IO-Async-SSL-0.25000755001750001750 014467177317 12223 5ustar00leoleo000000000000IO-Async-SSL-0.25/.editorconfig000444001750001750 5314467177317 14773 0ustar00leoleo000000000000root = true [*.{pm,pl,t}] indent_size = 3 IO-Async-SSL-0.25/Build.PL000444001750001750 142014467177317 13651 0ustar00leoleo000000000000use v5; use strict; use warnings; use Module::Build; my $build = Module::Build->new( module_name => 'IO::Async::SSL', requires => { 'perl' => '5.014', 'Future' => '0.33', 'IO::Async::Loop' => '0.66', # Listener bugfixes, on_accept_error semantics 'IO::Async::Handle' => '0.29', 'IO::Async::Protocol::Stream' => 0, 'IO::Async::Stream' => '0.59', 'IO::Socket::SSL' => '2.003', }, test_requires => { 'IO::Async::OS' => 0, 'IO::Async::Test' => '0.68', 'Test::Identity' => 0, 'Test::More' => '0.88', # done_testing }, configure_requires => { 'Module::Build' => '0.4004', # test_requires }, license => 'perl', create_license => 1, create_readme => 1, ); $build->create_build_script; IO-Async-SSL-0.25/Changes000444001750001750 1157614467177317 13705 0ustar00leoleo000000000000Revision history for IO-Async-SSL 0.25 2023-08-16 [BUGFIXES] * Make sure to `use Module VERSION` without quotes to avoid upsetting perl 5.39.1's complaints about undefined import method with arguments 0.24 2022-12-20 [BUGFIXES] * Updated for new error message format of Net::SSLeay (RT142553, RT142915) * Spelling fix 'querying' (RT142917) 0.23 2022-05-23 [BUGFIXES] * Force IPv4 in openssl s_client * Declare dependency on Test::Identity * Pick port dynamically in t/20stream.t 0.22 2018-06-06 12:01:54 [BUGFIXES] * Increase IO::Socket::SSL version dependency to 2.003 due to important bugfixes (RT#125220) 0.21 2017-11-01 11:46:00 [BUGFIXES] * Detect early failures of IO::Socket::SSL->SSL_start such as bad arguments 0.20 2017/07/11 12:49:13 [BUGFIXES] * Minor fixes to openssl-running unit tests * Provide a dhparam.pem override file for testing with socat, as some versions object to the default one (thanks ilmari) * Rebuild SSL certs to 2048 bits 0.19 2015/10/15 16:44:06 [BUGFIXES] * Catch ->start_SSL throwing errors, rather than expecting it to return undef * Swallow SSL errors if 'on_ssl_error' handles them 0.18 2015/06/29 23:52:36 [BUGFIXES] * Apply utf8::downgrade() inplace to strings before we ->syswrite them, ensuring that IO::Socket::SSL doesn't double-encode UTF-8 (related to RT98372). 0.17 2015/05/29 19:52:02 [BUGFIXES] * Tell openssl s_server to be -quiet so its verbose junk doesn't upset the test script (RT104757) * No need to even unpack $buf from @_ in sslwrite when it's not passed to the underlying _syswrite (RT103774) 0.16 2015/04/17 20:52:35 [BUGFIXES] * Declare required version of IO::Socket::SSL to get default_ca() * Explicitly set $! to EINVAL when unit-test mocking methods fail * Declare requirement on IO::Async 0.66 for various bugfixes 0.15 2015/04/04 14:52:23 [CHANGES] * Use IO::Async::Stream reader/writer functions instead of SSLStream subclass * Use hints provided by IO::Socket::SSL::default_ca (RT96474) [BUGFIXES] * Remember about EWOULDBLOCK on MSWin32 * Handle EAGAIN from acceptor (RT102403) * Don't invoke on_ssl_error handler for cleartext acceptor failures (RT102405) 0.14 2014/03/27 11:24:08 [BUGFIXES] * Avoid relying on strong forward references in Future, by creating intentional cycles on pending Futures. Workaround for bugfix in upcoming Future release. 