diff --git a/.gitignore b/.gitignore index 56915ac..01d093b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,2 @@ -LICENSE -META.yml -README -Makefile.PL +/POE-Component-SSLify-* +/.build/ diff --git a/Build.PL b/Build.PL deleted file mode 100644 index 572592f..0000000 --- a/Build.PL +++ /dev/null @@ -1,49 +0,0 @@ -# Build.PL -use strict; use warnings; -use Module::Build; - -my $build = Module::Build->new( - # look up Module::Build::API for the info! - 'dynamic_config' => 0, - 'module_name' => 'POE::Component::SSLify', - 'license' => 'perl', - - 'dist_abstract' => 'SSL in the world of POE made easy', - 'dist_author' => 'Apocalypse ', - - 'create_packlist' => 1, - 'create_makefile_pl' => 'traditional', - 'create_readme' => 1, - 'create_license' => 1, - 'sign' => 0, - - 'test_files' => 't/*.t', - - 'requires' => { - # Networking - 'Net::SSLeay' => '1.36', - - # minimum perl version - 'perl' => '5.006', - }, - - 'build_requires' => { - # For the t/simple.t test - 'POE' => '1.267', - 'POE::Component::Client::TCP' => 0, - 'POE::Component::Server::TCP' => 0, - }, - - # include the standard stuff in META.yml - 'meta_merge' => { - 'resources' => { - 'license' => 'http://dev.perl.org/licenses/', - 'homepage' => 'http://search.cpan.org/dist/POE-Component-SSLify', - 'bugtracker' => 'http://rt.cpan.org/NoAuth/Bugs.html?Dist=POE-Component-SSLify', - 'repository' => 'http://github.com/apocalypse/perl-poe-sslify', - }, - }, -); - -# all done! -$build->create_build_script; diff --git a/Changes b/Changes index a2579bb..d129dcf 100644 --- a/Changes +++ b/Changes @@ -1,24 +1,31 @@ Revision history for Perl extension POE::Component::SSLify. -* 0.20 +{{$NEXT}} + + Converted to Dist::Zilla for the release process! + Add a test for in-situ sslification, thanks mordy@irc! + Add prereq for IO::Handle 1.28 to get sane $socket->blocking( 0 ) behavior on MSWin32 + Remove crufty old code for nonblocking and use $socket->blocking() instead + +0.20 Split up the simple.t test into 2 tests for clarity, and added more diag messages for renegotiate, thanks HMBRAND! -* 0.19 +0.19 Fixed a warning generated by POE::Component::Client::TCP in t/simple.t, thanks HMBRAND! -* 0.18 +0.18 Bumped POE dep to at least 1.267 for t/simple.t - thanks CPANTesters! Minor typo fixes in POD/Build.PL -* 0.17 +0.17 Fixed the t/simple.t test to PASS on FreeBSD because Net::SSLeay::renegotiate was buggy on it, thanks CPANTesters! Added note about OpenSSL functions in the POD. -* 0.16 +0.16 Updated the nonblocking code to be production-ready, thanks ASCENT! Removed the NONBLOCKING() sub, this module is now always nonblocking. @@ -27,7 +34,7 @@ Misc kwalitee and POD fixes. Bumped Net::SSLeay prereq to 1.36 so we have the latest SSL stuff to ensure sanity :) -* 0.15 +0.15 Added "examples/serverclient.pl" to track down same-process sslification problems, thanks LotR! @@ -37,7 +44,7 @@ Added experimental NONBLOCKING code, thanks ASCENT for the motivation! -* 0.14 +0.14 removed Test::* modules from dependency list, thanks BINGOS - RT #36725 @@ -45,15 +52,15 @@ added Build.PL -* 0.13 +0.13 POD typo errors in SSLify_ContextCreate - thanks ASCENT! -* 0.12 +0.12 Kwalitee-related fixes -* 0.11 +0.11 allowed setting of client-side context ( $ctx ) object - thanks RT #34442 @@ -65,47 +72,47 @@ backported Net::SSLeay's removal of %Filenum_Objects hash -* 0.10 +0.10 More tweaks of POD - finally close RT #31238 Added SSL version support - thanks RT #31492 Added SSL CTX option support as a side effect Added client.pl example with ReadLine support -* 0.09 +0.09 Minor tweak of POD to enable better distro building - thanks RT #31238 -* 0.08 +0.08 Added support for BINMODE - thanks RT #27117 -* 0.07 +0.07 Fixed undefined $info - thanks RT #22372 -* 0.06 +0.06 Kwalitee-related fixes -* 0.05 +0.05 Finally use a Changes file - thanks RT #18981 Documentation tweaks Upgraded Net::SSLeay requirement to 1.30 to help Win32 problems -* 0.04 +0.04 Added new functions to extract data from the SSL socket -> GetCipher and GetSocket In the case somebody knows Net::SSLeay more than me, added GetCTX to return the server-side CTX object Removed the dependency on Net::SSLeay::Handle -* 0.03 +0.03 First stab at the server-side code, help me test it out! Refactored SSLify() into client/server side, so update your program accordingly! -* 0.02 +0.02 Made sure the IO::Handle way was used only on MSWin32 @@ -114,6 +121,6 @@ Oops, forgot to override _get_self and _get_ssl Fixed a nasty leak issue -* 0.01 +0.01 Initial release diff --git a/MANIFEST b/MANIFEST deleted file mode 100644 index a4a7dc3..0000000 --- a/MANIFEST +++ /dev/null @@ -1,24 +0,0 @@ -Build.PL -MANIFEST -MANIFEST.SKIP -README -Makefile.PL -META.yml -Changes -LICENSE - -lib/POE/Component/SSLify.pm -lib/POE/Component/SSLify/ClientHandle.pm -lib/POE/Component/SSLify/ServerHandle.pm - -examples/client.pl -examples/server.pl -examples/serverclient.pl - -mylib/example.crt -mylib/example.key - -t/1_load.t -t/2_simple.t -t/3_renegotiate.t -t/apocalypse.t diff --git a/MANIFEST.SKIP b/MANIFEST.SKIP deleted file mode 100644 index 6e8c6ab..0000000 --- a/MANIFEST.SKIP +++ /dev/null @@ -1,30 +0,0 @@ -# skip Eclipse IDE stuff -\.includepath$ -\.project$ -\.settings/ - -# Avoid version control files. -\B\.svn\b -\B\.git\b -^\.gitignore$ - -# Avoid Makemaker generated and utility files. -\bMakefile$ -\bblib/ -\bMakeMaker-\d -\bpm_to_blib$ - -# Avoid Module::Build generated and utility files. -\bBuild$ -\b_build/ -^MYMETA.yml$ - -# Avoid temp and backup files. -~$ -\.old$ -\#$ -\b\.# -\.bak$ - -# our tarballs -\.tar\.gz$ diff --git a/POE-Component-SSLify-0.01.tar.gz b/POE-Component-SSLify-0.01.tar.gz deleted file mode 100644 index de1b8c7..0000000 Binary files a/POE-Component-SSLify-0.01.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.02.tar.gz b/POE-Component-SSLify-0.02.tar.gz deleted file mode 100644 index b21bd20..0000000 Binary files a/POE-Component-SSLify-0.02.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.03.tar.gz b/POE-Component-SSLify-0.03.tar.gz deleted file mode 100644 index 644cef5..0000000 Binary files a/POE-Component-SSLify-0.03.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.04.tar.gz b/POE-Component-SSLify-0.04.tar.gz deleted file mode 100644 index 96e542e..0000000 Binary files a/POE-Component-SSLify-0.04.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.05.tar.gz b/POE-Component-SSLify-0.05.tar.gz deleted file mode 100644 index 3b17879..0000000 Binary files a/POE-Component-SSLify-0.05.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.06.tar.gz b/POE-Component-SSLify-0.06.tar.gz deleted file mode 100644 index 9100bd0..0000000 Binary files a/POE-Component-SSLify-0.06.