<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;"># -*- perl -*-
#
#  Net::Server::Proto::SSL - Net::Server Protocol module
#
#  $Id: SSL.pm,v 1.11 2007/02/03 05:56:34 rhandom Exp $
#
#  Copyright (C) 2001-2007
#
#    Paul Seamons
#    paul@seamons.com
#    http://seamons.com/
#
#  This package may be distributed under the terms of either the
#  GNU General Public License
#    or the
#  Perl Artistic License
#
#  All rights reserved.
#
################################################################

package Net::Server::Proto::SSL;

use strict;
use vars qw($VERSION $AUTOLOAD @ISA);
use Net::Server::Proto::TCP ();
eval { require IO::Socket::SSL; };
$@ &amp;&amp; warn "Module IO::Socket::SSL is required for SSL.";

$VERSION = $Net::Server::VERSION; # done until separated
@ISA = qw(IO::Socket::SSL);


sub object {
  my $type  = shift;
  my $class = ref($type) || $type || __PACKAGE__;

  my ($default_host,$port,$server) = @_;
  my $prop = $server-&gt;{server};
  my $host;

  ### allow for things like "domain.com:80"
  if( $port =~ m/^([\w\.\-\*\/]+):(\w+)$/ ){
    ($host,$port) = ($1,$2);

  ### allow for things like "80"
  }elsif( $port =~ /^(\w+)$/ ){
    ($host,$port) = ($default_host,$1);

  ### don't know that style of port
  }else{
    $server-&gt;fatal("Undeterminate port \"$port\" under ".__PACKAGE__);
  }

  ### read any additional protocol specific arguments
  $server-&gt;configure({
    SSL_server      =&gt; \$prop-&gt;{SSL_server},
    SSL_use_cert    =&gt; \$prop-&gt;{SSL_use_cert},
    SSL_verify_mode =&gt; \$prop-&gt;{SSL_verify_mode},
    SSL_key_file    =&gt; \$prop-&gt;{SSL_key_file},
    SSL_cert_file   =&gt; \$prop-&gt;{SSL_cert_file},
    SSL_ca_path     =&gt; \$prop-&gt;{SSL_ca_path},
    SSL_ca_file     =&gt; \$prop-&gt;{SSL_ca_file},
    SSL_cipher_list =&gt; \$prop-&gt;{SSL_cipher_list},
    SSL_passwd_cb   =&gt; \$prop-&gt;{SSL_passwd_cb},
  });

  ### create the handle under this package
  my $sock = $class-&gt;SUPER::new();

  ### store some properties
  $sock-&gt;NS_host($host);
  $sock-&gt;NS_port($port);
  $sock-&gt;NS_proto('SSL');

  return $sock;
}

sub log_connect {
  my $sock = shift;
  my $server = shift;
  my $host   = $sock-&gt;NS_host;
  my $port   = $sock-&gt;NS_port;
  my $proto  = $sock-&gt;NS_proto;
 $server-&gt;log(2,"Binding to $proto port $port on host $host\n");
}

### connect the first time
sub connect {
  my $sock   = shift;
  my $server = shift;
  my $prop   = $server-&gt;{server};

  my $host  = $sock-&gt;NS_host;
  my $port  = $sock-&gt;NS_port;

  my %args = ();
  $args{LocalPort} = $port;                  # what port to bind on
  $args{Proto}     = 'tcp';                  # what procol to use
  $args{LocalAddr} = $host if $host !~ /\*/; # what local address (* is all)
  $args{Listen}    = $prop-&gt;{listen};        # how many connections for kernel to queue
  $args{Reuse}     = 1;  # allow us to rebind the port on a restart

  ### add in any ssl specific properties
  foreach ( keys %$prop ){
    next unless /^SSL_/;
    $args{$_} = $prop-&gt;{$_};
  }

  ### connect to the sock
  $sock-&gt;SUPER::configure(\%args)
    or $server-&gt;fatal("Can't connect to SSL port $port on $host [$!]");

  $server-&gt;fatal("Back sock [$!]!".caller())
    unless $sock;