0.13 2013/10/03 19:49:20 [BUGFIXES] * Support new IO::Async::Loop 0.61 listen API * Listen via futures 0.12 2013/09/10 01:17:16 [BUGFIXES] * Ensure that ->connect with a 'handle' works, by deferring setting the socket on the given stream until it has been SSL_upgrade'd. 0.11 2013/09/09 13:32:49 [CHANGES] * Perform SSL_upgrade and SSL_connect primarily on futures * Allow SSL_connect on an existing Stream object, by using reader/writer functions of IaStream 0.59 [BUGFIXES] * No point waiting on writeready when syswrite already said it wants readready * Fix "on_accept" typo in docs (RT86867) 0.10 BUGFIXES: * Allocate port numbers for external binary tests dynamically so that concurrent unit tests can proceed (RT85301) * Added a unit test that tests listening for openssl s_client 0.09 BUGFIXES: * Use IO::Async::OS->socketpair instead of $loop->socketpair (thanks Tom Molesworth) (RT84638) 0.08 CHANGES: * Prefer the /etc/ssl/certs directory if it exists, for SSL_ca_path. 0.07 CHANGES: * Updated for IO::Async 0.54 - use Futures instead of IaMergePoint * Attempt to use Mozilla::CA to set SSL_verify_mode and SSL_ca_file 0.06 BUGFIXES: * Make sure to pass 'socktype' hint to ->connect or ->listen during testing 0.05 BUGFIXES: * Ensure clean shutdown on SSL upgrade failure * Explicitly set family => "inet" in tests against socat 0.04 CHANGES: * New SSL_upgrade method on Loop and Protocol::Stream * Support on_stream continuation for SSL_connect and SSL_listen 0.03 BUGFIXES: * Don't is() test directly on socket addresses; unpack them and use is_deeply() * Supply a hostname to $loop->listen() 0.02 CHANGES: * Added Test::Pod testing * Make sure tests don't fail on machines without socat or openssl 0.01 First version, released on an unsuspecting world. IO-Async-SSL-0.25/LICENSE000444001750001750 4375514467177317 13423 0ustar00leoleo000000000000This software is copyright (c) 2023 by Paul Evans . This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2023 by Paul Evans . This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2023 by Paul Evans . This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End IO-Async-SSL-0.25/MANIFEST000444001750001750 64514467177317 13476 0ustar00leoleo000000000000.editorconfig Build.PL Changes examples/delayed_sclient.pl examples/sclient.pl lib/IO/Async/SSL.pm lib/IO/Async/SSLStream.pm LICENSE MANIFEST This list of files META.json META.yml README t/00use.t t/01upgrade.t t/02protocol-upgrade.t t/03cross.t t/04readwrite.t t/05utf8.t t/10connect-openssl.t t/10connect-socat.t t/11listen-openssl.t t/11listen-socat.t t/20stream.t t/99pod.t t/dhparam.pem t/privkey.pem t/server.pem IO-Async-SSL-0.25/META.json000444001750001750 272414467177317 14006 0ustar00leoleo000000000000{ "abstract" : "use SSL/TLS with L", "author" : [ "Paul Evans " ], "dynamic_config" : 1, "generated_by" : "Module::Build version 0.4234", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "IO-Async-SSL", "prereqs" : { "configure" : { "requires" : { "Module::Build" : "0.4004" } }, "runtime" : { "requires" : { "Future" : "0.33", "IO::Async::Handle" : "0.29", "IO::Async::Loop" : "0.66", "IO::Async::Protocol::Stream" : "0", "IO::Async::Stream" : "0.59", "IO::Socket::SSL" : "2.003", "perl" : "5.014" } }, "test" : { "requires" : { "IO::Async::OS" : "0", "IO::Async::Test" : "0.68", "Test::Identity" : "0", "Test::More" : "0.88" } } }, "provides" : { "IO::Async::SSL" : { "file" : "lib/IO/Async/SSL.pm", "version" : "0.25" }, "IO::Async::SSLStream" : { "file" : "lib/IO/Async/SSLStream.pm", "version" : "0.25" } }, "release_status" : "stable", "resources" : { "license" : [ "http://dev.perl.org/licenses/" ] }, "version" : "0.25", "x_serialization_backend" : "JSON::PP version 4.07" } IO-Async-SSL-0.25/META.yml000444001750001750 166214467177317 