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.07.tar.gz b/POE-Component-SSLify-0.07.tar.gz deleted file mode 100644 index c6b71de..0000000 Binary files a/POE-Component-SSLify-0.07.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.08.tar.gz b/POE-Component-SSLify-0.08.tar.gz deleted file mode 100644 index 19df87c..0000000 Binary files a/POE-Component-SSLify-0.08.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.09.tar.gz b/POE-Component-SSLify-0.09.tar.gz deleted file mode 100644 index 0dc00fd..0000000 Binary files a/POE-Component-SSLify-0.09.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.10.tar.gz b/POE-Component-SSLify-0.10.tar.gz deleted file mode 100644 index c27e4cc..0000000 Binary files a/POE-Component-SSLify-0.10.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.11.tar.gz b/POE-Component-SSLify-0.11.tar.gz deleted file mode 100644 index 656d0c1..0000000 Binary files a/POE-Component-SSLify-0.11.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.12.tar.gz b/POE-Component-SSLify-0.12.tar.gz deleted file mode 100644 index a515ebb..0000000 Binary files a/POE-Component-SSLify-0.12.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.13.tar.gz b/POE-Component-SSLify-0.13.tar.gz deleted file mode 100644 index d6e5532..0000000 Binary files a/POE-Component-SSLify-0.13.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.14.tar.gz b/POE-Component-SSLify-0.14.tar.gz deleted file mode 100644 index b51a992..0000000 Binary files a/POE-Component-SSLify-0.14.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.15.tar.gz b/POE-Component-SSLify-0.15.tar.gz deleted file mode 100644 index f99a301..0000000 Binary files a/POE-Component-SSLify-0.15.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.16.tar.gz b/POE-Component-SSLify-0.16.tar.gz deleted file mode 100644 index e7841b9..0000000 Binary files a/POE-Component-SSLify-0.16.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.17.tar.gz b/POE-Component-SSLify-0.17.tar.gz deleted file mode 100644 index 2050b9d..0000000 Binary files a/POE-Component-SSLify-0.17.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.18.tar.gz b/POE-Component-SSLify-0.18.tar.gz deleted file mode 100644 index b21b035..0000000 Binary files a/POE-Component-SSLify-0.18.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.19.tar.gz b/POE-Component-SSLify-0.19.tar.gz deleted file mode 100644 index b549826..0000000 Binary files a/POE-Component-SSLify-0.19.tar.gz and /dev/null differ diff --git a/POE-Component-SSLify-0.20.tar.gz b/POE-Component-SSLify-0.20.tar.gz deleted file mode 100644 index 2bf00c0..0000000 Binary files a/POE-Component-SSLify-0.20.tar.gz and /dev/null differ diff --git a/dist.ini b/dist.ini new file mode 100644 index 0000000..1123ec8 --- /dev/null +++ b/dist.ini @@ -0,0 +1,2 @@ +name = POE-Component-SSLify +[@Apocalyptic] diff --git a/examples/client.pl b/examples/client.pl index 4eb8f34..8d8a9e2 100755 --- a/examples/client.pl +++ b/examples/client.pl @@ -1,5 +1,4 @@ #!/usr/bin/perl -use strict; use warnings; use POE; use POE::Component::SSLify qw( Client_SSLify ); diff --git a/examples/server.pl b/examples/server.pl index 9638309..0d6902c 100755 --- a/examples/server.pl +++ b/examples/server.pl @@ -1,5 +1,4 @@ #!/usr/bin/perl -use strict; use warnings; use POE; use Socket qw( inet_ntoa unpack_sockaddr_in ); diff --git a/examples/serverclient.pl b/examples/serverclient.pl index 1861eb6..2f67700 100755 --- a/examples/serverclient.pl +++ b/examples/serverclient.pl @@ -1,5 +1,4 @@ #!/usr/bin/perl -use strict; use warnings; use POE; use Socket qw( inet_ntoa unpack_sockaddr_in ); diff --git a/lib/POE/Component/SSLify/ClientHandle.pm b/lib/POE/Component/SSLify/ClientHandle.pm index 415bb60..01f80b7 100644 --- a/lib/POE/Component/SSLify/ClientHandle.pm +++ b/lib/POE/Component/SSLify/ClientHandle.pm @@ -1,9 +1,6 @@ package POE::Component::SSLify::ClientHandle; -use strict; use warnings; -# Initialize our version -use vars qw( $VERSION ); -$VERSION = '0.20'; +# ABSTRACT: Client-side handle for SSLify # Import the SSL death routines use Net::SSLeay qw( die_now die_if_ssl_error ); @@ -45,38 +42,15 @@ return $self; } -# End of module 1; -__END__ - -=head1 NAME - -POE::Component::SSLify::ClientHandle - client object for POE::Component::SSLify - -=head1 ABSTRACT - - See POE::Component::SSLify::ServerHandle +=pod =head1 DESCRIPTION This is a subclass of ServerHandle to accomodate clients setting custom context objects. =head1 SEE ALSO - -L - -L - -=head1 AUTHOR - -Apocalypse Eapocal@cpan.orgE - -=head1 COPYRIGHT AND LICENSE - -Copyright 2010 by Apocalypse - -This library is free software; you can redistribute it and/or modify -it under the same terms as Perl itself. +POE::Component::SSLify::ServerHandle =cut diff --git a/lib/POE/Component/SSLify/ServerHandle.pm b/lib/POE/Component/SSLify/ServerHandle.pm index cf2058e..b9f3b0b 100644 --- a/lib/POE/Component/SSLify/ServerHandle.pm +++ b/lib/POE/Component/SSLify/ServerHandle.pm @@ -1,9 +1,6 @@ package POE::Component::SSLify::ServerHandle; -use strict; use warnings; -# Initialize our version -use vars qw( $VERSION ); -$VERSION = '0.20'; +# ABSTRACT: Server-side handle for SSLify # Import the SSL death routines use Net::SSLeay qw( die_now die_if_ssl_error ); @@ -157,18 +154,9 @@ die 'Not Implemented'; } -# End of module 1; -__END__ - -=head1 NAME - -POE::Component::SSLify::ServerHandle - server object for POE::Component::SSLify - -=head1 ABSTRACT - - See POE::Component::SSLify +=pod =head1 DESCRIPTION @@ -182,19 +170,4 @@ This subclass doesn't know what to do with PRINT/READLINE, as they usually are not used in POE::Wheel operations... -=head1 SEE ALSO - -L - -=head1 AUTHOR - -Apocalypse Eapocal@cpan.orgE - -=head1 COPYRIGHT AND LICENSE - -Copyright 2010 by Apocalypse - -This library is free software; you can redistribute it and/or modify -it under the same terms as Perl itself. - =cut diff --git a/lib/POE/Component/SSLify.pm b/lib/POE/Component/SSLify.pm index 2efb59c..227b741 100644 --- a/lib/POE/Component/SSLify.pm +++ b/lib/POE/Component/SSLify.pm @@ -1,17 +1,12 @@ package POE::Component::SSLify; -use strict; use warnings; - -# Initialize our version -use vars qw( $VERSION ); -$VERSION = '0.20'; + +# ABSTRACT: Makes using SSL in the world of POE easy! # We need Net::SSLeay or all's a failure! BEGIN { eval { - require Net::SSLeay; - # We need >= 1.36 because it contains a lot of important fixes - Net::SSLeay->import( 1.36 ); + use Net::SSLeay 1.36 qw( die_now die_if_ssl_error ); }; # Check for errors... @@ -19,7 +14,7 @@ # Oh boy! die $@; } else { - # Finally, load our subclass :) + # Finally, load our subclasses :) # ClientHandle isa ServerHandle so it will get loaded automatically require POE::Component::SSLify::ClientHandle; @@ -39,68 +34,13 @@ # Bring in some socket-related stuff use Symbol qw( gensym ); -use POSIX qw( F_GETFL F_SETFL O_NONBLOCK EAGAIN EWOULDBLOCK ); - -# We need the server-side stuff -use Net::SSLeay qw( die_now die_if_ssl_error ); + +# we need IO 1.24 for it's win32 fixes but it includes IO::Handle 1.27_02 which is dev... +# unfortunately we have to jump to IO 1.25 which includes IO::Handle 1.28... argh! +use IO::Handle 1.28; # The server-side CTX stuff my $ctx = undef; - -# Helper sub to set nonblocking on a handle -sub _NonBlocking { - my $socket = shift; - - # ActiveState Perl 5.8.0 dislikes the Win32-specific code to make - # a socket blocking, so we use IO::Handle's blocking(0) method. - # Perl 5.005_03 doesn't like blocking(), so we only use it in - # 5.8.0 and beyond. - if ( $] >= 5.008 and $^O eq 'MSWin32' ) { - # TODO investigate this? -# kthakore: Apocalypse: FYI - as regards no-blocking socket dark magic commited to FB while ago - IO::Socket 1.24 (=May/2009) and later supports on Win32 simply $socket->blocking(0); -# kmx: Ah didn't know that - maybe I can use that :) -# Apocalypse: I uderstand that used workaround is from pre IO::Socket 1.24 times -# Ah, my code already did that eh -# if ( $] >= 5.008 and $^O eq 'MSWin32' ) { -# But maybe 5.008 check isn't enough? -# Apocalypse: You'd better check version of IO - see changelog http://cpansearch.perl.org/src/GBARR/IO-1.25/ChangeLog -# Hmm yeah -# * Make non-blocking mode work on Windows in IO::Socket::INET -# Apocalypse: exactly -# Thanks for the tip! I'll go and add a TODO to the sslify code to investigate that :) - - - # From IO::Handle POD - # If an error occurs blocking will return undef and $! will be set. - if ( ! $socket->blocking( 0 ) ) { - die "Unable to set nonblocking mode on socket: $!"; - } - } else { - # Make the handle nonblocking, the POSIX way. - if ( $^O ne 'MSWin32' ) { - # Get the old flags - my $flags = fcntl( $socket, F_GETFL, 0 ) or die "fcntl( $socket, F_GETFL, 0 ) fails: $!"; - - # Okay, we patiently wait until the socket turns nonblocking mode - until( fcntl( $socket, F_SETFL, $flags | O_NONBLOCK ) ) { - # What was the error? - if ( ! ( $! == EAGAIN or $! == EWOULDBLOCK ) ) { - # Fatal error... - die "fcntl( $socket, FSETFL, etc ) fails: $!"; - } - } - } else { - # Darned MSWin32 way... - # Do some ioctl magic here - # 126 is FIONBIO ( some docs say 0x7F << 16 ) - my $flag = "1"; - ioctl( $socket, 0x80000000 | ( 4 << 16 ) | ( ord( 'f' ) << 8 ) | 126, $flag ) or die "ioctl( $socket, FIONBIO, $flag ) fails: $!"; - } - } - - # All done! - return $socket; -} # Okay, the main routine here! sub Client_SSLify { @@ -112,8 +52,11 @@ die "Did not get a defined socket"; } - # Set non-blocking - $socket = _NonBlocking( $socket ); + # From IO::Handle POD + # If an error occurs blocking will return undef and $! will be set. + if ( ! defined $socket->blocking( 0 ) ) { + die "Unable to set nonblocking mode on socket: $!"; + } # Now, we create the new socket and bind it to our subclass of Net::SSLeay::Handle my $newsock = gensym(); @@ -139,8 +82,11 @@ die 'Please do SSLify_Options() first ( or pass in a $ctx object )'; } - # Set non-blocking - $socket = _NonBlocking( $socket ); + # From IO::Handle POD + # If an error occurs blocking will return undef and $! will be set. + if ( ! defined $socket->blocking( 0 ) ) { + die "Unable to set nonblocking mode on socket: $!"; + } # Now, we create the new socket and bind it to our subclass of Net::SSLeay::Handle my $newsock = gensym(); @@ -250,15 +196,9 @@ return tied( *$sock )->{'socket'}; } -# End of module 1; -__END__ - -=for stopwords AnnoCPAN CPAN CPANTS Kwalitee RT SSL com diff github FreeBSD OpenSSL - -=head1 NAME - -POE::Component::SSLify - Makes using SSL in the world of POE easy! + +=pod =head1 SYNOPSIS @@ -291,7 +231,7 @@ # SERVER-side usage - # !!! Make sure you have a public key + certificate generated via Net::SSLeay's makecert.pl + # !!! Make sure you have a public key + certificate # excellent howto: http://www.akadia.com/services/ssh_test_certificate.html # Import the module @@ -323,10 +263,6 @@ # Use it as you wish... # End of example -=head1 ABSTRACT - - Makes SSL use in POE a breeze! - =head1 DESCRIPTION This component represents the standard way to do SSL in POE. @@ -366,9 +302,14 @@ =head3 Net::SSLeay::renegotiate -This function has been tested ( it's in t/3_renegotiate.t ) but it doesn't work on FreeBSD! I tracked it down to this security advisory: +This function has been tested ( it's in C ) but it doesn't work on FreeBSD! I tracked it down to this security advisory: L which explains it in detail. The test will skip this function if it detects that you're on a broken system. However, if you have the updated OpenSSL library that fixes this you can use it. + +=head3 In-Situ sslification + +You can have a normal plaintext socket, and convert it to SSL anytime. Just keep in mind that the client and the server must agree to sslify +at the same time, or they will be waiting on each other forever! See C for an example of how this works. =head1 FUNCTIONS @@ -496,73 +437,11 @@ Stuffs all of the above functions in @EXPORT_OK so you have to request them directly -=head1 SUPPORT - -You can find documentation for this module with the perldoc command. - - perldoc POE::Component::SSLify - -=head2 Websites - -=over 4 - -=item * Search CPAN - -L - -=item * AnnoCPAN: Annotated CPAN documentation - -L - -=item * CPAN Ratings - -L - -=item * CPAN Forum - -L - -=item * RT: CPAN's Request Tracker - -L - -=item * CPANTS Kwalitee - -L - -=item * CPAN Testers Results - -L - -=item * CPAN Testers Matrix - -L - -=item * Git Source Code Repository - -This code is currently hosted on github.com under the account "apocalypse". Please feel free to browse it -and pull from it, or whatever. If you want to contribute patches, please send me a diff or prod me to pull -from your repository :) - -L - -=back - -=head2 Bugs - -Please report any bugs or feature requests to C, or through -the web interface at L. I will be -notified, and then you'll automatically be notified of progress on your bug as I make changes. - =head1 SEE ALSO - -L - -L - -=head1 AUTHOR - -Apocalypse Eapocal@cpan.orgE +POE +Net::SSLeay + +=head1 ACKNOWLEDGEMENTS Original code is entirely Rocco Caputo ( Creator of POE ) -> I simply packaged up the code into something everyone could use and accepted the burden @@ -576,13 +455,4 @@ ASCENT also helped a lot with the nonblocking mode, without his hard work this module would still be stuck in the stone age :) -=head1 COPYRIGHT AND LICENSE - -Copyright 2010 by Apocalypse/Rocco Caputo/Dariusz Jackowski - -This library is free software; you can redistribute it and/or modify -it under the same terms as Perl itself. - -The full text of the license can be found in the LICENSE file included with this module. - =cut diff --git a/releases/POE-Component-SSLify-0.01.tar.gz b/releases/POE-Component-SSLify-0.01.tar.gz new file mode 100644 index 0000000..de1b8c7 Binary files /dev/null and b/releases/POE-Component-SSLify-0.01.