old or simply not standards
227		compliant. To this effect, this module will try SSL connections in this
228		order:
229
230		SSL v23 - should allow v2 & v3 servers to pick their best type
231		SSL v3 - best connection type
232		SSL v2 - old connection type
233
234		Unfortunately, some servers seem not to handle a reconnect to SSL v3
235		after a failed connect of SSL v23 is tried, so you may set before using
236		LWP or Net::SSL:
237
238		$ENV{HTTPS_VERSION} = 3;
239
240		so that a SSL v3 connection is tried first. At this time only a SSL v2
241		connection will be tried after this, as the connection attempt order
242		remains unchanged by this setting.
243
244		COMPATIBILITY
245		This module has been compiled on the following platforms:
246
247		PLATFORM CPU SSL PERL VER DATE WHO
248		-------- --- --- ---- --- ---- ---
249		Linux 2.4.7 x86 OpenSSL 0.9.7 5.00800 .51 2003-06-10 Joshua Chamas
250		Linux 2.4.7 x86 OpenSSL 0.9.6g 5.00800 .49 2003-01-29 Joshua Chamas
251		Win2000 SP2 x86 OpenSSL 0.9.7 5.00601 .49 2003-01-29 Joshua Chamas
252		WinNT SP6 x86 OpenSSL 0.9.6a 5.00601 .45 2002-08-01 Joshua Chamas
253		Linux 2.4.7 x86 OpenSSL 0.9.6d 5.00800 .45 2002-08-01 Joshua Chamas
254		Linux 2.4.7 x86 OpenSSL 0.9.6 5.00601 .39 2002-06-23 Joshua Chamas
255		Solaris 2.8 Sparc ? 5.00503 .37 2002-05-31 Christopher Biow
256		OpenBSD 2.8 Sparc ? 5.00600 .25 2001-04-11 Tim Ayers
257		Linux 2.2.14 x86 OpenSSL 0.9.6 5.00503 .25 2001-04-10 Joshua Chamas
258		WinNT SP6 x86 OpenSSL 0.9.4 5.00404 .25 2001-04-10 Joshua Chamas
259		Solaris 2.7 Sparc OpenSSL 0.9.6 5.00503 .22 2001-03-01 Dave Paris
260		AIX 4.3.2 RS/6000 OpenSSL 0.9.6 5.6.0 .19 2001-01-08 Peter Heimann
261		Solaris 2.6 x86 OpenSSL 0.9.5a 5.00501 .17 2000-09-04 Joshua Chamas
262		Linux 2.2.12 x86 OpenSSL 0.9.5a 5.00503 .16 2000-07-13 David Harris
263		FreeBSD 3.2 ?x86 OpenSSL 0.9.2b 5.00503 ? 1999-09-29 Rip Toren
264		Solaris 2.6 ?Sparc OpenSSL 0.9.4 5.00404 ? 1999-08-24 Patrick Killelea
265		FreeBSD 2.2.5 x86 OpenSSL 0.9.3 5.00404 ? 1999-08-19 Andy Lee
266		Solaris 2.5.1 USparc OpenSSL 0.9.4 5.00503 ? 1999-08-18 Marek Rouchal
267		Solaris 2.6 x86 SSLeay 0.8.0 5.00501 ? 1999-08-12 Joshua Chamas
268		Linux 2.2.10 x86 OpenSSL 0.9.4 5.00503 ? 1999-08-11 John Barrett
269		WinNT SP4 x86 SSLeay 0.9.2 5.00404 ? 1999-08-10 Joshua Chamas
270
271		BUILD NOTES
272		Win32, WinNT, Win2000, can't build
273		If you cannot get it to build on your windows box, try ActiveState perl,
274		at least their builds 522 & 618 are known to have a ppm install of
275		Crypt::SSLeay available. Please see http://www.activestate.com for more
276		info.
277
278		AIX 4.3.2 - Symbol Error: __umoddi3 : referenced symbol not found
279		The __umoddi3 problem applies here as well when compiling with gcc.
280
281		Alternative solution: In Makefile.PL, prepend "-L"/usr/local/<path to
282		your gcc lib>/<version> to the $LIBS value. Add after line 82:
283
284		$LIBS = '-L' . dirname(`gcc -print-libgcc-file-name`) . ' ' . $LIBS;
285
286		Solaris x86 - Symbol Error: __umoddi3 : referenced symbol not found
287		Problem:
288
289		On Solaris x86, the default PERL configuration, and preferred, is to use
290		the ld linker that comes with the OS, not gcc. Unfortunately during the
291		OpenSSL build process, gcc generates in libcrypto.a, from bn_word.c, the
292		undefined symbol __umoddi3, which is supposed to be later resolved by
293		gcc from libgcc.a
294
295		The system ld linker does not know about libgcc.a by default, so when
296		building Crypt::SSLeay, there is a linker error for __umoddi3
297
298		Solution:
299
300		The fix for this symlink your libgcc.a to some standard directory like
301		/usr/local/lib, so that the system linker, ld, can find it when building
302		Crypt::SSLeay.
303
304		FreeBSD 2.x.x / Solaris - ... des.h:96 #error _ is defined ...
305		If you encounter this error: "...des.h:96: #error _ is defined, but some
306		strange definition the DES library cannot handle that...," then you need
307		to edit the des.h file and comment out the "#error" line.
308
309		Its looks like this error might be common to other operating systems,
310		and that occurs with OpenSSL 0.9.3. Upgrades to 0.9.4 seem to fix this
311		problem.
312
313		SunOS 4.1.4, Perl 5.004_04 - ld.so: Undefined symbol: _CRYPT_mem_ctrl
314		Problems: (initial build was fine, but execution of Perl scripts had
315		problems)
316
317		Got a message "ld.so: Undefined symbol: _CRYPT_mem_ctrl" solution: In
318		the Makefile, comment out the line with "-fpic" (also try changing to
319		"-fPIC", and this works also, not sure if one is preferred).
320
321		OTHER MODULES
322
323		A number of CPAN modules list Crypt-SSLeay as a pre-requisite. As of
324		March 2007, this list included
325
326		Acme-SDUM-Renew ROOT
327		ASNMTAP ASNMTAP
328		Business-Billing-TMobile-UK SRSHAH
329		Business-OnlinePayment-Protx TEEJAY
330		Business-PayPal-IPN SHERZODR
331		Finance-Bank-CreditMut CBOUVI
332		Finance-Bank-Fubon-TW AUTRIJUS
333		Finance-Bank-HDFC ROHAN
334		Finance-Quote HAMPTON
335		Finance-SE-PPM ERWAN
336		GMail-IMAPD KRS
337		Google-Checkout DZHUO
338		Hey-heyPass WILSOND
339		HTTP-QuickBase CVONROES
340		Mail-Webmail-Gmail MINCUS
341		Module-Release BDFOY
342		Net-Artera IVAN
343		Net-eBay ICHUDOV
344		Net-SMS-MessageNet DDICK
345		Net-SMS-MessageNet DDICK
346		Net-SMS-O2 AWRIGLEY
347		Net-SMS-Optimus ROOT
348		Net-SMS-PChome SNOWFLY
349		Net-UPS SHERZODR
350		Net-XRC IVAN
351		o2sms MACKERS
352		WebService-CIA IMALPASS
353		WWW-FleXtel NICOLAW
354		WWW-GMail XANTUS
355		WWW-Hotmail XANTUS
356		WWW-Mail15 REFLOG
357		WWW-Myspace GRANTG
358		WWW-Postini PGUZIS
359		WWW-RIPE-LIRPortal RIPENCC
360		WWW-Scraper-Gmail KASTNER
361		WWW-Yahoo-Groups SPOON
362		Yahoo-Marketing JLAVALLEE
363
364		NOTES
365		Many thanks to Gisle Aas for the original writing of this module and
366		many others including libwww for perl. The web will never be the same :)
367
368		Ben Laurie deserves kudos for his excellent patches for better error
369		handling, SSL information inspection, and random seeding.
370
371		Thanks to Dongqiang Bai for host name resolution fix when using a proxy.
372
373		Thanks to Stuart Horner of Core Communications, Inc. who found the need
374		for building --shared OpenSSL libraries.
375
376		Thanks to Pavel Hlavnicka for a patch for freeing memory when using a
377		pkcs12 file, and for inspiring more robust read() behavior.
378
379		James Woodyatt is a champ for finding a ridiculous memory leak that has
380		been the bane of many a Crypt::SSLeay user.
381
382		Thanks to Bryan Hart for his patch adding proxy support, and thanks to
383		Tobias Manthey for submitting another approach.
384
385		Thanks to Alex Rhomberg for Alpha linux ccc patch.
386
387		Thanks to Tobias Manthey for his patches for client certificate support.
388
389		Thanks to Gamid Isayev for CA cert support and insight into error
390		messaging.
391
392		Thanks to Jeff Long for working through a tricky CA cert SSLClientVerify
393		issue.
394
395		Thanks to Chip Turner for patch to build under perl 5.8.0
396
397		Thanks to Joshua Chamas for the time he spent maintaining the
398		module.
399
400		SUPPORT
401		For use of Crypt::SSLeay & Net::SSL with perl's LWP, please send email