13636 0ustar00leoleo000000000000--- abstract: 'use SSL/TLS with L' author: - 'Paul Evans ' build_requires: IO::Async::OS: '0' IO::Async::Test: '0.68' Test::Identity: '0' Test::More: '0.88' configure_requires: Module::Build: '0.4004' dynamic_config: 1 generated_by: 'Module::Build version 0.4234, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: IO-Async-SSL provides: IO::Async::SSL: file: lib/IO/Async/SSL.pm version: '0.25' IO::Async::SSLStream: file: lib/IO/Async/SSLStream.pm version: '0.25' requires: Future: '0.33' IO::Async::Handle: '0.29' IO::Async::Loop: '0.66' IO::Async::Protocol::Stream: '0' IO::Async::Stream: '0.59' IO::Socket::SSL: '2.003' perl: '5.014' resources: license: http://dev.perl.org/licenses/ version: '0.25' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' IO-Async-SSL-0.25/README000444001750001750 1447414467177317 13272 0ustar00leoleo000000000000NAME IO::Async::SSL - use SSL/TLS with IO::Async SYNOPSIS use IO::Async::Loop; use IO::Async::SSL; my $loop = IO::Async::Loop->new(); $loop->SSL_connect( host => "www.example.com", service => "https", on_stream => sub { my ( $stream ) = @_; $stream->configure( on_read => sub { ... }, ); $loop->add( $stream ); ... }, on_resolve_error => sub { print STDERR "Cannot resolve - $_[0]\n"; }, on_connect_error => sub { print STDERR "Cannot connect\n"; }, on_ssl_error => sub { print STDERR "Cannot negotiate SSL - $_[-1]\n"; }, ); DESCRIPTION This module extends existing IO::Async classes with extra methods to allow the use of SSL or TLS-based connections using IO::Socket::SSL. It does not directly provide any methods or functions of its own. Primarily, it provides SSL_connect and SSL_listen, which yield IO::Socket::SSL-upgraded socket handles or IO::Async::Stream instances, and two forms of SSL_upgrade to upgrade an existing TCP connection to use SSL. As an additional convenience, if the SSL_verify_mode and SSL_ca_* options are omitted, the module will attempt to provide them by querying the result of IO::Socket::SSL's default_ca function. Otherwise, the module will print a warning and set SSL_VERIFY_NONE instead. LOOP METHODS The following extra methods are added to IO::Async::Loop. SSL_upgrade ( $stream or $socket ) = $loop->SSL_upgrade( %params )->get; This method upgrades a given stream filehandle into an SSL-wrapped stream, returning a future which will yield the given stream object or socket. Takes the following parameters: handle => IO::Async::Stream | IO The IO::Async::Stream object containing the IO handle of an already-established connection to act as the transport for SSL; or the plain IO socket handle itself. If an IO::Async::Stream is passed it will have the reader and writer functions set on it suitable for SSL use, and will be returned as the result from the future. If a plain socket handle is passed, that will be returned from the future instead. SSL_server => BOOL If true, indicates this is the server side of the connection. In addition, any parameter whose name starts SSL_ will be passed to the IO::Socket::SSL constructor. The following legacy callback arguments are also supported, in case the returned future is not used: on_upgraded => CODE A continuation that is invoked when the socket has been successfully upgraded to SSL. It will be passed an instance of an IO::Socket::SSL, which will have appropriate SSL-compatible reader/writer functions attached. $on_upgraded->( $sslsocket ) on_error => CODE A continuation that is invoked if IO::Socket::SSL detects an error while negotiating the upgrade. $on_error->( $! ) SSL_connect $stream = $loop->SSL_connect( %params )->get; This method performs a non-blocking connection to a given address or set of addresses, upgrades the socket to SSL, then yields a IO::Async::Stream object when the SSL handshake is complete. It takes all the same arguments as IO::Async::Loop::connect(). Any argument whose name starts SSL_ will be passed on to the IO::Socket::SSL constructor rather than the Loop's connect method. It is not required to pass the socktype option, as SSL implies this will be stream. This method can also upgrade an existing IO::Async::Stream or subclass instance given as the handle argument, by setting the reader and writer functions. SSL_connect (void) $loop->SSL_connect( %params, on_connected => sub { ... }, on_stream => sub { ... }, ); When not returning a future, this method also supports the on_connected and on_stream continuations. In addition, the following arguments are then required: on_ssl_error => CODE A continuation that is invoked if IO::Socket::SSL detects an SSL-based error once the actual stream socket is connected. If the on_connected continuation is used, the socket handle it yields will be a IO::Socket::SSL, which must be wrapped in IO::Async::SSLStream to be used by IO::Async. The on_stream continuation will already yield such an instance. SSL_listen $loop->SSL_listen( %params )->get; This method sets up a listening socket using the addresses given, and will invoke the callback each time a new connection is accepted on the socket and the SSL handshake has been completed. This can be either the on_accept or on_stream continuation; on_socket is not supported. It takes all the same arguments as IO::Async::Loop::listen(). Any argument whose name starts SSL_ will be passed on to the IO::Socket::SSL constructor rather than the Loop's listen method. It is not required to pass the socktype option, as SSL implies this will be stream. In addition, the following arguments are rquired: on_ssl_error => CODE A continuation that is invoked if IO::Socket::SSL detects an SSL-based error once the actual stream socket is connected. The underlying IO::Socket::SSL socket will also require the server key and certificate for a server-mode socket. See its documentation for more details. If the on_accept continuation is used, the socket handle it yields will be a IO::Socket::SSL, which must be wrapped in IO::Async::SSLStream to be used by IO::Async. The on_stream continuation will already yield such an instance. STREAM PROTOCOL METHODS The following extra methods are added to IO::Async::Protocol::Stream. SSL_upgrade $protocol->SSL_upgrade( %params )->get; A shortcut to calling $loop->SSL_upgrade. This method will unconfigure the transport of the Protocol, upgrade its underlying filehandle to SSL, then reconfigure it again with SSL reader and writer functions on it. It takes the same arguments as $loop->SSL_upgrade, except that the handle argument is not required as it's taken from the Protocol's transport. AUTHOR Paul Evans IO-Async-SSL-0.25/examples000755001750001750 014467177317 14041 5ustar00leoleo000000000000IO-Async-SSL-0.25/examples/delayed_sclient.pl000444001750001750 511214467177317 17662 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Getopt::Long; use IO::Async::Loop; use IO::Async::Protocol::Stream; use IO::Async::Signal; use IO::Async::Stream 0.54; # ->new_close_future use IO::Async::SSL; use IO::Async::SSLStream; my $DUMPCERT; my $NO_VERIFY; my $FAMILY; GetOptions( 'd|dumpcert' => \$DUMPCERT, 'nv|no-verify' => \$NO_VERIFY, '4|ipv4' => sub { $FAMILY = "inet" }, '6|ipv6' => sub { $FAMILY = "inet6" }, ) or