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.02.tar.gz b/releases/POE-Component-SSLify-0.02.tar.gz new file mode 100644 index 0000000..b21bd20 Binary files /dev/null and b/releases/POE-Component-SSLify-0.02.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.03.tar.gz b/releases/POE-Component-SSLify-0.03.tar.gz new file mode 100644 index 0000000..644cef5 Binary files /dev/null and b/releases/POE-Component-SSLify-0.03.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.04.tar.gz b/releases/POE-Component-SSLify-0.04.tar.gz new file mode 100644 index 0000000..96e542e Binary files /dev/null and b/releases/POE-Component-SSLify-0.04.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.05.tar.gz b/releases/POE-Component-SSLify-0.05.tar.gz new file mode 100644 index 0000000..3b17879 Binary files /dev/null and b/releases/POE-Component-SSLify-0.05.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.06.tar.gz b/releases/POE-Component-SSLify-0.06.tar.gz new file mode 100644 index 0000000..9100bd0 Binary files /dev/null and b/releases/POE-Component-SSLify-0.06.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.07.tar.gz b/releases/POE-Component-SSLify-0.07.tar.gz new file mode 100644 index 0000000..c6b71de Binary files /dev/null and b/releases/POE-Component-SSLify-0.07.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.08.tar.gz b/releases/POE-Component-SSLify-0.08.tar.gz new file mode 100644 index 0000000..19df87c Binary files /dev/null and b/releases/POE-Component-SSLify-0.08.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.09.tar.gz b/releases/POE-Component-SSLify-0.09.tar.gz new file mode 100644 index 0000000..0dc00fd Binary files /dev/null and b/releases/POE-Component-SSLify-0.09.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.10.tar.gz b/releases/POE-Component-SSLify-0.10.tar.gz new file mode 100644 index 0000000..c27e4cc Binary files /dev/null and b/releases/POE-Component-SSLify-0.10.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.11.tar.gz b/releases/POE-Component-SSLify-0.11.tar.gz new file mode 100644 index 0000000..656d0c1 Binary files /dev/null and b/releases/POE-Component-SSLify-0.11.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.12.tar.gz b/releases/POE-Component-SSLify-0.12.tar.gz new file mode 100644 index 0000000..a515ebb Binary files /dev/null and b/releases/POE-Component-SSLify-0.12.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.13.tar.gz b/releases/POE-Component-SSLify-0.13.tar.gz new file mode 100644 index 0000000..d6e5532 Binary files /dev/null and b/releases/POE-Component-SSLify-0.13.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.14.tar.gz b/releases/POE-Component-SSLify-0.14.tar.gz new file mode 100644 index 0000000..b51a992 Binary files /dev/null and b/releases/POE-Component-SSLify-0.14.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.15.tar.gz b/releases/POE-Component-SSLify-0.15.tar.gz new file mode 100644 index 0000000..f99a301 Binary files /dev/null and b/releases/POE-Component-SSLify-0.15.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.16.tar.gz b/releases/POE-Component-SSLify-0.16.tar.gz new file mode 100644 index 0000000..e7841b9 Binary files /dev/null and b/releases/POE-Component-SSLify-0.16.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.17.tar.gz b/releases/POE-Component-SSLify-0.17.tar.gz new file mode 100644 index 0000000..2050b9d Binary files /dev/null and b/releases/POE-Component-SSLify-0.17.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.18.tar.gz b/releases/POE-Component-SSLify-0.18.tar.gz new file mode 100644 index 0000000..b21b035 Binary files /dev/null and b/releases/POE-Component-SSLify-0.18.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.19.tar.gz b/releases/POE-Component-SSLify-0.19.tar.gz new file mode 100644 index 0000000..b549826 Binary files /dev/null and b/releases/POE-Component-SSLify-0.19.tar.gz differ diff --git a/releases/POE-Component-SSLify-0.20.tar.gz b/releases/POE-Component-SSLify-0.20.tar.gz new file mode 100644 index 0000000..2bf00c0 Binary files /dev/null and b/releases/POE-Component-SSLify-0.20.tar.gz differ diff --git a/t/1_load.t b/t/1_load.t deleted file mode 100644 index 1b15ba2..0000000 --- a/t/1_load.t +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/perl -use strict; use warnings; - -my $numtests; -BEGIN { - $numtests = 3; - - eval "use Test::NoWarnings"; - if ( ! $@ ) { - # increment by one - $numtests++; - - } -} - -use Test::More tests => $numtests; - -use_ok( 'POE::Component::SSLify::ServerHandle' ); -use_ok( 'POE::Component::SSLify::ClientHandle' ); -use_ok( 'POE::Component::SSLify' ); \ No newline at end of file diff --git a/t/1_simple.t b/t/1_simple.t new file mode 100644 index 0000000..a918bdd --- /dev/null +++ b/t/1_simple.t @@ -0,0 +1,159 @@ +#!/usr/bin/perl + +# Thanks to ASCENT for this test! + +use strict; use warnings; + +my $numtests; +BEGIN { + $numtests = 16; + + eval "use Test::NoWarnings"; + if ( ! $@ ) { + # increment by one + $numtests++; + + } +} + +use Test::More tests => $numtests; + +use POE 1.267; +use POE::Component::Client::TCP; +use POE::Component::Server::TCP; +use POE::Component::SSLify qw/Client_SSLify Server_SSLify SSLify_Options SSLify_GetCipher SSLify_ContextCreate SSLify_GetSocket/; + +# TODO rewrite this to use Test::POE::Server::TCP and stuff :) + +my $port; + +POE::Component::Server::TCP->new +( + Alias => 'myserver', + Address => '127.0.0.1', + Port => 0, + + Started => sub + { + use Socket qw/sockaddr_in/; + $port = (sockaddr_in($_[HEAP]->{listener}->getsockname))[0]; + }, + ClientConnected => sub + { + ok(1, 'SERVER: accepted'); + }, + ClientDisconnected => sub + { + ok(1, 'SERVER: client disconnected'); + $_[KERNEL]->post(myserver => 'shutdown'); + }, + ClientPreConnect => sub + { + eval { SSLify_Options('mylib/example.key', 'mylib/example.crt', 'sslv3') }; + eval { SSLify_Options('../mylib/example.key', '../mylib/example.crt', 'sslv3') } if ($@); + ok(!$@, "SERVER: SSLify_Options $@"); + + my $socket = eval { Server_SSLify($_[ARG0]) }; + ok(!