402		to libwww@perl.org .
403
404		For OpenSSL or general SSL support please email the openssl user mailing
405		list at openssl-users@openssl.org . This includes issues associated with
406		building and installing OpenSSL on one's system.
407
408		Please report all bugs at
409		L<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay>.
410
411		This module was originally written by Gisle Aas, and was subsequently
412		maintained by Joshua Chamas. It is currently maintained by David
413		Landgren.
414
415		COPYRIGHT
416		Copyright (c) 2006-2007 David Landgren.
417		Copyright (c) 1999-2003 Joshua Chamas.
418		Copyright (c) 1998 Gisle Aas.
419
420		This program is free software; you can redistribute it and/or modify it
421		under the same terms as Perl itself.
422
	0	NAME
	1	Crypt::SSLeay - OpenSSL support for LWP
	2
	3	SYNOPSIS
	4	lwp-request https://www.example.com
	5
	6	use LWP::UserAgent;
	7	my $ua = LWP::UserAgent->new;
	8	my $response = $ua->get('https://www.example.com/');
	9	print $response->content, "\n";
	10
	11	DESCRIPTION
	12	This Perl module provides support for the HTTPS protocol under LWP, to
	13	allow an "LWP::UserAgent" object to perform GET, HEAD and POST requests.
	14	Please see LWP for more information on POST requests.
	15
	16	The "Crypt::SSLeay" package provides "Net::SSL", which is loaded by
	17	"LWP::Protocol::https" for https requests and provides the necessary SSL
	18	glue.
	19
	20	This distribution also makes following deprecated modules available:
	21
	22	Crypt::SSLeay::CTX
	23	Crypt::SSLeay::Conn
	24	Crypt::SSLeay::X509
	25
	26	Work on Crypt::SSLeay has been continued only to provide https support
	27	for the LWP (libwww-perl) libraries.
	28
	29	ENVIRONMENT VARIABLES
	30	The following environment variables change the way "Crypt::SSLeay" and
	31	"Net::SSL" behave.
	32
	33	# proxy support
	34	$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
	35
	36	# proxy_basic_auth
	37	$ENV{HTTPS_PROXY_USERNAME} = 'username';
	38	$ENV{HTTPS_PROXY_PASSWORD} = 'password';
	39
	40	# debugging (SSL diagnostics)
	41	$ENV{HTTPS_DEBUG} = 1;
	42
	43	# default ssl version
	44	$ENV{HTTPS_VERSION} = '3';
	45
	46	# client certificate support
	47	$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
	48	$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
	49
	50	# CA cert peer verification
	51	$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
	52	$ENV{HTTPS_CA_DIR} = 'certs/';
	53
	54	# Client PKCS12 cert support
	55	$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
	56	$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
	57
	58	INSTALL
	59	OpenSSL
	60	You must have OpenSSL or SSLeay installed before compiling this module.
	61	You can get the latest OpenSSL package from <http://www.openssl.org/>.
	62
	63	On Debian systems, you will need to install the "libssl-dev" package, at
	64	least for the duration of the build (it may be removed afterwards).
	65
	66	Other package-based systems may require something similar. The key is
	67	that "Crypt::SSLeay" makes calls to the OpenSSL library, and how to do
	68	so is specified in the C header files that come with the library. Some
	69	systems break out the header files into a separate package from that of
	70	the libraries. Once the program has been built, you don't need the
	71	headers any more.
	72
	73	When installing openssl make sure your config looks like:
	74
	75	./config --openssldir=/usr/local/openssl
	76
	77	or
	78
	79	./config --openssldir=/usr/local/ssl
	80
	81	If you are planning on upgrading the default OpenSSL libraries on a
	82	system like RedHat, (not recommended), then try something like:
	83
	84	./config --openssldir=/usr --shared
	85
	86	The "--shared" option to config will set up building the .so shared
	87	libraries which is important for such systems. This is followed by:
	88
	89	make
	90	make test
	91	make install
	92
	93	This way "Crypt::SSLeay" will pick up the includes and libraries
	94	automatically. If your includes end up going into a separate directory
	95	like /usr/local/include, then you may need to symlink
	96	/usr/local/openssl/include to /usr/local/include
	97
	98	Crypt::SSLeay
	99	The latest Crypt::SSLeay can be found at your nearest CPAN, as well as
	100	<http://search.cpan.org/dist/Crypt-SSLeay/>
	101
	102	Once you have downloaded it, Crypt::SSLeay installs easily using the
	103	"make" * commands as shown below.
	104
	105	perl Makefile.PL
	106	make
	107	make test
	108	make install
	109
	110	On Windows systems, both Strawberry Perl and ActiveState (as a separate
	111	download via ppm) projects include a MingW based compiler distribution
	112	and "dmake" which can be used to build both OpenSSL and "Crypt-SSLeay".
	113	If you have such a set up, use "dmake" above.
	114
	115	For unattended (batch) installations, to be absolutely certain that
	116	Makefile.PL does not prompt for questions on STDIN, set the following
	117	environment variable beforehand:
	118
	119	PERL_MM_USE_DEFAULT=1
	120
	121	(This is true for any CPAN module that uses "ExtUtils::MakeMaker").
	122
	123	To skip live tests, you can use
	124
	125	perl Makefile.PL --no-live-tests
	126
	127	and to force live tests, you can use
	128
	129	perl Makefile.PL --live-tests
	130
	131	Windows
	132	"Crypt::SSLeay" builds correctly with Strawberry Perl.
	133
	134	For ActiveState Perl users, the ActiveState company does not have a
	135	permit from the Canadian Federal Government to distribute cryptographic
	136	software. This prevents "Crypt::SSLeay" from being distributed as a PPM
	137	package from their repository. See
	138	<http://aspn.activestate.com/ASPN/docs/ActivePerl/5.8/faq/ActivePerl-faq
	139	2.html#crypto_packages> for more information on this issue.
	140
	141	You may download it from Randy Kobes's PPM repository by using the
	142	following command:
	143
	144	ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd
	145
	146	An alternative is to add the uwinnipeg.ca PPM repository to your local
	147	installation. See <http://cpan.uwinnipeg.ca/htdocs/faqs/ppm.html> for
	148	more details.
	149
	150	VMS
	151	It is assumed that the OpenSSL installation is located at /ssl$root.
	152	Define this logical to point to the appropriate place in the filesystem.
	153
	154	PROXY SUPPORT
	155	LWP::UserAgent and Crypt::SSLeay have their own versions of proxy
	156	support. Please read these sections to see which one is appropriate.
	157
	158	LWP::UserAgent proxy support
	159	"LWP::UserAgent" has its own methods of proxying which may work for you
	160	and is likely to be incompatible with "Crypt::SSLeay" proxy support. To
	161	use "LWP::UserAgent" proxy support, try something like:
	162
	163	my $ua = LWP::UserAgent->new;
	164	$ua->proxy([qw( https http )], "$proxy_ip:$proxy_port");
	165
	166	At the time of this writing, libwww v5.6 seems to proxy https requests
	167	fine with an Apache mod_proxy server. It sends a line like:
	168
	169	GET https://www.example.com HTTP/1.1
	170
	171	to the proxy server, which is not the "CONNECT" request that some
	172	proxies would expect, so this may not work with other proxy servers than
	173	mod_proxy. The "CONNECT" method is used by "Crypt::SSLeay"'s internal
	174	proxy support.
	175