}

### connect on a sig -HUP
sub reconnect {
  my $sock = shift;
  my $fd   = shift;
  my $server = shift;

  $sock-&gt;fdopen( $fd, 'w' )
    or $server-&gt;fatal("Error opening to file descriptor ($fd) [$!]");

}

### allow for endowing the child
sub accept {
  my $sock = shift;
  my $client = $sock-&gt;SUPER::accept();

  ### pass items on
  if( defined($client) ){
    bless $client, ref($sock);
    $client-&gt;NS_proto( $sock-&gt;NS_proto );
  }

  return $client;
}

### a string containing any information necessary for restarting the server
### via a -HUP signal
### a newline is not allowed
### the hup_string must be a unique identifier based on configuration info
sub hup_string {
  my $sock = shift;
  return join("|",
              $sock-&gt;NS_host,
              $sock-&gt;NS_port,
              $sock-&gt;NS_proto,
              );
}

### short routine to show what we think we are
sub show {
  my $sock = shift;
  my $t = "Ref = \"" .ref($sock) . "\"\n";
  foreach my $prop ( qw(NS_proto NS_port NS_host) ){
    $t .= "  $prop = \"" .$sock-&gt;$prop()."\"\n";
  }
  return $t;
}

### self installer
sub AUTOLOAD {
  my $sock = shift;

  my ($prop) = $AUTOLOAD =~ /::([^:]+)$/ ? $1 : '';
  if( ! $prop ){
    die "No property called.";
  }

  if( $prop =~ /^(NS_proto|NS_port|NS_host)$/ ){
    no strict 'refs';
    * { __PACKAGE__ ."::". $prop } = sub {
      my $sock = shift;
      if( @_ ){
        ${*$sock}{$prop} = shift;
        return delete ${*$sock}{$prop} unless defined ${*$sock}{$prop};
      }else{
        return ${*$sock}{$prop};
      }
    };
    use strict 'refs';

    $sock-&gt;$prop(@_);

  }else{
    die "What method is that? [$prop]";
  }
}

1;

=head1 NAME

  Net::Server::Proto::SSL - Net::Server SSL protocol.

=head1 SYNOPSIS

See L&lt;Net::Server::Proto&gt;.

=head1 DESCRIPTION

Experimental.  If anybody has any successes or ideas for
improvment under SSL, please email &lt;paul@seamons.com&gt;.

Protocol module for Net::Server.  This module implements a
secure socket layer over tcp (also known as SSL).
See L&lt;Net::Server::Proto&gt;.

There is a limit inherent from using IO::Socket::SSL,
namely that only one SSL connection can be maintained by
Net::Server.  However, Net::Server should also be able to
maintain any number of TCP, UDP, or UNIX connections in
addition to the one SSL connection.

Additionally, getline support is very limited and writing
directly to STDOUT will not work.  This is entirely dependent
upon the implementation of IO::Socket::SSL.  getline may work
but the client is not copied to STDOUT under SSL.  It is suggested
that clients sysread and syswrite to the client handle
(located in $self-&gt;{server}-&gt;{client} or passed to the process_request
subroutine as the first argument).

=head1 PARAMETERS

In addition to the normal Net::Server parameters, any of the
SSL parameters from IO::Socket::SSL may also be specified.
See L&lt;IO::Socket::SSL&gt; for information on setting this up.

=head1 BUGS

Christopher A Bongaarts pointed out that if the SSL negotiation is slow then
the server won't be accepting for that period of time (because the locking
of accept is around both the socket accept and the SSL negotiation).  This
means that as it stands now the SSL implementation is susceptible to DOS attacks.
To fix this will require deviding up the accept call a little bit more finely
which may not yet be possible with IO::Socket::SSL.  Any ideas or patches on this
bug are welcome.

=head1 LICENCE

Distributed under the same terms as Net::Server

=head1 THANKS

Thanks to Vadim for pointing out the IO::Socket::SSL accept
was returning objects blessed into the wrong class.

=cut
</pre></body></html>