$@, "SERVER: Server_SSLify $@"); + ok(1, 'SERVER: SSLify_GetCipher: '. SSLify_GetCipher($socket)); + + # We pray that IO::Handle is sane... + ok( SSLify_GetSocket( $socket )->blocking == 0, 'SERVER: SSLified socket is non-blocking?'); + + return ($socket); + }, + ClientInput => sub + { + my ($kernel, $heap, $line) = @_[KERNEL, HEAP, ARG0]; + + if ( $line eq 'ping' ) { + ok(1, "SERVER: recv: $line"); + + ## At this point, connection MUST be encrypted. + my $cipher = SSLify_GetCipher($heap->{client}->get_output_handle); + ok($cipher ne '(NONE)', "SERVER: SSLify_GetCipher: $cipher"); + + $heap->{client}->put("pong"); + } else { + die "Unknown line from CLIENT: $line"; + } + }, + ClientError => sub + { + # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! + # The default PoCo::Server::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( + my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; + + # TODO are there other "errors" that is harmless? + $error = "Normal disconnection" unless $error; + my $msg = "Got SERVER $syscall error $errno: $error"; + unless ( $syscall eq 'read' and $errno == 0 ) { + fail( $msg ); + } else { + diag( $msg ) if $ENV{TEST_VERBOSE}; + } + }, +); + +POE::Component::Client::TCP->new +( + Alias => 'myclient', + RemoteAddress => '127.0.0.1', + RemotePort => $port, + Connected => sub + { + ok(1, 'CLIENT: connected'); + + $_[HEAP]->{server}->put("ping"); + }, + PreConnect => sub + { + my $ctx = eval { SSLify_ContextCreate(undef, undef, 'sslv3') }; + ok(!$@, "CLIENT: SSLify_ContextCreate $@"); + my $socket = eval { Client_SSLify($_[ARG0], undef, undef, $ctx) }; + ok(!$@, "CLIENT: Client_SSLify $@"); + ok(1, 'CLIENT: SSLify_GetCipher: '. SSLify_GetCipher($socket)); + + # We pray that IO::Handle is sane... + ok( SSLify_GetSocket( $socket )->blocking == 0, 'CLIENT: SSLified socket is non-blocking?'); + + return ($socket); + }, + ServerInput => sub + { + my ($kernel, $heap, $line) = @_[KERNEL, HEAP, ARG0]; + + if ($line eq 'pong') { + ok(1, "CLIENT: recv: $line"); + + ## At this point, connection MUST be encrypted. + my $cipher = SSLify_GetCipher($heap->{server}->get_output_handle); + ok($cipher ne '(NONE)', "CLIENT: SSLify_GetCipher: $cipher"); + + $kernel->yield('shutdown'); + } else { + die "Unknown line from SERVER: $line"; + } + }, + ServerError => sub + { + # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! + # The default PoCo::Client::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( + my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; + + # TODO are there other "errors" that is harmless? + $error = "Normal disconnection" unless $error; + my $msg = "Got CLIENT $syscall error $errno: $error"; + unless ( $syscall eq 'read' and $errno == 0 ) { + fail( $msg ); + } else { + diag( $msg ) if $ENV{TEST_VERBOSE}; + } + }, +); + +$poe_kernel->run(); + +pass( 'shut down sanely' ); + +exit 0; diff --git a/t/2_renegotiate.t b/t/2_renegotiate.t new file mode 100644 index 0000000..fb2d789 --- /dev/null +++ b/t/2_renegotiate.t @@ -0,0 +1,210 @@ +#!/usr/bin/perl + +# Thanks to ASCENT for this test! + +# This test adds renegotiation to the connection +# Since this is not supported on all platforms, it's marked TODO and adds custom logic +# to make sure it doesn't FAIL if it's not supported. + +use strict; use warnings; + +my $numtests; +BEGIN { + $numtests = 23; + + eval "use Test::NoWarnings"; + if ( ! $@ ) { + # increment by one + $numtests++; + + } +} + +use Test::More tests => $numtests; + +use POE 1.267; +use POE::Component::Client::TCP; +use POE::Component::Server::TCP; +use POE::Component::SSLify qw/Client_SSLify Server_SSLify SSLify_Options SSLify_GetCipher SSLify_ContextCreate SSLify_GetSocket/; +use Net::SSLeay qw/ERROR_WANT_READ ERROR_WANT_WRITE/; + +# TODO rewrite this to use Test::POE::Server::TCP and stuff :) + +my $port; +my $server_ping2; +my $client_ping2; + +POE::Component::Server::TCP->new +( + Alias => 'myserver', + Address => '127.0.0.1', + Port => 0, + + Started => sub + { + use Socket qw/sockaddr_in/; + $port = (sockaddr_in($_[HEAP]->{listener}->getsockname))[0]; + }, + ClientConnected => sub + { + ok(1, 'SERVER: accepted'); + }, + ClientDisconnected => sub + { + ok(1, 'SERVER: client disconnected'); + $_[KERNEL]->post(myserver => 'shutdown'); + }, + ClientPreConnect => sub + { + eval { SSLify_Options('mylib/example.key', 'mylib/example.crt', 'sslv3') }; + eval { SSLify_Options('../mylib/example.key', '../mylib/example.crt', 'sslv3') } if ($@); + ok(!$@, "SERVER: SSLify_Options $@"); + + my $socket = eval { Server_SSLify($_[ARG0]) }; + ok(!$@, "SERVER: Server_SSLify $@"); + ok(1, 'SERVER: SSLify_GetCipher: '. SSLify_GetCipher($socket)); + + # We pray that IO::Handle is sane... + ok( SSLify_GetSocket( $socket )->blocking == 0, 'SERVER: SSLified socket is non-blocking?'); + + return ($socket); + }, + ClientInput => sub + { + my ($kernel, $heap, $request) = @_[KERNEL, HEAP, ARG0]; + + ## At this point, connection MUST be encrypted. + my $cipher = SSLify_GetCipher($heap->{client}->get_output_handle); + ok($cipher ne '(NONE)', "SERVER: SSLify_GetCipher: $cipher"); + + if ($request eq 'ping') + { + ok(1, "SERVER: recv: $request"); + $heap->{client}->put("pong"); + } + elsif ($request eq 'ping2') + { + ok(1, "SERVER: recv: $request"); + $server_ping2++; + $heap->{client}->put("pong2"); + } + }, + ClientError => sub + { + # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! + # The default PoCo::Server::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( + my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; + + # TODO are there other "errors" that is harmless? + $error = "Normal disconnection" unless $error; + my $msg = "Got SERVER $syscall error $errno: $error"; + unless ( $syscall eq 'read' and $errno == 0 ) { + fail( $msg ); + } else { + diag( $msg ) if $ENV{TEST_VERBOSE}; + } + }, +); + +POE::Component::Client::TCP->new +( + Alias => 'myclient', + RemoteAddress => '127.0.0.1', + RemotePort => $port, + Connected => sub + { + ok(1, 'CLIENT: connected'); + + $_[HEAP]->{server}->put("ping"); + }, + PreConnect => sub + { + my $ctx = eval { SSLify_ContextCreate(undef, undef, 'sslv3') }; + ok(!$@, "CLIENT: SSLify_ContextCreate $@"); + my $socket = eval { Client_SSLify($_[ARG0], undef, undef, $ctx) }; + ok(!