	176	Crypt::SSLeay proxy support
	177	For native "Crypt::SSLeay" proxy support of https requests, you need to
	178	set the environment variable "HTTPS_PROXY" to your proxy server and
	179	port, as in:
	180
	181	# proxy support
	182	$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
	183	$ENV{HTTPS_PROXY} = '127.0.0.1:8080';
	184
	185	Use of the "HTTPS_PROXY" environment variable in this way is similar to
	186	"LWP::UserAgent-"env_proxy()> usage, but calling that method will likely
	187	override or break the "Crypt::SSLeay" support, so do not mix the two.
	188
	189	Basic auth credentials to the proxy server can be provided this way:
	190
	191	# proxy_basic_auth
	192	$ENV{HTTPS_PROXY_USERNAME} = 'username';
	193	$ENV{HTTPS_PROXY_PASSWORD} = 'password';
	194
	195	For an example of LWP scripting with "Crypt::SSLeay" native proxy
	196	support, please look at the eg/lwp-ssl-test script in the
	197	"Crypt::SSLeay" distribution.
	198
	199	CLIENT CERTIFICATE SUPPORT
	200	Client certificates are supported. PEM encoded certificate and private
	201	key files may be used like this:
	202
	203	$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
	204	$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
	205
	206	You may test your files with the eg/net-ssl-test program, bundled with
	207	the distribution, by issuing a command like:
	208
	209	perl eg/net-ssl-test -cert=certs/notacacert.pem \
	210	-key=certs/notacakeynopass.pem -d GET $HOST_NAME
	211
	212	Additionally, if you would like to tell the client where the CA file is,
	213	you may set these.
	214
	215	$ENV{HTTPS_CA_FILE} = "some_file";
	216	$ENV{HTTPS_CA_DIR} = "some_dir";
	217
	218	Note that, if specified, $ENV{HTTPS_CA_FILE} must point to the actual
	219	certificate file. That is, $ENV{HTTPS_CA_DIR} is not the path were
	220	$ENV{HTTPS_CA_FILE} is located.
	221
	222	For certificates in $ENV{HTTPS_CA_DIR} to be picked up, follow the
	223	instructions on
	224	<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>
	225
	226	There is no sample CA cert file at this time for testing, but you may
	227	configure eg/net-ssl-test to use your CA cert with the -CAfile option.
	228	(TODO: then what is the ./certs directory in the distribution?)
	229
	230	Creating a test certificate
	231	To create simple test certificates with OpenSSL, you may run the
	232	following command:
	233
	234	openssl req -config /usr/local/openssl/openssl.cnf \
	235	-new -days 365 -newkey rsa:1024 -x509 \
	236	-keyout notacakey.pem -out notacacert.pem
	237
	238	To remove the pass phrase from the key file, run:
	239
	240	openssl rsa -in notacakey.pem -out notacakeynopass.pem
	241
	242	PKCS12 support
	243	The directives for enabling use of PKCS12 certificates is:
	244
	245	$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
	246	$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
	247
	248	Use of this type of certificate takes precedence over previous
	249	certificate settings described. (TODO: unclear? Meaning "the presence of
	250	this type of certificate"?)
	251
	252	SSL versions
	253	"Crypt::SSLeay" tries very hard to connect to any SSL web server
	254	accomodating servers that are buggy, old or simply not
	255	standards-compliant. To this effect, this module will try SSL
	256	connections in this order:
	257
	258	SSL v23
	259	should allow v2 and v3 servers to pick their best type
	260
	261	SSL v3
	262	best connection type
	263
	264	SSL v2
	265	old connection type
	266
	267	Unfortunately, some servers seem not to handle a reconnect to SSL v3
	268	after a failed connect of SSL v23 is tried, so you may set before using
	269	LWP or Net::SSL:
	270
	271	$ENV{HTTPS_VERSION} = 3;
	272
	273	to force a version 3 SSL connection first. At this time only a version 2
	274	SSL connection will be tried after this, as the connection attempt order
	275	remains unchanged by this setting.
	276
	277	ACKNOWLEDGEMENTS
	278	Many thanks to the following individuals who helped improve
	279	"Crypt-SSLeay":
	280
	281	Gisle Aas for writing this module and many others including libwww,
	282	for perl. The web will never be the same :)
	283
	284	Ben Laurie deserves kudos for his excellent patches for better error
	285	handling, SSL information inspection, and random seeding.
	286
	287	Dongqiang Bai for host name resolution fix when using a proxy.
	288
	289	Stuart Horner of Core Communications, Inc. who found the need for
	290	building "--shared" OpenSSL libraries.
	291
	292	Pavel Hlavnicka for a patch for freeing memory when using a pkcs12
	293	file, and for inspiring more robust "read()" behavior.
	294
	295	James Woodyatt is a champ for finding a ridiculous memory leak that
	296	has been the bane of many a Crypt::SSLeay user.
	297
	298	Bryan Hart for his patch adding proxy support, and thanks to *Tobias
	299	Manthey* for submitting another approach.
	300
	301	Alex Rhomberg for Alpha linux ccc patch.
	302
	303	Tobias Manthey for his patches for client certificate support.
	304
	305	Daisuke Kuroda for adding PKCS12 certificate support.
	306
	307	Gamid Isayev for CA cert support and insights into error messaging.
	308
	309	Jeff Long for working through a tricky CA cert SSLClientVerify issue.
	310
	311	Chip Turner for a patch to build under perl 5.8.0.
	312
	313	Joshua Chamas for the time he spent maintaining the module.
	314
	315	Jeff Lavallee for help with alarms on read failures (CPAN bug #12444).
	316
	317	Guenter Knauf for significant improvements in configuring things in
	318	Win32 and Netware lands and Jan Dubois for various suggestions for
	319	improvements.
	320
	321	and many others who provided bug reports, suggestions, fixes and
	322	patches.
	323
	324	SEE ALSO
	325	Net::SSL
	326	If you have downloaded this distribution as of a dependency of
	327	another distribution, it's probably due to this module (which is
	328	included in this distribution).
	329
	330	Net::SSLeay
	331	Net::SSLeay provides access to the OpenSSL API directly from Perl.
	332	See <http://search.cpan.org/dist/Net-SSLeay/>.
	333
	334	OpenSSL binary packages for Windows
	335	See <http://www.openssl.org/related/binaries.html>.
	336
	337	SUPPORT
	338	For use of Crypt::SSLeay & Net::SSL with Perl's LWP, please send email
	339	to libwww@perl.org <mailto:libwww@perl.org>.
	340
	341	For OpenSSL or general SSL support, including issues associated with
	342	building and installing OpenSSL on your system, please email the OpenSSL
	343	users mailing list at openssl-users@openssl.org
	344	<mailto:openssl-users@openssl.org>. See
	345	<http://www.openssl.org/support/community.html> for other mailing lists
	346	and archives.
	347
	348	Please report all bugs at
	349	"/rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay"" in "http:.
	350
	351	AUTHORS
	352	This module was originally written by Gisle Aas, and was subsequently
	353	maintained by Joshua Chamas, David Landgren, brian d foy and Sinan Unur.
	354
	355	COPYRIGHT
	356	Copyright (c) 2010 A. Sinan Unur
	357
	358	Copyright (c) 2006-2007 David Landgren
	359
	360	Copyright (c) 1999-2003 Joshua Chamas
	361
	362	Copyright (c) 1998 Gisle Aas
	363
	364	LICENSE
	365	This program is free software; you can redistribute it and/or modify it
	366	under the same terms as Perl itself.
	367

