*** lib/IO/Socket/SSL.pm Thu Jul 29 15:40:57 1999 --- lib/IO/Socket/SSL_OpenSSL.pm Thu Jul 29 16:00:07 1999 *************** *** 7,13 **** # by Gisle Aas. # # ! # $Id: SSL_NetSSLeay.pm,v 1.5 1999/07/29 13:40:57 aspa Exp $. # # --- 7,13 ---- # by Gisle Aas. # # ! # $Id: SSL_OpenSSL.pm,v 1.4 1999/07/29 14:00:01 aspa Exp aspa $. # # *************** *** 39,45 **** use English; use POSIX qw(getcwd); ! use Net::SSLeay; use IO::Socket; --- 39,45 ---- use English; use POSIX qw(getcwd); ! use OpenSSL; use IO::Socket; *************** *** 47,61 **** @IO::Socket::SSL::ISA = qw(IO::Socket::INET); ! Net::SSLeay::load_error_strings(); ! Net::SSLeay::SSLeay_add_ssl_algorithms(); ! Net::SSLeay::randomize(); $IO::Socket::SSL::SSL_Context_obj = 0; $IO::Socket::SSL::DEBUG = 0; if($IO::Socket::SSL::DEBUG) { ! print STDERR "\nusing **SSL_NetSSLeay.pm: v$IO::Socket::SSL::VERSION\n"; } # --- 47,60 ---- @IO::Socket::SSL::ISA = qw(IO::Socket::INET); ! OpenSSL::SSL_load_error_strings(); ! OpenSSL::SSLeay_add_ssl_algorithms(); $IO::Socket::SSL::SSL_Context_obj = 0; $IO::Socket::SSL::DEBUG = 0; if($IO::Socket::SSL::DEBUG) { ! print STDERR "\nusing **SSL_OpenSSL.pm: v$IO::Socket::SSL::VERSION\n"; } # *************** *** 69,76 **** my $DEFAULT_CA_PATH = getcwd() . "/certs"; my $DEFAULT_IS_SERVER = 0; my $DEFAULT_USE_CERT = 0; ! # &Net::SSLeay::VERIFY_NONE, &Net::SSLeay::VERIFY_PEER(); ! my $DEFAULT_VERIFY_MODE = &Net::SSLeay::VERIFY_PEER(); my $DEFAULT_CIPHER_LIST = "ALL:!LOW:!EXP"; --- 68,75 ---- my $DEFAULT_CA_PATH = getcwd() . "/certs"; my $DEFAULT_IS_SERVER = 0; my $DEFAULT_USE_CERT = 0; ! # $OpenSSL::SSL_VERIFY_NONE, $OpenSSL::SSL_VERIFY_PEER; ! my $DEFAULT_VERIFY_MODE = $OpenSSL::SSL_VERIFY_PEER; my $DEFAULT_CIPHER_LIST = "ALL:!LOW:!EXP"; *************** *** 192,198 **** ${*$s}{'_SSL_SSL_obj'} = $ssl_obj; my $ssl = $ssl_obj->get_ssl_handle; ! if ( ($r = Net::SSLeay::connect($ssl)) <= 0 ) { # ssl/s23_clnt.c my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_connect: '$err_str'."); } --- 191,197 ---- ${*$s}{'_SSL_SSL_obj'} = $ssl_obj; my $ssl = $ssl_obj->get_ssl_handle; ! if ( ($r = OpenSSL::SSL_connect($ssl)) <= 0 ) { # ssl/s23_clnt.c my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_connect: '$err_str'."); } *************** *** 221,227 **** ${*$ns}{'_SSL_SSL_obj'} = $ssl_obj; my $ssl = $ssl_obj->get_ssl_handle; ! if( ($r = Net::SSLeay::accept($ssl)) <= 0 ) { # ssl/s23_srvr.c my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_accept: '$err_str'."); } --- 220,226 ---- ${*$ns}{'_SSL_SSL_obj'} = $ssl_obj; my $ssl = $ssl_obj->get_ssl_handle; ! if( ($r = OpenSSL::SSL_accept($ssl)) <= 0 ) { # ssl/s23_srvr.c my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_accept: '$err_str'."); } *************** *** 269,275 **** # see Net_SSLeay-1.03/SSLeay.xs, # openssl-0.9.1c/ssl/ssl_lib.c and bio_ssl.c. ! if( ($res = Net::SSLeay::write($ssl, $$wbufref)) < 0 ) { my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_write: '$err_str'."); } --- 268,274 ---- # see Net_SSLeay-1.03/SSLeay.xs, # openssl-0.9.1c/ssl/ssl_lib.c and bio_ssl.c. ! if( ($res = OpenSSL::SSL_write($ssl,$$wbufref,length($$wbufref))) < 0 ) { my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_write: '$err_str'."); } *************** *** 289,306 **** my $max_len = $_[2]; my $offset = $_[3] || 0; ! my $int_buf; my $ssl_obj = ${*$self}{'_SSL_SSL_obj'}; my $ssl = $ssl_obj->get_ssl_handle; # see Net_SSLeay-1.03/SSLeay.xs, # openssl-0.9.1c/ssl/ssl_lib.c and bio_ssl.c. ! if( ! defined ($int_buf = Net::SSLeay::read($ssl, $max_len)) ) { my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_read: '$err_str'."); } - my $read_len = length($int_buf); # EOF handling: we've had an EOF if Net::SSLeay::read() returns 0. if( $read_len == 0 ) { --- 288,305 ---- my $max_len = $_[2]; my $offset = $_[3] || 0; ! my ($int_buf, $read_len); my $ssl_obj = ${*$self}{'_SSL_SSL_obj'}; my $ssl = $ssl_obj->get_ssl_handle; # see Net_SSLeay-1.03/SSLeay.xs, # openssl-0.9.1c/ssl/ssl_lib.c and bio_ssl.c. ! ($read_len, $int_buf) = OpenSSL::SSL_read_W($ssl, $max_len); ! if( ! defined($int_buf) ) { my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("SSL_read: '$err_str'."); } # EOF handling: we've had an EOF if Net::SSLeay::read() returns 0. if( $read_len == 0 ) { *************** *** 383,389 **** my $ctx = $ctx_obj->get_context_handle; # Net::SSLeay does not implement this function, yet. ! #my $mode = &Net::SSLeay::CTX_get_verify_mode($ctx); #return $mode; return undef; } --- 382,388 ---- my $ctx = $ctx_obj->get_context_handle; # Net::SSLeay does not implement this function, yet. ! #my $mode = OpenSSL::SSL_CTX_get_verify_mode($ctx); #return $mode; return undef; } *************** *** 396,402 **** my $ssl_obj = ${*$self}{'_SSL_SSL_obj'}; my $ssl = $ssl_obj->get_ssl_handle; ! my $cipher_str = Net::SSLeay::get_cipher($ssl); return $cipher_str; } --- 395,402 ---- my $ssl_obj = ${*$self}{'_SSL_SSL_obj'}; my $ssl = $ssl_obj->get_ssl_handle; ! my $cipher = OpenSSL::SSL_get_current_cipher($ssl); ! my $cipher_str = OpenSSL::SSL_CIPHER_get_name($cipher); return $cipher_str; } *************** *** 412,418 **** my ($cert, $cert_obj); ! if(!($cert = Net::SSLeay::get_peer_certificate($ssl))) { my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("get_peer_certificate: '$err_str'."); } --- 412,418 ---- my ($cert, $cert_obj); ! if(!($cert = OpenSSL::SSL_get_peer_certificate($ssl))) { my $err_str = $self->_get_SSL_err_str(); return $self->_myerror("get_peer_certificate: '$err_str'."); } *************** *** 488,495 **** } sub _get_SSL_err_str { ! my $err = Net::SSLeay::ERR_get_error(); ! my $err_str = Net::SSLeay::ERR_error_string($err); return $err_str; } --- 488,495 ---- } sub _get_SSL_err_str { ! my $err = OpenSSL::ERR_get_error(); ! my $err_str = OpenSSL::ERR_error_string($err, undef); return $err_str; } *************** *** 529,548 **** # create a new SSL structure and attach it to the context. ! if (!($ssl = Net::SSLeay::new($ctx)) ) { my $err_str =IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("SSL_new: '$err_str'."); } # set per connection options. if (defined $verify_mode) { ! &Net::SSLeay::set_verify($ssl, $verify_mode, 0); } # see: bin/openssl ciphers -v, # http://www.modssl.org/docs/2.3/ssl_reference.html#ToC9 ! &Net::SSLeay::set_cipher_list($ssl, $cipher_list); ! if( ! ($r = Net::SSLeay::set_fd($ssl, $s->fileno)) ) { my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("set_fd: '$err_str'."); } --- 529,548 ---- # create a new SSL structure and attach it to the context. ! if (!($ssl = OpenSSL::SSL_new($ctx)) ) { my $err_str =IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("SSL_new: '$err_str'."); } # set per connection options. if (defined $verify_mode) { ! OpenSSL::SSL_set_verify($ssl, $verify_mode, undef); } # see: bin/openssl ciphers -v, # http://www.modssl.org/docs/2.3/ssl_reference.html#ToC9 ! OpenSSL::SSL_set_cipher_list($ssl, $cipher_list); ! if( ! ($r = OpenSSL::SSL_set_fd($ssl, $s->fileno)) ) { my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("set_fd: '$err_str'."); } *************** *** 571,577 **** if($ssl) { # should release all SSL-struct related resources. ! Net::SSLeay::free($ssl); $self->{'_SSL_ssl_handle'} = undef; } } --- 571,577 ---- if($ssl) { # should release all SSL-struct related resources. ! OpenSSL::SSL_free($ssl); $self->{'_SSL_ssl_handle'} = undef; } } *************** *** 624,642 **** # create SSL context; ! if(! ($ctx = Net::SSLeay::CTX_new()) ) { ! my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_new(): '$err_str'."); } # set options for the context. ! $r = Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL() ); # set SSL certificate load paths. ! if(!