Merge commit 'upstream/0.8'
Dominic Hargreaves
12 years ago
| 0 | 0.8 2011/07/17 | |
| 1 | fixed wrong position for include encode_base64 and uri_unescape in *::LWP. | |
| 2 | Thanks to mtelle[AT]kamp-dsl[DOT]de for reporting | |
| 3 | ||
| 4 | 0.7 2011/05/27 | |
| 5 | strip port from host/ip for name verification in Net::SSLGlue::SMTP | |
| 6 | ||
| 7 | 0.6 2011/05/02 | |
| 8 | fixed english, thanks to dom, https://rt.cpan.org/Ticket/Display.html?id=46284 | |
| 9 | ||
| 0 | 10 | 0.5 2011/02/03 |
| 1 | 11 | documentation fixes: http://rt.cpan.org/Ticket/Display.html?id=65258 |
| 2 | 12 |
| 0 | 0 | --- #YAML:1.0 |
| 1 | 1 | name: Net-SSLGlue |
| 2 | version: 0.5 | |
| 2 | version: 0.8 | |
| 3 | 3 | abstract: ~ |
| 4 | 4 | author: [] |
| 5 | 5 | license: unknown |
| 14 | 14 | directory: |
| 15 | 15 | - t |
| 16 | 16 | - inc |
| 17 | generated_by: ExtUtils::MakeMaker version 6.54 | |
| 17 | generated_by: ExtUtils::MakeMaker version 6.55_02 | |
| 18 | 18 | meta-spec: |
| 19 | 19 | url: http://module-build.sourceforge.net/META-spec-v1.4.html |
| 20 | 20 | version: 1.4 |
| 42 | 42 | L<Net::SSLGlue::LDAP> modifies L<Net::LDAP> so that it does proper certificate |
| 43 | 43 | checking using the C<ldap> SSL_verify_scheme from L<IO::Socket::SSL>. |
| 44 | 44 | |
| 45 | Because L<Net::LDAP> does not have a mechanism to forward arbitrary parameter for | |
| 45 | Because L<Net::LDAP> does not have a mechanism to forward arbitrary parameters for | |
| 46 | 46 | the construction of the underlying socket these parameters can be set globally |
| 47 | when including the package or with local settings of the | |
| 47 | when including the package, or with local settings of the | |
| 48 | 48 | C<%Net::SSLGlue::LDAP::SSLopts> variable. |
| 49 | 49 | |
| 50 | All of the C<SSL_*> parameter from L<IO::Socket::SSL> can be used, especially | |
| 51 | the following parameter is useful: | |
| 50 | All of the C<SSL_*> parameters from L<IO::Socket::SSL> can be used; the | |
| 51 | following parameter is especially useful: | |
| 52 | 52 | |
| 53 | 53 | =over 4 |
| 54 | 54 | |
| 56 | 56 | |
| 57 | 57 | Usually the name given as the hostname in the constructor is used to verify the |
| 58 | 58 | identity of the certificate. If you want to check the certificate against |
| 59 | another name you might specify it with this parameter. | |
| 59 | another name you can specify it with this parameter. | |
| 60 | 60 | |
| 61 | 61 | =back |
| 62 | 62 | |
| 0 | 0 | use strict; |
| 1 | 1 | use warnings; |
| 2 | 2 | package Net::SSLGlue::LWP; |
| 3 | our $VERSION = 0.3; | |
| 3 | our $VERSION = 0.4; | |
| 4 | 4 | use LWP::UserAgent '5.822'; |
| 5 | 5 | use IO::Socket::SSL 1.19; |
| 6 | use URI::Escape 'uri_unescape'; | |
| 7 | use MIME::Base64 'encode_base64'; | |
| 8 | 6 | use URI; |
| 9 | 7 | |
| 10 | 8 | # force Net::SSLGlue::LWP::Socket as superclass of Net::HTTPS, because |
| 66 | 64 | use IO::Socket::SSL; |
| 67 | 65 | use base 'IO::Socket::SSL'; |
| 68 | 66 | my $sockclass = 'IO::Socket::INET'; |
| 67 | use URI::Escape 'uri_unescape'; | |
| 68 | use MIME::Base64 'encode_base64'; | |
| 69 | 69 | $sockclass .= '6' if eval "require IO::Socket::INET6"; |
| 70 | 70 | |
| 71 | 71 | sub configure { |
| 159 | 159 | =head1 DESCRIPTION |
| 160 | 160 | |