+244

-210

SSLeay.pm less more

1	1
2	2	use strict;
3	3	use vars '$VERSION';
4		$VERSION = '0.57';
	4	$VERSION = '0.58';
5	5
6	6	eval {
7	7	require XSLoader;

47	47
48	48	=head1 SYNOPSIS
49	49
50		lwp-request https://www.example.com
51
52		use LWP::UserAgent;
53		my $ua = LWP::UserAgent->new;
54		my $req = HTTP::Request->new('GET', 'https://www.example.com/');
55		my $res = $ua->request($req);
56		print $res->content, "\n";
	50	lwp-request https://www.example.com
	51
	52	use LWP::UserAgent;
	53	my $ua = LWP::UserAgent->new;
	54	my $response = $ua->get('https://www.example.com/');
	55	print $response->content, "\n";
57	56
58	57	=head1 DESCRIPTION
59	58
60		This document describes C<Crypt::SSLeay> version 0.57, released
61		2007-09-17.
62
63		This perl module provides support for the https protocol under LWP,
	59	This Perl module provides support for the HTTPS protocol under LWP,
64	60	to allow an C<LWP::UserAgent> object to perform GET, HEAD and POST
65	61	requests. Please see LWP for more information on POST requests.
66	62

70	66
71	67	This distribution also makes following deprecated modules available:
72	68
73		Crypt::SSLeay::CTX
74		Crypt::SSLeay::Conn
75		Crypt::SSLeay::X509
	69	Crypt::SSLeay::CTX
	70	Crypt::SSLeay::Conn
	71	Crypt::SSLeay::X509
76	72
77	73	Work on Crypt::SSLeay has been continued only to provide https
78	74	support for the LWP (libwww-perl) libraries.

82	78	The following environment variables change the way
83	79	C<Crypt::SSLeay> and C<Net::SSL> behave.
84	80
85		# proxy support
86		$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
87
88		# proxy_basic_auth
89		$ENV{HTTPS_PROXY_USERNAME} = 'username';
90		$ENV{HTTPS_PROXY_PASSWORD} = 'password';
91
92		# debugging (SSL diagnostics)
93		$ENV{HTTPS_DEBUG} = 1;
94
95		# default ssl version
96		$ENV{HTTPS_VERSION} = '3';
97
98		# client certificate support
99		$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
100		$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
101
102		# CA cert peer verification
103		$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
104		$ENV{HTTPS_CA_DIR} = 'certs/';
105
106		# Client PKCS12 cert support
107		$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
108		$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
	81	# proxy support
	82	$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
	83
	84	# proxy_basic_auth
	85	$ENV{HTTPS_PROXY_USERNAME} = 'username';
	86	$ENV{HTTPS_PROXY_PASSWORD} = 'password';
	87
	88	# debugging (SSL diagnostics)
	89	$ENV{HTTPS_DEBUG} = 1;
	90
	91	# default ssl version
	92	$ENV{HTTPS_VERSION} = '3';
	93
	94	# client certificate support
	95	$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
	96	$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
	97
	98	# CA cert peer verification
	99	$ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
	100	$ENV{HTTPS_CA_DIR} = 'certs/';
	101
	102	# Client PKCS12 cert support
	103	$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
	104	$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
109	105
110	106	=head1 INSTALL
111	107
112	108	=head2 OpenSSL
113	109
114		You must have OpenSSL or SSLeay installed before compiling
115		this module. You can get the latest OpenSSL package from:
116
117		http://www.openssl.org/
118
119		On Debian systems, you will need to install the libssl-dev package,
	110	You must have OpenSSL or SSLeay installed before compiling this module.
	111	You can get the latest OpenSSL package from
	112	L<http://www.openssl.org/>.
	113
	114	On Debian systems, you will need to install the C<libssl-dev> package,
120	115	at least for the duration of the build (it may be removed afterwards).
121	116
122		Other package-based systems may require something similar. The key
123		is that Crypt::SSLeay makes calls to the OpenSSL library, and how
124		to do so is specified in the C header files that come with the
125		library. Some systems break out the header files into a separate
126		package from that of the libraries. Once the program has been built,
127		you don't need the headers any more.
	117	Other package-based systems may require something similar. The key is
	118	that C<Crypt::SSLeay> makes calls to the OpenSSL library, and how to do
	119	so is specified in the C header files that come with the library. Some
	120	systems break out the header files into a separate package from that of
	121	the libraries. Once the program has been built, you don't need the
	122	headers any more.
128	123
129	124	When installing openssl make sure your config looks like:
130	125
131		./config --openssldir=/usr/local/openssl
132		or
133		./config --openssldir=/usr/local/ssl
	126	./config --openssldir=/usr/local/openssl
	127
	128	or
	129
	130	./config --openssldir=/usr/local/ssl
134	131
135	132	If you are planning on upgrading the default OpenSSL libraries on
136	133	a system like RedHat, (not recommended), then try something like:
137	134
138		./config --openssldir=/usr --shared
139
140		The --shared option to config will set up building the .so
	135	./config --openssldir=/usr --shared
	136
	137	The C<--shared> option to config will set up building the .so
141	138	shared libraries which is important for such systems. This is
142	139	followed by:
143	140
144		make
145		make test
146		make install
147
148		This way Crypt::SSLeay will pick up the includes and
	141	make
	142	make test
	143	make install
	144
	145	This way C<Crypt::SSLeay> will pick up the includes and
149	146	libraries automatically. If your includes end up
150		going into a separate directory like /usr/local/include,
151		then you may need to symlink /usr/local/openssl/include
152		to /usr/local/include
	147	going into a separate directory like F</usr/local/include>,
	148	then you may need to symlink F</usr/local/openssl/include>
	149	to F</usr/local/include>
153	150
154	151	=head2 Crypt::SSLeay
155	152
156	153	The latest Crypt::SSLeay can be found at your nearest CPAN,
157		as well as:
158
159		http://search.cpan.org/dist/Crypt-SSLeay/
160
161		Once you have downloaded it, Crypt::SSLeay installs easily
162		using the C<make> * commands as shown below.
163
164		perl Makefile.PL
165		make
166		make test
167		make install
168
169		* use nmake or dmake on Win32
	154	as well as L<http://search.cpan.org/dist/Crypt-SSLeay/>
	155
	156	Once you have downloaded it, Crypt::SSLeay installs easily
	157	using the C<make> * commands as shown below.
	158
	159	perl Makefile.PL
	160	make
	161	make test
	162	make install
	163
	164	On Windows systems, both Strawberry Perl and ActiveState (as a separate
	165	download via ppm) projects include a MingW based compiler distribution and
	166	C<dmake> which can be used to build both OpenSSL and C<Crypt-SSLeay>. If you
	167	have such a set up, use C<dmake> above.
170	168
171	169	For unattended (batch) installations, to be absolutely certain that
172	170	F<Makefile.PL> does not prompt for questions on STDIN, set the
173	171	following environment variable beforehand:
174	172
175		PERL_MM_USE_DEFAULT=1
	173	PERL_MM_USE_DEFAULT=1
176	174
177	175	(This is true for any CPAN module that uses C<ExtUtils::MakeMaker>).
178	176
	177	To skip live tests, you can use
	178
	179	perl Makefile.PL --no-live-tests
	180
	181	and to force live tests, you can use
	182
	183	perl Makefile.PL --live-tests
	184
179	185	=head3 Windows
180	186
181	187	C<Crypt::SSLeay> builds correctly with Strawberry Perl.
182	188
183		For Activestate users, the ActiveState company does not have a
	189	For ActiveState Perl users, the ActiveState company does not have a
184	190	permit from the Canadian Federal Government to distribute cryptographic
185		software. This prevents C<Crypt::SSLeay> from being distributed as
186		a PPM package from their repository. See
	191	software. This prevents C<Crypt::SSLeay> from being distributed as a PPM
	192	package from their repository. See
187	193	L<http://aspn.activestate.com/ASPN/docs/ActivePerl/5.8/faq/ActivePerl-faq2.html#crypto_packages>
188	194	for more information on this issue.
189	195
190	196	You may download it from Randy Kobes's PPM repository by using
191	197	the following command:
192	198
193		ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd
	199	ppm install http://theoryx5.uwinnipeg.ca/ppms/Crypt-SSLeay.ppd
194	200
195	201	An alternative is to add the uwinnipeg.ca PPM repository to your
196	202	local installation. See L<http://cpan.uwinnipeg.ca/htdocs/faqs/ppm.html>

