Merge commit 'upstream/0.8'
Dominic Hargreaves
12 years ago
0 | 0.8 2011/07/17 | |
1 | fixed wrong position for include encode_base64 and uri_unescape in *::LWP. | |
2 | Thanks to mtelle[AT]kamp-dsl[DOT]de for reporting | |
3 | ||
4 | 0.7 2011/05/27 | |
5 | strip port from host/ip for name verification in Net::SSLGlue::SMTP | |
6 | ||
7 | 0.6 2011/05/02 | |
8 | fixed english, thanks to dom, https://rt.cpan.org/Ticket/Display.html?id=46284 | |
9 | ||
0 | 10 | 0.5 2011/02/03 |
1 | 11 | documentation fixes: http://rt.cpan.org/Ticket/Display.html?id=65258 |
2 | 12 |
0 | 0 | --- #YAML:1.0 |
1 | 1 | name: Net-SSLGlue |
2 | version: 0.5 | |
2 | version: 0.8 | |
3 | 3 | abstract: ~ |
4 | 4 | author: [] |
5 | 5 | license: unknown |
14 | 14 | directory: |
15 | 15 | - t |
16 | 16 | - inc |
17 | generated_by: ExtUtils::MakeMaker version 6.54 | |
17 | generated_by: ExtUtils::MakeMaker version 6.55_02 | |
18 | 18 | meta-spec: |
19 | 19 | url: http://module-build.sourceforge.net/META-spec-v1.4.html |
20 | 20 | version: 1.4 |
42 | 42 | L<Net::SSLGlue::LDAP> modifies L<Net::LDAP> so that it does proper certificate |
43 | 43 | checking using the C<ldap> SSL_verify_scheme from L<IO::Socket::SSL>. |
44 | 44 | |
45 | Because L<Net::LDAP> does not have a mechanism to forward arbitrary parameter for | |
45 | Because L<Net::LDAP> does not have a mechanism to forward arbitrary parameters for | |
46 | 46 | the construction of the underlying socket these parameters can be set globally |
47 | when including the package or with local settings of the | |
47 | when including the package, or with local settings of the | |
48 | 48 | C<%Net::SSLGlue::LDAP::SSLopts> variable. |
49 | 49 | |
50 | All of the C<SSL_*> parameter from L<IO::Socket::SSL> can be used, especially | |
51 | the following parameter is useful: | |
50 | All of the C<SSL_*> parameters from L<IO::Socket::SSL> can be used; the | |
51 | following parameter is especially useful: | |
52 | 52 | |
53 | 53 | =over 4 |
54 | 54 | |
56 | 56 | |
57 | 57 | Usually the name given as the hostname in the constructor is used to verify the |
58 | 58 | identity of the certificate. If you want to check the certificate against |
59 | another name you might specify it with this parameter. | |
59 | another name you can specify it with this parameter. | |
60 | 60 | |
61 | 61 | =back |
62 | 62 |
0 | 0 | use strict; |
1 | 1 | use warnings; |
2 | 2 | package Net::SSLGlue::LWP; |
3 | our $VERSION = 0.3; | |
3 | our $VERSION = 0.4; | |
4 | 4 | use LWP::UserAgent '5.822'; |
5 | 5 | use IO::Socket::SSL 1.19; |
6 | use URI::Escape 'uri_unescape'; | |
7 | use MIME::Base64 'encode_base64'; | |
8 | 6 | use URI; |
9 | 7 | |
10 | 8 | # force Net::SSLGlue::LWP::Socket as superclass of Net::HTTPS, because |
66 | 64 | use IO::Socket::SSL; |
67 | 65 | use base 'IO::Socket::SSL'; |
68 | 66 | my $sockclass = 'IO::Socket::INET'; |
67 | use URI::Escape 'uri_unescape'; | |
68 | use MIME::Base64 'encode_base64'; | |
69 | 69 | $sockclass .= '6' if eval "require IO::Socket::INET6"; |
70 | 70 | |
71 | 71 | sub configure { |
159 | 159 | =head1 DESCRIPTION |
160 | 160 | |
161 | 161 | L<Net::SSLGlue::LWP> modifies L<Net::HTTPS> and L<LWP::Protocol::https> so that |
162 | L<Net::HTTPS> is forced to use L<IO::Socket::SSL> instead of L<Crypt::SSLeay> | |
162 | L<Net::HTTPS> is forced to use L<IO::Socket::SSL> instead of L<Crypt::SSLeay>, | |
163 | 163 | and that L<LWP::Protocol::https> does proper certificate checking using the |
164 | 164 | C<http> SSL_verify_scheme from L<IO::Socket::SSL>. |
165 | 165 | |
166 | Because L<LWP> does not have a mechanism to forward arbitrary parameter for | |
166 | Because L<LWP> does not have a mechanism to forward arbitrary parameters for | |
167 | 167 | the construction of the underlying socket these parameters can be set globally |
168 | when including the package or with local settings of the | |
168 | when including the package, or with local settings of the | |
169 | 169 | C<%Net::SSLGlue::LWP::SSLopts> variable. |
170 | 170 | |
171 | All of the C<SSL_*> parameter from L<IO::Socket::SSL> can be used, especially | |
172 | the following parameters are useful: | |
171 | All of the C<SSL_*> parameter from L<IO::Socket::SSL> can be used; the | |
172 | following parameters are especially useful: | |
173 | 173 | |
174 | 174 | =over 4 |
175 | 175 | |
176 | 176 | =item SSL_ca_path, SSL_ca_file |
177 | 177 | |
178 | 178 | Specifies the path or a file where the CAs used for checking the certificates |
179 | are located. Typical for UNIX systems is L</etc/ssl/certs>. | |
179 | are located. This is typically L</etc/ssl/certs> on UNIX systems. | |
180 | 180 | |
181 | 181 | =item SSL_verify_mode |