| 161 | 161 | L<Net::SSLGlue::LWP> modifies L<Net::HTTPS> and L<LWP::Protocol::https> so that |
| 162 | L<Net::HTTPS> is forced to use L<IO::Socket::SSL> instead of L<Crypt::SSLeay> | |
| 162 | L<Net::HTTPS> is forced to use L<IO::Socket::SSL> instead of L<Crypt::SSLeay>, | |
| 163 | 163 | and that L<LWP::Protocol::https> does proper certificate checking using the |
| 164 | 164 | C<http> SSL_verify_scheme from L<IO::Socket::SSL>. |
| 165 | 165 | |
| 166 | Because L<LWP> does not have a mechanism to forward arbitrary parameter for | |
| 166 | Because L<LWP> does not have a mechanism to forward arbitrary parameters for | |
| 167 | 167 | the construction of the underlying socket these parameters can be set globally |
| 168 | when including the package or with local settings of the | |
| 168 | when including the package, or with local settings of the | |
| 169 | 169 | C<%Net::SSLGlue::LWP::SSLopts> variable. |
| 170 | 170 | |
| 171 | All of the C<SSL_*> parameter from L<IO::Socket::SSL> can be used, especially | |
| 172 | the following parameters are useful: | |
| 171 | All of the C<SSL_*> parameter from L<IO::Socket::SSL> can be used; the | |
| 172 | following parameters are especially useful: | |
| 173 | 173 | |
| 174 | 174 | =over 4 |
| 175 | 175 | |
| 176 | 176 | =item SSL_ca_path, SSL_ca_file |
| 177 | 177 | |
| 178 | 178 | Specifies the path or a file where the CAs used for checking the certificates |
| 179 | are located. Typical for UNIX systems is L</etc/ssl/certs>. | |
| 179 | are located. This is typically L</etc/ssl/certs> on UNIX systems. | |
| 180 | 180 | |
| 181 | 181 | =item SSL_verify_mode |
| 182 | 182 | |
| 183 | If set to 0 disabled verification of the certificate. By default it is 1 which | |
| 184 | means, that the peer certificate is checked. | |
| 183 | If set to 0, verification of the certificate will be disabled. By default | |
| 184 | it is set to 1 which means that the peer certificate is checked. | |
| 185 | 185 | |
| 186 | 186 | =item SSL_verifycn_name |
| 187 | 187 | |
| 188 | 188 | Usually the name given as the hostname in the constructor is used to verify the |
| 189 | 189 | identity of the certificate. If you want to check the certificate against |
| 190 | another name you might specify it with this parameter. | |
| 190 | another name you can specify it with this parameter. | |
| 191 | 191 | |
| 192 | 192 | =back |
| 193 | 193 | |
| 3 | 3 | package Net::SSLGlue::SMTP; |
| 4 | 4 | use IO::Socket::SSL 1.19; |
| 5 | 5 | use Net::SMTP; |
| 6 | our $VERSION = 0.5; | |
| 6 | our $VERSION = 0.7; | |
| 7 | 7 | |
| 8 | 8 | ############################################################################## |
| 9 | 9 | # mix starttls method into Net::SMTP which on SSL handshake success |
| 12 | 12 | sub Net::SMTP::starttls { |
| 13 | 13 | my $self = shift; |
| 14 | 14 | $self->_STARTTLS or return; |
| 15 | my $host = ${*$self}{net_smtp_host}; | |
| 16 | # for name verification strip port from domain:port, ipv4:port, [ipv6]:port | |
| 17 | $host =~s{^(?:[^:]+|.+\])\:(\d+)$}{}; | |
| 18 | ||
| 15 | 19 | Net::SMTP::_SSLified->start_SSL( $self, |
| 16 | 20 | SSL_verify_mode => 1, |
| 17 | 21 | SSL_verifycn_scheme => 'smtp', |
| 18 | SSL_verifycn_name => ${*$self}{net_smtp_host}, | |