199	205	=head3 VMS
200	206
201	207	It is assumed that the OpenSSL installation is located at
202		C</ssl$root>. Define this logical to point to the appropriate
	208	F</ssl$root>. Define this logical to point to the appropriate
203	209	place in the filesystem.
204	210
205	211	=head1 PROXY SUPPORT
206	212
207		LWP::UserAgent and Crypt::SSLeay have their own versions of
	213	L<LWP::UserAgent> and L<Crypt::SSLeay> have their own versions of
208	214	proxy support. Please read these sections to see which one
209	215	is appropriate.
210	216
211	217	=head2 LWP::UserAgent proxy support
212	218
213		LWP::UserAgent has its own methods of proxying which may work for
214		you and is likely to be incompatible with Crypt::SSLeay proxy support.
215		To use LWP::UserAgent proxy support, try something like:
216
217		my $ua = new LWP::UserAgent;
218		$ua->proxy([qw( https http )], "$proxy_ip:$proxy_port");
219
220		At the time of this writing, libwww v5.6 seems to proxy https
221		requests fine with an Apache mod_proxy server. It sends a line like:
222
223		GET https://www.example.com HTTP/1.1
224
225		to the proxy server, which is not the CONNECT request that
226		some proxies would expect, so this may not work with other
227		proxy servers than mod_proxy. The CONNECT method is used
228		by Crypt::SSLeay's internal proxy support.
	219	C<LWP::UserAgent> has its own methods of proxying which may work for you
	220	and is likely to be incompatible with C<Crypt::SSLeay> proxy support.
	221	To use C<LWP::UserAgent> proxy support, try something like:
	222
	223	my $ua = LWP::UserAgent->new;
	224	$ua->proxy([qw( https http )], "$proxy_ip:$proxy_port");
	225
	226	At the time of this writing, libwww v5.6 seems to proxy https requests
	227	fine with an Apache F<mod_proxy> server. It sends a line like:
	228
	229	GET https://www.example.com HTTP/1.1
	230
	231	to the proxy server, which is not the C<CONNECT> request that some
	232	proxies would expect, so this may not work with other proxy servers than
	233	F<mod_proxy>. The C<CONNECT> method is used by C<Crypt::SSLeay>'s
	234	internal proxy support.
229	235
230	236	=head2 Crypt::SSLeay proxy support
231	237
232		For native Crypt::SSLeay proxy support of https requests,
233		you need to set the environment variable C<HTTPS_PROXY> to your
	238	For native C<Crypt::SSLeay> proxy support of https requests,
	239	you need to set the environment variable C<HTTPS_PROXY> to your
234	240	proxy server and port, as in:
235	241
236		# proxy support
237		$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
238		$ENV{HTTPS_PROXY} = '127.0.0.1:8080';
239
240		Use of the C<HTTPS_PROXY> environment variable in this way
	242	# proxy support
	243	$ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
	244	$ENV{HTTPS_PROXY} = '127.0.0.1:8080';
	245
	246	Use of the C<HTTPS_PROXY> environment variable in this way
241	247	is similar to C<LWP::UserAgent->env_proxy()> usage, but calling
242		that method will likely override or break the Crypt::SSLeay
	248	that method will likely override or break the C<Crypt::SSLeay>
243	249	support, so do not mix the two.
244	250
245		Basic auth credentials to the proxy server can be provided
	251	Basic auth credentials to the proxy server can be provided
246	252	this way:
247	253
248		# proxy_basic_auth
249		$ENV{HTTPS_PROXY_USERNAME} = 'username';
250		$ENV{HTTPS_PROXY_PASSWORD} = 'password';
	254	# proxy_basic_auth
	255	$ENV{HTTPS_PROXY_USERNAME} = 'username';
	256	$ENV{HTTPS_PROXY_PASSWORD} = 'password';
251	257
252	258	For an example of LWP scripting with C<Crypt::SSLeay> native proxy
253		support, please look at the F<eg/lwp-ssl-test> script in the
	259	support, please look at the F<eg/lwp-ssl-test> script in the
254	260	C<Crypt::SSLeay> distribution.
255	261
256	262	=head1 CLIENT CERTIFICATE SUPPORT
257	263
258		Client certificates are supported. PEM0encoded certificate and
	264	Client certificates are supported. PEM encoded certificate and
259	265	private key files may be used like this:
260	266
261		$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
262		$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
	267	$ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
	268	$ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
263	269
264	270	You may test your files with the F<eg/net-ssl-test> program,
265	271	bundled with the distribution, by issuing a command like:
266	272
267		perl eg/net-ssl-test -cert=certs/notacacert.pem \
268		-key=certs/notacakeynopass.pem -d GET $HOST_NAME
	273	perl eg/net-ssl-test -cert=certs/notacacert.pem \
	274	-key=certs/notacakeynopass.pem -d GET $HOST_NAME
269	275
270	276	Additionally, if you would like to tell the client where
271	277	the CA file is, you may set these.
272	278
273		$ENV{HTTPS_CA_FILE} = "some_file";
274		$ENV{HTTPS_CA_DIR} = "some_dir";
	279	$ENV{HTTPS_CA_FILE} = "some_file";
	280	$ENV{HTTPS_CA_DIR} = "some_dir";
	281
	282	Note that, if specified, C<$ENV{HTTPS_CA_FILE}> must point to the actual
	283	certificate file. That is, C<$ENV{HTTPS_CA_DIR}> is not the path were
	284	C<$ENV{HTTPS_CA_FILE}> is located.
	285
	286	For certificates in C<$ENV{HTTPS_CA_DIR}> to be picked up, follow the
	287	instructions on
	288	L<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>
275	289
276	290	There is no sample CA cert file at this time for testing,
277	291	but you may configure F<eg/net-ssl-test> to use your CA cert
278		with the -CAfile option. (TODO: then what is the ./certs
	292	with the -CAfile option. (TODO: then what is the F<./certs>
279	293	directory in the distribution?)
280	294
281	295	=head2 Creating a test certificate