182 | 182 | |
183 | If set to 0 disabled verification of the certificate. By default it is 1 which | |
184 | means, that the peer certificate is checked. | |
183 | If set to 0, verification of the certificate will be disabled. By default | |
184 | it is set to 1 which means that the peer certificate is checked. | |
185 | 185 | |
186 | 186 | =item SSL_verifycn_name |
187 | 187 | |
188 | 188 | Usually the name given as the hostname in the constructor is used to verify the |
189 | 189 | identity of the certificate. If you want to check the certificate against |
190 | another name you might specify it with this parameter. | |
190 | another name you can specify it with this parameter. | |
191 | 191 | |
192 | 192 | =back |
193 | 193 |
3 | 3 | package Net::SSLGlue::SMTP; |
4 | 4 | use IO::Socket::SSL 1.19; |
5 | 5 | use Net::SMTP; |
6 | our $VERSION = 0.5; | |
6 | our $VERSION = 0.7; | |
7 | 7 | |
8 | 8 | ############################################################################## |
9 | 9 | # mix starttls method into Net::SMTP which on SSL handshake success |
12 | 12 | sub Net::SMTP::starttls { |
13 | 13 | my $self = shift; |
14 | 14 | $self->_STARTTLS or return; |
15 | my $host = ${*$self}{net_smtp_host}; | |
16 | # for name verification strip port from domain:port, ipv4:port, [ipv6]:port | |
17 | $host =~s{^(?:[^:]+|.+\])\:(\d+)$}{}; | |
18 | ||
15 | 19 | Net::SMTP::_SSLified->start_SSL( $self, |
16 | 20 | SSL_verify_mode => 1, |
17 | 21 | SSL_verifycn_scheme => 'smtp', |
18 | SSL_verifycn_name => ${*$self}{net_smtp_host}, | |
22 | SSL_verifycn_name => $host, | |
19 | 23 | @_ |
20 | 24 | ); |
21 | 25 | } |
120 | 124 | |
121 | 125 | =head1 DESCRIPTION |
122 | 126 | |
123 | L<Net::SSLGlue::SMTP> expands L<Net::SMTP> so one can either start directly with SSL | |
127 | L<Net::SSLGlue::SMTP> extends L<Net::SMTP> so one can either start directly with SSL | |
124 | 128 | or switch later to SSL using the STARTTLS command. |
125 | 129 | |
126 | By default it will take care to verfify the certificate according to the rules | |
130 | By default it will take care to verify the certificate according to the rules | |
127 | 131 | for SMTP implemented in L<IO::Socket::SSL>. |
128 | 132 | |
129 | 133 | =head1 METHODS |
152 | 156 | =back |
153 | 157 | |
154 | 158 | All of these methods can take the C<SSL_*> parameter from L<IO::Socket::SSL> to |
155 | change the behavior of the SSL connection. Especially the following parameter | |
156 | are useful: | |
159 | change the behavior of the SSL connection. The following parameters are | |
160 | especially useful: | |
157 | 161 | |
158 | 162 | =over 4 |
159 | 163 | |
160 | 164 | =item SSL_ca_path, SSL_ca_file |
161 | 165 | |
162 | 166 | Specifies the path or a file where the CAs used for checking the certificates |
163 | are located. Typical for UNIX systems is L</etc/ssl/certs>. | |
167 | are located. This is typically L</etc/ssl/certs> on UNIX systems. | |
164 | 168 | |
165 | 169 | =item SSL_verify_mode |
166 | 170 | |
167 | If set to 0 disabled verification of the certificate. By default it is 1 which | |
168 | means, that the peer certificate is checked. | |
171 | If set to 0, verification of the certificate will be disabled. By default | |
172 | it is set to 1 which means that the peer certificate is checked. | |
169 | 173 | |
170 | 174 | =item SSL_verifycn_name |
171 | 175 | |
172 | 176 | Usually the name given as the hostname in the constructor is used to verify the |
173 | 177 | identity of the certificate. If you want to check the certificate against |
174 | another name you might specify it with this parameter. | |
178 | another name you can specify it with this parameter. | |
175 | 179 | |
176 | 180 | =back |
177 | 181 |
0 | 0 | package Net::SSLGlue; |
1 | our $VERSION = 0.5; | |
1 | our $VERSION = 0.8; | |
2 | 2 | |
3 | 3 | =head1 NAME |
4 | 4 | |
7 | 7 | =head1 DESCRIPTION |
8 | 8 | |
9 | 9 | Some commonly used perl modules don't have SSL support at all, even if the |
10 | protocol would support it. Others have SSL support, but most of them don't do | |
11 | proper checking of the servers certificate. | |
10 | protocol supports it. Others have SSL support, but most of them don't do | |
11 | proper checking of the server's certificate. | |
12 | 12 | |
13 | The C<Net::SSLGlue::*> modules try to add SSL support or proper certificate to | |
14 | these modules. Currently is support for the following modules available: | |
13 | The C<Net::SSLGlue::*> modules try to add SSL support or proper certificate | |
14 | checking to these modules. Currently support for the following modules is | |
15 | available: | |
15 | 16 | |
16 | 17 | =over 4 |
17 | 18 |