($r = Net::SSLeay::CTX_load_verify_locations($ctx, $ca_file, $ca_path))) { ! my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_load_verify_locations: " . "'$err_str'."); } --- 624,642 ---- # create SSL context; ! if(! ($ctx = OpenSSL::SSL_CTX_new(OpenSSL::SSLv23_method())) ) { ! my $err_str = $self->_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_new(): '$err_str'."); } # set options for the context. ! $r = OpenSSL::SSL_CTX_set_options_W($ctx, $OpenSSL::SSL_OP_ALL ); # set SSL certificate load paths. ! if(!($r = OpenSSL::SSL_CTX_load_verify_locations($ctx, $ca_file, $ca_path))) { ! my $err_str = $self->_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_load_verify_locations: " . "'$err_str'."); } *************** *** 649,669 **** # load certificate and private key. if( $is_server || $use_cert ) { ! if(!($r=Net::SSLeay::CTX_use_RSAPrivateKey_file($ctx, ! $key_file, &Net::SSLeay::FILETYPE_PEM() ))) { ! my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_use_RSAPrivateKey_file:" . " '$err_str'."); } ! if(!($r=Net::SSLeay::CTX_use_certificate_file($ctx, ! $cert_file, &Net::SSLeay::FILETYPE_PEM() ))) { ! my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_use_certificate_file:" . " '$err_str'."); } } ! $r = Net::SSLeay::CTX_set_verify($ctx, $verify_mode, 0); $self->{'_SSL_context'} = $ctx; --- 649,669 ---- # load certificate and private key. if( $is_server || $use_cert ) { ! if(!($r=OpenSSL::SSL_CTX_use_RSAPrivateKey_file($ctx, ! $key_file, $OpenSSL::SSL_FILETYPE_PEM ))) { ! my $err_str = $self->_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_use_RSAPrivateKey_file:" . " '$err_str'."); } ! if(!($r=OpenSSL::SSL_CTX_use_certificate_file($ctx, ! $cert_file, $OpenSSL::SSL_FILETYPE_PEM ))) { ! my $err_str = $self->_get_SSL_err_str(); return IO::Socket::SSL::_myerror("CTX_use_certificate_file:" . " '$err_str'."); } } ! $r = OpenSSL::SSL_CTX_set_verify($ctx, $verify_mode, undef); $self->{'_SSL_context'} = $ctx; *************** *** 686,692 **** # this is an example of a potential race condition. if ($ctx && !$self->{'_CTX_freed'}) { # should release all SSL_CTX-struct related resources. ! Net::SSLeay::CTX_free($ctx); $self->{'_CTX_freed'} = 1; } --- 686,692 ---- # this is an example of a potential race condition. if ($ctx && !$self->{'_CTX_freed'}) { # should release all SSL_CTX-struct related resources. ! OpenSSL::SSL_CTX_free($ctx); $self->{'_CTX_freed'} = 1; } *************** *** 725,737 **** my ($name, $str_name); ! if(!($name = Net::SSLeay::X509_get_subject_name($cert))) { ! my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("X509_get_subject_name: " . "'$err_str'."); } ! $str_name = Net::SSLeay::X509_NAME_oneline($name); return "$str_name"; } --- 725,737 ---- my ($name, $str_name); ! if(!($name = OpenSSL::X509_get_subject_name($cert))) { ! my $err_str = $self->_get_SSL_err_str(); return IO::Socket::SSL::_myerror("X509_get_subject_name: " . "'$err_str'."); } ! $str_name = OpenSSL::X509_NAME_oneline_W($name); return "$str_name"; } *************** *** 742,754 **** my ($name, $str_name); ! if(!($name = Net::SSLeay::X509_get_issuer_name($cert))) { ! my $err_str = IO::Socket::SSL::_get_SSL_err_str(); return IO::Socket::SSL::_myerror("X509_get_issuer_name:" . " '$err_str'."); } ! $str_name = Net::SSLeay::X509_NAME_oneline($name); return "$str_name"; } --- 742,754 ---- my ($name, $str_name); ! if(!($name = OpenSSL::X509_get_issuer_name($cert))) { ! my $err_str = $self->_get_SSL_err_str(); return IO::Socket::SSL::_myerror("X509_get_issuer_name:" . " '$err_str'."); } ! $str_name = OpenSSL::X509_NAME_oneline_W($name); return "$str_name"; } *************** *** 759,765 **** my $cert = $self->{'_cert_handle'}; # here we should free resources held by the the certificate. ! X509_free($cert); } --- 759,765 ---- my $cert = $self->{'_cert_handle'}; # here we should free resources held by the the certificate. ! OpenSSL::X509_free($cert); }