283	297	To create simple test certificates with OpenSSL, you may
284	298	run the following command:
285	299
286		openssl req -config /usr/local/openssl/openssl.cnf \
287		-new -days 365 -newkey rsa:1024 -x509 \
288		-keyout notacakey.pem -out notacacert.pem
	300	openssl req -config /usr/local/openssl/openssl.cnf \
	301	-new -days 365 -newkey rsa:1024 -x509 \
	302	-keyout notacakey.pem -out notacacert.pem
289	303
290	304	To remove the pass phrase from the key file, run:
291	305
292		openssl rsa -in notacakey.pem -out notacakeynopass.pem
	306	openssl rsa -in notacakey.pem -out notacakeynopass.pem
293	307
294	308	=head2 PKCS12 support
295	309
296	310	The directives for enabling use of PKCS12 certificates is:
297	311
298		$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
299		$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
	312	$ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
	313	$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
300	314
301	315	Use of this type of certificate takes precedence over previous
302	316	certificate settings described. (TODO: unclear? Meaning "the
303		presence of this type of certificate??)
	317	presence of this type of certificate"?)
304	318
305	319	=head1 SSL versions
306	320
307		Crypt::SSLeay tries very hard to connect to I<any> SSL web server
308		accomodating servers that are buggy, old or simply
309		not standards-compliant. To this effect, this module will
310		try SSL connections in this order:
311
312		SSL v23 - should allow v2 and v3 servers to pick their best type
313		SSL v3 - best connection type
314		SSL v2 - old connection type
315
316		Unfortunately, some servers seem not to handle a reconnect
317		to SSL v3 after a failed connect of SSL v23 is tried,
318		so you may set before using LWP or Net::SSL:
319
320		$ENV{HTTPS_VERSION} = 3;
	321	C<Crypt::SSLeay> tries very hard to connect to I<any> SSL web server
	322	accomodating servers that are buggy, old or simply not
	323	standards-compliant. To this effect, this module will try SSL
	324	connections in this order:
	325
	326	=over 4
	327
	328	=item SSL v23
	329
	330	should allow v2 and v3 servers to pick their best type
	331
	332	=item SSL v3
	333
	334	best connection type
	335
	336	=item SSL v2
	337
	338	old connection type
	339
	340	=back
	341
	342	Unfortunately, some servers seem not to handle a reconnect to SSL v3 after a
	343	failed connect of SSL v23 is tried, so you may set before using LWP or
	344	Net::SSL:
	345
	346	$ENV{HTTPS_VERSION} = 3;
321	347
322	348	to force a version 3 SSL connection first. At this time only a
323	349	version 2 SSL connection will be tried after this, as the connection

325	351
326	352	=head1 ACKNOWLEDGEMENTS
327	353
328		Many thanks to Gisle Aas for writing this module and many others
329		including libwww, for perl. The web will never be the same :)
330
331		Ben Laurie deserves kudos for his excellent patches for better error
	354	Many thanks to the following individuals who helped improve
	355	C<Crypt-SSLeay>:
	356
	357	I<Gisle Aas> for writing this module and many others including libwww, for
	358	perl. The web will never be the same :)
	359
	360	I<Ben Laurie> deserves kudos for his excellent patches for better error
332	361	handling, SSL information inspection, and random seeding.
333	362
334		Thanks to Dongqiang Bai for host name resolution fix when using a
335		proxy.
336
337		Thanks to Stuart Horner of Core Communications, Inc. who found the
338		need for building --shared OpenSSL libraries.
339
340		Thanks to Pavel Hlavnicka for a patch for freeing memory when using
341		a pkcs12 file, and for inspiring more robust read() behavior.
342
343		James Woodyatt is a champ for finding a ridiculous memory leak that
	363	I<Dongqiang Bai> for host name resolution fix when using a proxy.
	364
	365	I<Stuart Horner> of Core Communications, Inc. who found the need for
	366	building C<--shared> OpenSSL libraries.
	367
	368	I<Pavel Hlavnicka> for a patch for freeing memory when using a pkcs12
	369	file, and for inspiring more robust C<read()> behavior.
	370
	371	I<James Woodyatt> is a champ for finding a ridiculous memory leak that
344	372	has been the bane of many a Crypt::SSLeay user.
345	373
346		Thanks to Bryan Hart for his patch adding proxy support,
347		and thanks to Tobias Manthey for submitting another approach.
348
349		Thanks to Alex Rhomberg for Alpha linux ccc patch.
350
351		Thanks to Tobias Manthey for his patches for client certificate
352		support.
353
354		Thanks to Daisuke Kuroda for adding PKCS12 certificate support.
355
356		Thanks to Gamid Isayev for CA cert support and insights into error
357		messaging.
358
359		Thanks to Jeff Long for working through a tricky CA cert SSLClientVerify
360		issue.
361
362		Thanks to Chip Turner for patch to build under perl 5.8.0.
363
364		Thanks to Joshua Chamas for the time he spent maintaining the
365		module.
366
367		Thanks to Jeff Lavallee for help with alarms on read failures (CPAN
368		bug #12444).
369
370		Thanks to Guenter Knauf for significant improvements in configuring
371		things in Win32 and Netware lands and Jan Dubois for various
372		suggestions for improvements.
	374	I<Bryan Hart> for his patch adding proxy support, and thanks to I<Tobias
	375	Manthey> for submitting another approach.
	376
	377	I<Alex Rhomberg> for Alpha linux ccc patch.
	378
	379	I<Tobias Manthey> for his patches for client certificate support.
	380
	381	I<Daisuke Kuroda> for adding PKCS12 certificate support.
	382
	383	I<Gamid Isayev> for CA cert support and insights into error messaging.
	384
	385	I<Jeff Long> for working through a tricky CA cert SSLClientVerify issue.
	386
	387	I<Chip Turner> for a patch to build under perl 5.8.0.
	388
	389	I<Joshua Chamas> for the time he spent maintaining the module.
	390
	391	I<Jeff Lavallee> for help with alarms on read failures (CPAN bug #12444).
	392
	393	I<Guenter Knauf> for significant improvements in configuring things in
	394	Win32 and Netware lands and Jan Dubois for various suggestions for
	395	improvements.
	396
	397	and I<many others> who provided bug reports, suggestions, fixes and
	398	patches.
373	399
374	400	=head1 SEE ALSO
375	401