| 22 | SSL_verifycn_name => $host, | |
| 19 | 23 | @_ |
| 20 | 24 | ); |
| 21 | 25 | } |
| 120 | 124 | |
| 121 | 125 | =head1 DESCRIPTION |
| 122 | 126 | |
| 123 | L<Net::SSLGlue::SMTP> expands L<Net::SMTP> so one can either start directly with SSL | |
| 127 | L<Net::SSLGlue::SMTP> extends L<Net::SMTP> so one can either start directly with SSL | |
| 124 | 128 | or switch later to SSL using the STARTTLS command. |
| 125 | 129 | |
| 126 | By default it will take care to verfify the certificate according to the rules | |
| 130 | By default it will take care to verify the certificate according to the rules | |
| 127 | 131 | for SMTP implemented in L<IO::Socket::SSL>. |
| 128 | 132 | |
| 129 | 133 | =head1 METHODS |
| 152 | 156 | =back |
| 153 | 157 | |
| 154 | 158 | All of these methods can take the C<SSL_*> parameter from L<IO::Socket::SSL> to |
| 155 | change the behavior of the SSL connection. Especially the following parameter | |
| 156 | are useful: | |
| 159 | change the behavior of the SSL connection. The following parameters are | |
| 160 | especially useful: | |
| 157 | 161 | |
| 158 | 162 | =over 4 |
| 159 | 163 | |
| 160 | 164 | =item SSL_ca_path, SSL_ca_file |
| 161 | 165 | |
| 162 | 166 | Specifies the path or a file where the CAs used for checking the certificates |
| 163 | are located. Typical for UNIX systems is L</etc/ssl/certs>. | |
| 167 | are located. This is typically L</etc/ssl/certs> on UNIX systems. | |
| 164 | 168 | |
| 165 | 169 | =item SSL_verify_mode |
| 166 | 170 | |
| 167 | If set to 0 disabled verification of the certificate. By default it is 1 which | |
| 168 | means, that the peer certificate is checked. | |
| 171 | If set to 0, verification of the certificate will be disabled. By default | |
| 172 | it is set to 1 which means that the peer certificate is checked. | |
| 169 | 173 | |
| 170 | 174 | =item SSL_verifycn_name |
| 171 | 175 | |
| 172 | 176 | Usually the name given as the hostname in the constructor is used to verify the |
| 173 | 177 | identity of the certificate. If you want to check the certificate against |
| 174 | another name you might specify it with this parameter. | |
| 178 | another name you can specify it with this parameter. | |
| 175 | 179 | |
| 176 | 180 | =back |
| 177 | 181 | |
| 0 | 0 | package Net::SSLGlue; |
| 1 | our $VERSION = 0.5; | |
| 1 | our $VERSION = 0.8; | |
| 2 | 2 | |
| 3 | 3 | =head1 NAME |
| 4 | 4 | |
| 7 | 7 | =head1 DESCRIPTION |
| 8 | 8 | |
| 9 | 9 | Some commonly used perl modules don't have SSL support at all, even if the |
| 10 | protocol would support it. Others have SSL support, but most of them don't do | |
| 11 | proper checking of the servers certificate. | |
| 10 | protocol supports it. Others have SSL support, but most of them don't do | |
| 11 | proper checking of the server's certificate. | |
| 12 | 12 | |
| 13 | The C<Net::SSLGlue::*> modules try to add SSL support or proper certificate to | |
| 14 | these modules. Currently is support for the following modules available: | |
| 13 | The C<Net::SSLGlue::*> modules try to add SSL support or proper certificate | |
| 14 | checking to these modules. Currently support for the following modules is | |
| 15 | available: | |
| 15 | 16 | |
| 16 | 17 | =over 4 |
| 17 | 18 | |