$@, "CLIENT: Client_SSLify $@"); + ok(1, 'CLIENT: SSLify_GetCipher: '. SSLify_GetCipher($socket)); + + # We pray that IO::Handle is sane... + ok( SSLify_GetSocket( $socket )->blocking == 0, 'CLIENT: SSLified socket is non-blocking?'); + + return ($socket); + }, + ServerInput => sub + { + my ($kernel, $heap, $line) = @_[KERNEL, HEAP, ARG0]; + + ## At this point, connection MUST be encrypted. + my $cipher = SSLify_GetCipher($heap->{server}->get_output_handle); + ok($cipher ne '(NONE)', "CLIENT: SSLify_GetCipher: $cipher"); + + if ($line eq 'pong') + { + ok(1, "CLIENT: recv: $line"); + + # Skip 2 Net::SSLeay::renegotiate() tests on FreeBSD because of + # http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc + TODO: { + local $TODO = "Net::SSLeay::renegotiate() does not work on all platforms"; + + ## Force SSL renegotiation + my $ssl = tied(*{$heap->{server}->get_output_handle})->{ssl}; + my $reneg_num = Net::SSLeay::num_renegotiations($ssl); + + ok(1 == Net::SSLeay::renegotiate($ssl), 'CLIENT: SSL renegotiation'); + my $handshake = Net::SSLeay::do_handshake($ssl); + my $err = Net::SSLeay::get_error($ssl, $handshake); + + ## 1 == Successful handshake, ERROR_WANT_(READ|WRITE) == non-blocking. + ok($handshake == 1 || $err == ERROR_WANT_READ || $err == ERROR_WANT_WRITE, 'CLIENT: SSL handshake'); + ok($reneg_num < Net::SSLeay::num_renegotiations($ssl), 'CLIENT: Increased number of negotiations'); + } + + $heap->{server}->put('ping2'); + } + + elsif ($line eq 'pong2') + { + ok(1, "CLIENT: recv: $line"); + $client_ping2++; + $kernel->yield('shutdown'); + } + }, + ServerError => sub + { + # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! + # The default PoCo::Client::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( + my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; + + # TODO are there other "errors" that is harmless? + $error = "Normal disconnection" unless $error; + my $msg = "Got CLIENT $syscall error $errno: $error"; + unless ( $syscall eq 'read' and $errno == 0 ) { + fail( $msg ); + } else { + diag( $msg ) if $ENV{TEST_VERBOSE}; + } + }, +); + +$poe_kernel->run(); + +# Add extra pass() to make the test harness happy if renegotiate did not work +if ( ! $server_ping2 ) { + local $TODO = "Net::SSLeay::renegotiate() does not work on all platforms"; + fail( "SERVER: Failed SSL renegotiation" ); +} +if ( ! $client_ping2 ) { + local $TODO = "Net::SSLeay::renegotiate() does not work on all platforms"; + fail( "CLIENT: Failed SSL renegotiation" ); +} +if ( ! $server_ping2 or ! $client_ping2 ) { + diag( "WARNING: Your platform/SSL library does not support renegotiation of the SSL socket." ); + diag( "This test harness detected that trying to renegotiate resulted in a disconnected socket." ); + diag( "POE::Component::SSLify will work on your system, but please do not attempt a SSL renegotiate." ); + diag( "Please talk with the author to figure out if this issue can be worked around, thank you!" ); +} + +pass( 'shut down sanely' ); + +exit 0; diff --git a/t/2_simple.t b/t/2_simple.t deleted file mode 100644 index 6a85160..0000000 --- a/t/2_simple.t +++ /dev/null @@ -1,168 +0,0 @@ -#!/usr/bin/perl - -# Thanks to ASCENT for this test! - -use strict; use warnings; - -my $numtests; -BEGIN { - $numtests = 16; - - eval "use Test::NoWarnings"; - if ( ! $@ ) { - # increment by one - $numtests++; - - } -} - -use Test::More tests => $numtests; - -use POE; -use POE::Component::Client::TCP; -use POE::Component::Server::TCP; -use POE::Component::SSLify qw/Client_SSLify Server_SSLify SSLify_Options SSLify_GetCipher SSLify_ContextCreate/; -use POSIX qw/F_GETFL O_NONBLOCK/; - -# TODO rewrite this to use Test::POE::Server::TCP and stuff :) - -my $port; - -POE::Component::Server::TCP->new -( - Alias => 'myserver', - Address => '127.0.0.1', - Port => 0, - - Started => sub - { - use Socket qw/sockaddr_in/; - $port = (sockaddr_in($_[HEAP]->{listener}->getsockname))[0]; - }, - ClientConnected => sub - { - ok(1, 'SERVER: accepted'); - }, - ClientDisconnected => sub - { - ok(1, 'SERVER: client disconnected'); - $_[KERNEL]->post(myserver => 'shutdown'); - }, - ClientPreConnect => sub - { - eval { SSLify_Options('mylib/example.key', 'mylib/example.crt', 'sslv3') }; - eval { SSLify_Options('../mylib/example.key', '../mylib/example.crt', 'sslv3') } if ($@); - ok(!$@, "SERVER: SSLify_Options $@"); - - my $socket = eval { Server_SSLify($_[ARG0]) }; - ok(!$@, "SERVER: Server_SSLify $@"); - ok(1, 'SERVER: SSLify_GetCipher: '. SSLify_GetCipher($socket)); - - # MSWin32 doesn't have F_GETFL and friends - if ( $^O eq 'MSWin32' ) { - # We pray that IO::Handle is sane... - ok( ! $_[ARG0]->blocking, 'SERVER: SSLified socket is non-blocking?'); - } else { - my $flags = fcntl($_[ARG0], F_GETFL, 0); - ok($flags & O_NONBLOCK, 'SERVER: SSLified socket is non-blocking?'); - } - - return ($socket); - }, - ClientInput => sub - { - my ($kernel, $heap, $request) = @_[KERNEL, HEAP, ARG0]; - - ## At this point, connection MUST be encrypted. - my $cipher = SSLify_GetCipher($heap->{client}->get_output_handle); - ok($cipher ne '(NONE)', "SERVER: SSLify_GetCipher: $cipher"); - - if ($request eq 'ping') - { - ok(1, "SERVER: recv: $request"); - $heap->{client}->put("pong"); - } - }, - ClientError => sub - { - # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! - # The default PoCo::Server::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( - my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; - - # TODO are there other "errors" that is harmless? - $error = "Normal disconnection" unless $error; - my $msg = "Got SERVER $syscall error $errno: $error"; - unless ( $syscall eq 'read' and $errno == 0 ) { - fail( $msg ); - } else { - diag( $msg ) if $ENV{TEST_VERBOSE}; - } - }, -); - -POE::Component::Client::TCP->new -( - Alias => 'myclient', - RemoteAddress => '127.0.0.1', - RemotePort => $port, - Connected => sub - { - ok(1, 'CLIENT: connected'); - - $_[HEAP]->{server}->put("ping"); - }, - PreConnect => sub - { - my $ctx = eval { SSLify_ContextCreate(undef, undef, 'sslv3') }; - ok(!$@, "CLIENT: SSLify_ContextCreate $@"); - my $socket = eval { Client_SSLify($_[ARG0], undef, undef, $ctx) }; - ok(!$@, "CLIENT: Client_SSLify $@"); - ok(1, 'CLIENT: SSLify_GetCipher: '. SSLify_GetCipher($socket)); - - # MSWin32 doesn't have F_GETFL and friends - if ( $^O eq 'MSWin32' ) { - # We pray that IO::Handle is sane... - ok( ! $_[ARG0]->blocking, 'CLIENT: SSLified socket is non-blocking?'); - } else { - my $flags = fcntl($_[ARG0], F_GETFL, 0); - ok($flags & O_NONBLOCK, 'CLIENT: SSLified socket is non-blocking?'); - } - - return ($socket); - }, - ServerInput => sub - { - my ($kernel, $heap, $line) = @_[KERNEL, HEAP, ARG0]; - - ## At this point, connection MUST be encrypted. - my $cipher = SSLify_GetCipher($heap->{server}->get_output_handle); - ok($cipher ne '(NONE)', "CLIENT: SSLify_GetCipher: $cipher"); - - if ($line eq 'pong') - { - ok(1, "CLIENT: recv: $line"); - $kernel->yield('shutdown'); - } - }, - ServerError => sub - { - # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! - # The default PoCo::Client::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( - my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; - - # TODO are there other "errors" that is harmless? - $error = "Normal disconnection" unless $error; - my $msg = "Got CLIENT $syscall error $errno: $error"; - unless ( $syscall eq 'read' and $errno == 0 ) { - fail( $msg ); - } else { - diag( $msg ) if $ENV{TEST_VERBOSE}; - } - }, -); - -$poe_kernel->run(); - -pass( 'shut down sanely' ); - -exit 0; diff --git a/t/3_insitu.t b/t/3_insitu.t new file mode 100644 index 0000000..32c756d --- /dev/null +++ b/t/3_insitu.t @@ -0,0 +1,185 @@ +#!