377	403
378	404	=item Net::SSL
379	405
380		If you have downloaded this distribution as of a dependency
381		of another distribution, it's probably due to this module
382		(which is included in this distribution).
	406	If you have downloaded this distribution as of a dependency of another
	407	distribution, it's probably due to this module (which is included in
	408	this distribution).
383	409
384	410	=item Net::SSLeay
385	411
386		A module that offers access to the OpenSSL API directly from Perl.
387
388		http://search.cpan.org/dist/Net_SSLeay.pm/
389
390		=item http://www.openssl.org/related/binaries.html
391
392		Pointers on where to find OpenSSL binary packages (Windows).
	412	L<Net::SSLeay\|Net::SSLeay> provides access to the OpenSSL API directly
	413	from Perl. See L<http://search.cpan.org/dist/Net-SSLeay/>.
	414
	415	=item OpenSSL binary packages for Windows
	416
	417	See L<http://www.openssl.org/related/binaries.html>.
393	418
394	419	=back
395	420
396	421	=head1 SUPPORT
397	422
398		For use of Crypt::SSLeay & Net::SSL with perl's LWP, please
399		send email to C<libwww@perl.org>.
400
401		For OpenSSL or general SSL support please email the
402		openssl user mailing list at C<openssl-users@openssl.org>.
403		This includes issues associated with building and installing
404		OpenSSL on one's system.
	423	For use of Crypt::SSLeay & Net::SSL with Perl's LWP, please
	424	send email to L<libwww@perl.org\|mailto:libwww@perl.org>.
	425
	426	For OpenSSL or general SSL support, including issues associated with
	427	building and installing OpenSSL on your system, please email the OpenSSL
	428	users mailing list at
	429	L<openssl-users@openssl.org\|mailto:openssl-users@openssl.org>. See
	430	L<http://www.openssl.org/support/community.html> for other mailing lists
	431	and archives.
405	432
406	433	Please report all bugs at
407		L<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay>.
	434	L<"http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay">.
	435
	436	=head1 AUTHORS
408	437
409	438	This module was originally written by Gisle Aas, and was subsequently
410		maintained by Joshua Chamas. It is currently maintained by David
411		Landgren.
	439	maintained by Joshua Chamas, David Landgren, brian d foy and Sinan Unur.
412	440
413	441	=head1 COPYRIGHT
414	442
415		Copyright (c) 2006-2007 David Landgren.
416		Copyright (c) 1999-2003 Joshua Chamas.
417		Copyright (c) 1998 Gisle Aas.
418
419		This program is free software; you can redistribute
420		it and/or modify it under the same terms as Perl itself.
	443	Copyright (c) 2010 A. Sinan Unur
	444
	445	Copyright (c) 2006-2007 David Landgren
	446
	447	Copyright (c) 1999-2003 Joshua Chamas
	448
	449	Copyright (c) 1998 Gisle Aas
	450
	451	=head1 LICENSE
	452
	453	This program is free software; you can redistribute it and/or modify it
	454	under the same terms as Perl itself.
421	455
422	456	=cut

-1

SSLeay.xs less more

41	41
42	42	static void InfoCallback(const SSL *s,int where,int ret)
43	43	{
44		char *str;
	44	const char *str;
45	45	int w;
46	46
47	47	w = where & ~SSL_ST_MASK;

-11

TODO less more

0	0	TODO for Crypt::SSLeay
1	1
2		1. Clear out the remaining CPAN bugs.
	2	1. Look at the modules that use Crypt::SSLeay, and see if any useful tests can
	3	be created to test functionality they depend on.
3	4
4		2. Possible typo?
5
6		=head1 CLIENT CERTIFICATE SUPPORT
7
8		Client certificates are supported. PEM0encoded certificate and
9
10		-> should this read "PEM-encoded"? Check backpan.
11
12		3. Look at the modules that use Crypt::SSLeay, and see if any
13		useful tests can be created to test functionality they depend on.
	5	2. Threading support (bug #41007 and more).

-0

certs/notacacert.pem less more

(No changes)

-0

certs/notacakeynopass.pem less more

(No changes)

-0

eg/lwp-ssl-test less more

(No changes)

+15

-15

eg/net-ssl-test less more

0	0	#!/usr/bin/perl
1	1
2	2	use strict;
3		use vars qw($opt_p $opt_n $opt_bench $opt_debug $opt_version
	3	use vars qw($opt_p $opt_n $opt_bench $opt_debug $opt_version
4	4	$opt_v $opt_help
5	5	$opt_cert $opt_key $opt_cafile $opt_cadir
6	6	);

10	10	use Benchmark;
11	11
12	12	use Getopt::Long;
13		&GetOptions ('p:s' => \$opt_p,
14		'proxy:s' => \$opt_p,
15		'bench:n' => $opt_bench,
	13	&GetOptions ('p:s' => \$opt_p,
	14	'proxy:s' => \$opt_p,
	15	'bench:n' => \$opt_bench,
16	16	'd' => \$opt_debug,
17	17	'version:i' => \$opt_version,
18	18	'v:i' => \$opt_version,

28	28
29	29	# define sub first, in case you are reading the source :)
30	30	sub help {
31
	31
32	32	print <<HELP;
33	33	Usage: $basename [-d] [-b=NNN] [-h] [-p proxy_name:port] [-CAfile=FILE] [GET\|HEAD] [ssl_server_name] [port]
34	34

40	40	-cert client certificate file
41	41	-key private key file
42	42
43		-CAfile CA certificates file, use certs/ca-bundle.crt for primary root certs
44
	43	-CAfile CA certificates file, use certs/ca-bundle.crt for primary root certs
	44
45	45	method defaults to HEAD
46	46	ssl_server_name defaults to www.nodeworks.com
47	47	port defaults to 443
48	48
49	49	These are equivalent:
50
	50
51	51	./net_ssl_test
52	52	./net_ssl_test HEAD www.nodeworks.com 443
53	53

55	55
56	56	./net_ssl_test -d -p http://proxy_name:80 www.nodeworks.com
57	57
58		Note http:// on proxy hostname is stripped off, and is
	58	Note http:// on proxy hostname is stripped off, and is
59	59	meaningless to Crypt::SSLeay.
60	60
61	61	HELP

