Codebase list libpoe-component-sslify-perl / 8dfc5ac
add IGNORE_SSL_ERRORS, thanks MNUNBERG Apocalypse 11 years ago
2 changed file(s) with 24 addition(s) and 10 deletion(s). Raw diff Collapse all Expand all
55 use Net::SSLeay 1.36 qw( die_now die_if_ssl_error );
66
77 # We inherit from ServerHandle
8 use vars qw( @ISA );
98 require POE::Component::SSLify::ServerHandle;
10 @ISA = qw( POE::Component::SSLify::ServerHandle );
9 our @ISA = qw( POE::Component::SSLify::ServerHandle );
1110
1211 # Override TIEHANDLE because we create a CTX
1312 sub TIEHANDLE {
2828
2929 # Do the exporting magic...
3030 require Exporter;
31 use vars qw( @ISA @EXPORT_OK );
32 @ISA = qw( Exporter );
33 @EXPORT_OK = qw( Client_SSLify Server_SSLify SSLify_Options SSLify_GetCTX SSLify_GetCipher SSLify_GetSocket SSLify_GetSSL SSLify_ContextCreate );
31 our @ISA = qw( Exporter );
32 our @EXPORT_OK = qw( Client_SSLify Server_SSLify SSLify_Options SSLify_GetCTX SSLify_GetCipher SSLify_GetSocket SSLify_GetSSL SSLify_ContextCreate );
3433
3534 # Bring in some socket-related stuff
3635 use Symbol qw( gensym );
4140
4241 # The server-side CTX stuff
4342 my $ctx = undef;
43
44 # global so users of this module can override it locally
45 our $IGNORE_SSL_ERRORS = 0;
4446
4547 =func Client_SSLify
4648
242244
243245 # do we need to set options?
244246 if ( defined $options ) {
245 Net::SSLeay::CTX_set_options( $context, $options ) and die_if_ssl_error( 'ssl ctx set options' );
247 Net::SSLeay::CTX_set_options( $context, $options );
248 die_if_ssl_error( 'ssl ctx set options' ) if ! $IGNORE_SSL_ERRORS;
246249 }
247250
248251 # do we need to set key/etc?
249252 if ( defined $key ) {
250253 # Following will ask password unless private key is not encrypted
251254 Net::SSLeay::CTX_use_RSAPrivateKey_file( $context, $key, &Net::SSLeay::FILETYPE_PEM );
252 die_if_ssl_error( 'private key' );
255 die_if_ssl_error( 'private key' ) if ! $IGNORE_SSL_ERRORS;
253256 }
254257
255258 # Set the cert file
256259 if ( defined $cert ) {
257260 Net::SSLeay::CTX_use_certificate_file( $context, $cert, &Net::SSLeay::FILETYPE_PEM );
258 die_if_ssl_error( 'certificate' );
261 die_if_ssl_error( 'certificate' ) if ! $IGNORE_SSL_ERRORS;
259262 }
260263
261264 # All done!
403406 =head2 Socket methods doesn't work
404407
405408 The new socket this module gives you actually is some tied socket magic, so you cannot do stuff like
406 getpeername() or getsockname(). The only way to do it is to use SSLify_GetSocket and then operate on
409 getpeername() or getsockname(). The only way to do it is to use L</SSLify_GetSocket> and then operate on
407410 the socket it returns.
408411
409412 =head2 Dying everywhere...
426429 }
427430 }
428431
432 =head3 $IGNORE_SSL_ERRORS
433
434 As of SSLify v1.003 you can override this variable to temporarily ignore some SSL errors. This is useful if you are doing crazy things
435 with the underlying Net::SSLeay stuff and don't want to die. However, it won't ignore all errors as some is still considered fatal.
436 Here's an example:
437
438 {
439 local $POE::Component::SSLify::IGNORE_SSL_ERRORS=1;
440 my $ctx = SSLify_CreateContext(...);
441 #Some more stuff
442 }
443
429444 =head2 OpenSSL functions
430445
431446 Theoretically you can do anything that Net::SSLeay exports from the OpenSSL libs on the socket. However, I have not tested every
437452 L<http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc> which explains it in detail. The test will skip this function
438453 if it detects that you're on a broken system. However, if you have the updated OpenSSL library that fixes this you can use it.
439454
440 =head3 In-Situ sslification
455 =head2 In-Situ sslification
441456
442457 You can have a normal plaintext socket, and convert it to SSL anytime. Just keep in mind that the client and the server must agree to sslify
443458 at the same time, or they will be waiting on each other forever! See C<t/3_insitu.t> for an example of how this works.