/usr/bin/perl + +# Thanks to ASCENT for this test! + +use strict; use warnings; + +my $numtests; +BEGIN { + $numtests = 18; + + eval "use Test::NoWarnings"; + if ( ! $@ ) { + # increment by one + $numtests++; + + } +} + +use Test::More tests => $numtests; + +use POE 1.267; +use POE::Component::Client::TCP; +use POE::Component::Server::TCP; +use POE::Component::SSLify qw/Client_SSLify Server_SSLify SSLify_Options SSLify_GetCipher SSLify_ContextCreate SSLify_GetSocket/; + +# TODO rewrite this to use Test::POE::Server::TCP and stuff :) + +my $port; + +POE::Component::Server::TCP->new +( + Alias => 'myserver', + Address => '127.0.0.1', + Port => 0, + + Started => sub + { + use Socket qw/sockaddr_in/; + $port = (sockaddr_in($_[HEAP]->{listener}->getsockname))[0]; + }, + ClientConnected => sub + { + ok(1, 'SERVER: accepted'); + }, + ClientDisconnected => sub + { + ok(1, 'SERVER: client disconnected'); + $_[KERNEL]->post(myserver => 'shutdown'); + }, + ClientInput => sub + { + my ($kernel, $heap, $line) = @_[KERNEL, HEAP, ARG0]; + + if ( $line eq 'plaintext_ping' ) { + ok(1, "SERVER: recv: $line"); + $heap->{client}->put('plaintext_pong'); + $heap->{client}->flush; # make sure we sent the pong + + # sslify it in-situ! + eval { SSLify_Options('mylib/example.key', 'mylib/example.crt', 'sslv3') }; + eval { SSLify_Options('../mylib/example.key', '../mylib/example.crt', 'sslv3') } if ($@); + ok(!$@, "SERVER: SSLify_Options $@"); + my $socket = eval { Server_SSLify($heap->{client}->get_output_handle) }; + ok(!$@, "SERVER: Server_SSLify $@"); + ok(1, 'SERVER: SSLify_GetCipher: '. SSLify_GetCipher($socket)); + + # We pray that IO::Handle is sane... + ok( SSLify_GetSocket( $socket )->blocking == 0, 'SERVER: SSLified socket is non-blocking?'); + + # TODO evil code here, ha! + # Should I ask rcaputo to add a $rw->replace_handle($socket) method? + # if you don't do the undef and just replace it - you'll get a bad file descriptor error from POE! + # select error: Bad file descriptor (hits=-1) + undef $heap->{client}; + $heap->{client} = POE::Wheel::ReadWrite->new( + Handle => $socket, + InputEvent => 'tcp_server_got_input', + ErrorEvent => 'tcp_server_got_error', + FlushedEvent => 'tcp_server_got_flush', + ); + } elsif ( $line eq 'ssl_ping' ) { + ok(1, "SERVER: recv: $line"); + + ## At this point, connection MUST be encrypted. + my $cipher = SSLify_GetCipher($heap->{client}->get_output_handle); + ok($cipher ne '(NONE)', "SERVER: SSLify_GetCipher: $cipher"); + + $heap->{client}->put('ssl_pong'); + } else { + die "Unknown line from CLIENT: $line"; + } + }, + ClientError => sub + { + # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! + # The default PoCo::Server::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( + my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; + + # TODO are there other "errors" that is harmless? + $error = "Normal disconnection" unless $error; + my $msg = "Got SERVER $syscall error $errno: $error"; + unless ( $syscall eq 'read' and $errno == 0 ) { + fail( $msg ); + } else { + diag( $msg ) if $ENV{TEST_VERBOSE}; + } + }, +); + +POE::Component::Client::TCP->new +( + Alias => 'myclient', + RemoteAddress => '127.0.0.1', + RemotePort => $port, + Connected => sub + { + ok(1, 'CLIENT: connected'); + + $_[HEAP]->{server}->put("plaintext_ping"); + }, + ServerInput => sub + { + my ($kernel, $heap, $line) = @_[KERNEL, HEAP, ARG0]; + + if ( $line eq 'plaintext_pong' ) { + ok(1, "CLIENT: recv: $line"); + + # sslify it in-situ! + my $ctx = eval { SSLify_ContextCreate(undef, undef, 'sslv3') }; + ok(!$@, "CLIENT: SSLify_ContextCreate $@"); + my $socket = eval { Client_SSLify($heap->{server}->get_output_handle, undef, undef, $ctx) }; + ok(!$@, "CLIENT: Client_SSLify $@"); + ok(1, 'CLIENT: SSLify_GetCipher: '. SSLify_GetCipher($socket)); + + # We pray that IO::Handle is sane... + ok( SSLify_GetSocket( $socket )->blocking == 0, 'CLIENT: SSLified socket is non-blocking?'); + + # TODO evil code here, ha! + # Should I ask rcaputo to add a $rw->replace_handle($socket) method? + # if you don't do the undef and just replace it - you'll get a bad file descriptor error from POE! + # select error: Bad file descriptor (hits=-1) + undef $heap->{server}; + $heap->{server} = POE::Wheel::ReadWrite->new( + Handle => $socket, + InputEvent => 'got_server_input', + ErrorEvent => 'got_server_error', + FlushedEvent => 'got_server_flush', + ); + + # Send the ssl ping! + $heap->{server}->put('ssl_ping'); + } elsif ( $line eq 'ssl_pong' ) { + ok(1, "CLIENT: recv: $line"); + + ## At this point, connection MUST be encrypted. + my $cipher = SSLify_GetCipher($heap->{server}->get_output_handle); + ok($cipher ne '(NONE)', "CLIENT: SSLify_GetCipher: $cipher"); + + $kernel->yield('shutdown'); + } else { + die "Unknown line from SERVER: $line"; + } + }, + ServerError => sub + { + # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! + # The default PoCo::Client::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( + my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; + + # TODO are there other "errors" that is harmless? + $error = "Normal disconnection" unless $error; + my $msg = "Got CLIENT $syscall error $errno: $error"; + unless ( $syscall eq 'read' and $errno == 0 ) { + fail( $msg ); + } else { + diag( $msg ) if $ENV{TEST_VERBOSE}; + } + }, +); + +$poe_kernel->run(); + +pass( 'shut down sanely' ); + +exit 0; diff --git a/t/3_renegotiate.t b/t/3_renegotiate.t deleted file mode 100644 index 6f9b020..0000000 --- a/t/3_renegotiate.t +++ /dev/null @@ -1,223 +0,0 @@ -#!