79	79	$host = shift \|\| "www.nodeworks.com";
80	80	}
81	81	if($host =~ m\|^(https://)?([^/:]+)(:(\d+))?(/.*)?$\|) {
82		($host, $port, $path) = ($2, $4, $5);
	82	($host, $port, $path) = ($2, $4, $5);
83	83	}
84	84
85	85	$port \|\|= shift \|\| 443;

105	105	unless(eval { &ssl_connect() }) {
106	106	print <<OUT;
107	107	== FAILED TO CONNECT ==
108		Error: $@
	108	Error: $@
109	109
110		If you need to use a proxy, please pass it in as an argument like
	110	If you need to use a proxy, please pass it in as an argument like
111	111
112	112	./net_ssl_test -p 127.0.0.1:8080
113	113

118	118	}
119	119
120	120	if($opt_bench) {
121		timethis($opt_bench, sub { &ssl_connect() });
	121	timethis($opt_bench, sub { &ssl_connect() });
122	122	}
123
	123
124	124
125	125	sub ssl_connect {
126	126	my $sock = Net::SSL->new(

132	132	$sock \|\| ($@ \|\|= "no Net::SSL connection established");
133	133	my $error = $@;
134	134	$error && die("Can't connect to $host:$port; $error; $!");
135
	135
136	136	my $out;
137	137	$out .= "WEB SITE : $host:$port\n";
138	138	$out .= "CIPHER : ".$sock->get_cipher."\n";

+44

-12

lib/Net/SSL.pm less more

5	5	use Carp;
6	6
7	7	use vars qw(@ISA $VERSION $NEW_ARGS);
8		$VERSION = '2.84';
	8	$VERSION = '2.85';
9	9
10	10	require IO::Socket;
11	11	@ISA=qw(IO::Socket::INET);

105	105	}
106	106	}
107	107	else {
108		*$self->{io_socket_peername}=@_ == 1 ? $_[0] : IO::Socket::sockaddr_in(@_);
	108	*$self->{io_socket_peername}=@_ == 1 ? $_[0] : IO::Socket::sockaddr_in(@_);
109	109	if(!$self->SUPER::connect(@_)) {
110	110	# better to die than return here
111	111	$@ = "Connect failed: $@; $!";

132	132	if (not defined $rv or $rv <= 0) {
133	133	_alarm_set(0);
134	134	$ssl = undef;
135		my %args = (%$new_arg, %$arg);
	135	# See RT #59312
	136	my %args = (%$arg, %$new_arg);
136	137	if(*$self->{ssl_version} == 23) {
137	138	$args{SSL_Version} = 3;
138	139	# the new connect might itself be overridden with a REAL SSL

168	169	}
169	170
170	171	# Delegate these calls to the Crypt::SSLeay::Conn object
171		sub get_peer_certificate {
	172	sub get_peer_certificate {
172	173	my $self = shift;
173	174	$self = $REAL{$self} \|\| $self;
174	175	*$self->{ssl_ssl}->get_peer_certificate(@_);

180	181	*$self->{ssl_peer_verify};
181	182	}
182	183
183		sub get_shared_ciphers {
	184	sub get_shared_ciphers {
184	185	my $self = shift;
185	186	$self = $REAL{$self} \|\| $self;
186	187	*$self->{ssl_ssl}->get_shared_ciphers(@_);
187	188	}
188	189
189		sub get_cipher {
	190	sub get_cipher {
190	191	my $self = shift;
191	192	$self = $REAL{$self} \|\| $self;
192	193	*$self->{ssl_ssl}->get_cipher(@_);

310	311
311	312	my $proxy_addr = gethostbyname($proxy_host);
312	313	$proxy_addr \|\| croak("can't resolve proxy server name: $proxy_host, $!");
313
	314
314	315	my($peer_port, $peer_addr) = ($self->{ssl_peer_port}, $self->{ssl_peer_addr});
315	316	$peer_addr \|\| croak("no peer addr given");
316	317	$peer_port \|\| croak("no peer port given");

331	332	\|\| croak("proxy connect to $proxy_host:$proxy_port failed: $!");
332	333	}
333	334	else {
334		$self->SUPER::connect($peer_port, $peer_addr)
	335	# see RT #57836
	336	my $peer_addr_packed = gethostbyname($peer_addr);
	337	$self->SUPER::connect($peer_port, $peer_addr_packed)
335	338	\|\| croak("proxy bypass to $peer_addr:$peer_addr failed: $!");
336	339	}
337	340

341	344	my $pass = $ENV{"HTTPS_PROXY_PASSWORD"};
342	345
343	346	my $credentials = encode_base64("$user:$pass", "");
344		$connect_string = join($CRLF,
	347	$connect_string = join($CRLF,
345	348	"CONNECT $peer_addr:$peer_port HTTP/1.0",
346	349	"Proxy-authorization: Basic $credentials"
347	350	);

360	363
361	364	$connect_string .= $CRLF;
362	365	$self->SUPER::send($connect_string);
363		my $header;
364		my $n = $self->SUPER::sysread($header, 8192);
	366
	367	my $timeout;
	368	my $header = '';
	369	# See RT #33954
	370	while ( $header !~ m{HTTP/\d+\.\d+\s+200\s+.*$CRLF$CRLF}s ) {
	371	$timeout = $self->timeout(5) unless length $header;
	372	my $n = $self->SUPER::sysread($header, 8192, length $header);
	373	last if $n <= 0;
	374	}
	375
	376	$self->timeout($timeout) if defined $timeout;
365	377	my $conn_ok = ($header =~ /HTTP\/\d+\.\d+\s+200\s+/is) ? 1 : 0;
366	378
367	379	if (not $conn_ok) {

372	384	}
373	385
374	386	# code adapted from LWP::UserAgent, with $ua->env_proxy API
	387	# see also RT #57836
375	388	sub proxy {
	389	my $self = shift;
376	390	my $proxy_server = $ENV{HTTPS_PROXY} \|\| $ENV{https_proxy};
377	391	return unless $proxy_server;
	392
	393	my($peer_port, $peer_addr) = (
	394	*$self->{ssl_peer_port},
	395	*$self->{ssl_peer_addr}
	396	);
	397	$peer_addr \|\| croak("no peer addr given");
	398	$peer_port \|\| croak("no peer port given");
	399
	400	# see if the proxy should be bypassed
	401	my @no_proxy = split( /\s,\s/,
	402	$ENV{NO_PROXY} \|\| $ENV{no_proxy} \|\| ''
	403	);
	404	my $is_proxied = 1;
	405	for my $domain (@no_proxy) {
	406	if ($peer_addr =~ /\Q$domain\E\z/) {
	407	return;
	408	}
	409	}
378	410
379	411	$proxy_server =~ s\|\Ahttps?://\|\|i;
380	412	$proxy_server;

414	446	croak("Private key and certificate do not match");
415	447	}
416	448	}
417
	449
418	450	$count; # number of successful cert loads/checks
419	451	}
420	452

-0

t/01-connect.t less more

19	19	my $fail = $@;
20	20	if ($fail =~ /\AConnect failed: connect: \b/i) {
21	21	pass( "$test_name - expected failure" );
	22	}
	23	elsif ($fail =~ /\ASSL negotiation failed:/i) {
	24	pass( "$test_name - expected failure (443 in use)" );
22	25	}
23	26	else {
24	27	fail( "$test_name" );