/usr/bin/perl - -# Thanks to ASCENT for this test! - -# This test adds renegotiation to the connection -# Since this is not supported on all platforms, it's marked TODO and adds custom logic -# to make sure it doesn't FAIL if it's not supported. - -use strict; use warnings; - -my $numtests; -BEGIN { - $numtests = 23; - - eval "use Test::NoWarnings"; - if ( ! $@ ) { - # increment by one - $numtests++; - - } -} - -use Test::More tests => $numtests; - -use POE; -use POE::Component::Client::TCP; -use POE::Component::Server::TCP; -use POE::Component::SSLify qw/Client_SSLify Server_SSLify SSLify_Options SSLify_GetCipher SSLify_ContextCreate/; -use Net::SSLeay qw/ERROR_WANT_READ ERROR_WANT_WRITE/; -use POSIX qw/F_GETFL O_NONBLOCK/; - -# TODO rewrite this to use Test::POE::Server::TCP and stuff :) - -my $port; -my $server_ping2; -my $client_ping2; - -POE::Component::Server::TCP->new -( - Alias => 'myserver', - Address => '127.0.0.1', - Port => 0, - - Started => sub - { - use Socket qw/sockaddr_in/; - $port = (sockaddr_in($_[HEAP]->{listener}->getsockname))[0]; - }, - ClientConnected => sub - { - ok(1, 'SERVER: accepted'); - }, - ClientDisconnected => sub - { - ok(1, 'SERVER: client disconnected'); - $_[KERNEL]->post(myserver => 'shutdown'); - }, - ClientPreConnect => sub - { - eval { SSLify_Options('mylib/example.key', 'mylib/example.crt', 'sslv3') }; - eval { SSLify_Options('../mylib/example.key', '../mylib/example.crt', 'sslv3') } if ($@); - ok(!$@, "SERVER: SSLify_Options $@"); - - my $socket = eval { Server_SSLify($_[ARG0]) }; - ok(!$@, "SERVER: Server_SSLify $@"); - ok(1, 'SERVER: SSLify_GetCipher: '. SSLify_GetCipher($socket)); - - # MSWin32 doesn't have F_GETFL and friends - if ( $^O eq 'MSWin32' ) { - # We pray that IO::Handle is sane... - ok( ! $_[ARG0]->blocking, 'SERVER: SSLified socket is non-blocking?'); - } else { - my $flags = fcntl($_[ARG0], F_GETFL, 0); - ok($flags & O_NONBLOCK, 'SERVER: SSLified socket is non-blocking?'); - } - - return ($socket); - }, - ClientInput => sub - { - my ($kernel, $heap, $request) = @_[KERNEL, HEAP, ARG0]; - - ## At this point, connection MUST be encrypted. - my $cipher = SSLify_GetCipher($heap->{client}->get_output_handle); - ok($cipher ne '(NONE)', "SERVER: SSLify_GetCipher: $cipher"); - - if ($request eq 'ping') - { - ok(1, "SERVER: recv: $request"); - $heap->{client}->put("pong"); - } - elsif ($request eq 'ping2') - { - ok(1, "SERVER: recv: $request"); - $server_ping2++; - $heap->{client}->put("pong2"); - } - }, - ClientError => sub - { - # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! - # The default PoCo::Server::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( - my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; - - # TODO are there other "errors" that is harmless? - $error = "Normal disconnection" unless $error; - my $msg = "Got SERVER $syscall error $errno: $error"; - unless ( $syscall eq 'read' and $errno == 0 ) { - fail( $msg ); - } else { - diag( $msg ) if $ENV{TEST_VERBOSE}; - } - }, -); - -POE::Component::Client::TCP->new -( - Alias => 'myclient', - RemoteAddress => '127.0.0.1', - RemotePort => $port, - Connected => sub - { - ok(1, 'CLIENT: connected'); - - $_[HEAP]->{server}->put("ping"); - }, - PreConnect => sub - { - my $ctx = eval { SSLify_ContextCreate(undef, undef, 'sslv3') }; - ok(!$@, "CLIENT: SSLify_ContextCreate $@"); - my $socket = eval { Client_SSLify($_[ARG0], undef, undef, $ctx) }; - ok(!$@, "CLIENT: Client_SSLify $@"); - ok(1, 'CLIENT: SSLify_GetCipher: '. SSLify_GetCipher($socket)); - - # MSWin32 doesn't have F_GETFL and friends - if ( $^O eq 'MSWin32' ) { - # We pray that IO::Handle is sane... - ok( ! $_[ARG0]->blocking, 'CLIENT: SSLified socket is non-blocking?'); - } else { - my $flags = fcntl($_[ARG0], F_GETFL, 0); - ok($flags & O_NONBLOCK, 'CLIENT: SSLified socket is non-blocking?'); - } - - return ($socket); - }, - ServerInput => sub - { - my ($kernel, $heap, $line) = @_[KERNEL, HEAP, ARG0]; - - ## At this point, connection MUST be encrypted. - my $cipher = SSLify_GetCipher($heap->{server}->get_output_handle); - ok($cipher ne '(NONE)', "CLIENT: SSLify_GetCipher: $cipher"); - - if ($line eq 'pong') - { - ok(1, "CLIENT: recv: $line"); - - # Skip 2 Net::SSLeay::renegotiate() tests on FreeBSD because of - # http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc - TODO: { - local $TODO = "Net::SSLeay::renegotiate() does not work on all platforms"; - - ## Force SSL renegotiation - my $ssl = tied(*{$heap->{server}->get_output_handle})->{ssl}; - my $reneg_num = Net::SSLeay::num_renegotiations($ssl); - - ok(1 == Net::SSLeay::renegotiate($ssl), 'CLIENT: SSL renegotiation'); - my $handshake = Net::SSLeay::do_handshake($ssl); - my $err = Net::SSLeay::get_error($ssl, $handshake); - - ## 1 == Successful handshake, ERROR_WANT_(READ|WRITE) == non-blocking. - ok($handshake == 1 || $err == ERROR_WANT_READ || $err == ERROR_WANT_WRITE, 'CLIENT: SSL handshake'); - ok($reneg_num < Net::SSLeay::num_renegotiations($ssl), 'CLIENT: Increased number of negotiations'); - } - - $heap->{server}->put('ping2'); - } - - elsif ($line eq 'pong2') - { - ok(1, "CLIENT: recv: $line"); - $client_ping2++; - $kernel->yield('shutdown'); - } - }, - ServerError => sub - { - # Thanks to H. Merijn Brand for spotting this FAIL in 5.12.0! - # The default PoCo::Client::TCP handler will throw a warning, which causes Test::NoWarnings to FAIL :( - my ($syscall, $errno, $error) = @_[ ARG0..ARG2 ]; - - # TODO are there other "errors" that is harmless? - $error = "Normal disconnection" unless $error; - my $msg = "Got CLIENT $syscall error $errno: $error"; - unless ( $syscall eq 'read' and $errno == 0 ) { - fail( $msg ); - } else { - diag( $msg ) if $ENV{TEST_VERBOSE}; - } - }, -); - -$poe_kernel->run(); - -# Add extra pass() to make the test harness happy if renegotiate did not work -if ( ! $server_ping2 ) { - local $TODO = "Net::SSLeay::renegotiate() does not work on all platforms"; - fail( "SERVER: Failed SSL renegotiation" ); -} -if ( ! $client_ping2 ) { - local $TODO = "Net::SSLeay::renegotiate() does not work on all platforms"; - fail( "CLIENT: Failed SSL renegotiation" ); -} -if ( ! $server_ping2 or ! $client_ping2 ) { - diag( "WARNING: Your platform/SSL library does not support renegotiation of the SSL socket." ); - diag( "This test harness detected that trying to renegotiate resulted in a disconnected socket." ); - diag( "POE::Component::SSLify will work on your system, but please do not attempt a SSL renegotiate." ); - diag( "Please talk with the author to figure out if this issue can be worked around, thank you!" ); -} - -pass( 'shut down sanely' ); - -exit 0; diff --git a/t/apocalypse.t b/t/apocalypse.t deleted file mode 100644 index f9f117c..0000000 --- a/t/apocalypse.t +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/perl -use strict; use warnings; - -use Test::More; -eval "use Test::Apocalypse 0.10"; -if ( $@ ) { - plan skip_all => 'Test::Apocalypse required for validating the distribution'; -} else { - # lousy hack for kwalitee - require Test::NoWarnings; require Test::Pod; require Test::Pod::Coverage; - is_apocalypse_here(); -}