exit 1; my $HOST = shift @ARGV or die "Need HOST"; my $PORT = shift @ARGV or die "Need PORT"; my $loop = IO::Async::Loop->new; my ( $socketstream, $stdiostream ); my $peeraddr; $socketstream = IO::Async::Stream->new( on_read => sub { my ( undef, $buffref, $closed ) = @_; # Turn CRLFs into plain \n by stripping \r $$buffref =~ s/\r//g; $stdiostream->write( $$buffref ); $$buffref = ""; return 0; }, on_closed => sub { print STDERR "Closed connection to $peeraddr\n"; $stdiostream->close_when_empty; }, ); $loop->add( $socketstream ); $stdiostream = IO::Async::Stream->new( read_handle => \*STDIN, write_handle => \*STDOUT, on_read => sub { my ( undef, $buffref, $closed ) = @_; # Turn plain \n into CRLFs $$buffref =~ s/\n/\x0d\x0a/g; $socketstream->write( $$buffref ); $$buffref = ""; return 0; }, on_closed => sub { $socketstream->close_when_empty; }, ); $loop->add( $stdiostream ); $loop->connect( host => $HOST, service => $PORT, family => $FAMILY, socktype => 'stream', handle => $socketstream, )->get; my $socket = $socketstream->read_handle; $peeraddr = $socket->peerhost . ":" . $socket->peerport; print STDERR "Connected to $peeraddr. Send SIGQUIT (Ctrl-\\) to start SSL upgrade\n"; my $signal = IO::Async::Signal->new( name => "QUIT", on_receipt => sub { my ( $self ) = @_; $loop->remove( $self ); $loop->remove( $socketstream ); $loop->SSL_upgrade( handle => $socketstream->read_handle, ( $NO_VERIFY ? ( SSL_verify_mode => 0 ) : () ), )->on_done( sub { print STDERR "Now upgraded to SSL\n"; # TODO: get actual name somehow? $loop->add( $socketstream ); if( $DUMPCERT ) { my $socket = $socketstream->read_handle; print STDERR Net::SSLeay::PEM_get_string_X509($socket->peer_certificate) . "\n"; } })->on_fail( sub { die "Cannot upgrade to SSL - $_[0]\n"; }); }, ); $loop->add( $signal ); $loop->await( $socketstream->new_close_future, $stdiostream->new_close_future ); IO-Async-SSL-0.25/examples/sclient.pl000444001750001750 354514467177317 16203 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Getopt::Long; use IO::Async::Loop; use IO::Async::Stream 0.54; # ->new_close_future use IO::Async::SSL; my $DUMPCERT; my $NO_VERIFY; my $FAMILY; GetOptions( 'd|dumpcert' => \$DUMPCERT, 'nv|no-verify' => \$NO_VERIFY, '4|ipv4' => sub { $FAMILY = "inet" }, '6|ipv6' => sub { $FAMILY = "inet6" }, ) or exit 1; my $HOST = shift @ARGV or die "Need HOST"; my $PORT = shift @ARGV or die "Need PORT"; my $loop = IO::Async::Loop->new; my ( $socketstream, $stdiostream ); my $peeraddr; $socketstream = IO::Async::Stream->new( on_read => sub { my ( undef, $buffref, $closed ) = @_; # Turn CRLFs into plain \n by stripping \r $$buffref =~ s/\r//g; $stdiostream->write( $$buffref ); $$buffref = ""; return 0; }, on_closed => sub { print STDERR "Closed connection to $peeraddr\n"; $stdiostream->close_when_empty; }, ); $loop->add( $socketstream ); $stdiostream = IO::Async::Stream->new( read_handle => \*STDIN, write_handle => \*STDOUT, on_read => sub { my ( undef, $buffref, $closed ) = @_; # Turn plain \n into CRLFs $$buffref =~ s/\n/\x0d\x0a/g; $socketstream->write( $$buffref ); $$buffref = ""; return 0; }, on_closed => sub { $socketstream->close_when_empty; }, ); $loop->add( $stdiostream ); $loop->SSL_connect( host => $HOST, service => $PORT, family => $FAMILY, handle => $socketstream, ( $NO_VERIFY ? ( SSL_verify_mode => 0 ) : () ), )->get; my $socket = $socketstream->read_handle; $peeraddr = $socket->peerhost . ":" . $socket->peerport; print STDERR "Connected to $peeraddr\n"; if( $DUMPCERT ) { print STDERR Net::SSLeay::PEM_get_string_X509($socket->peer_certificate) . "\n"; } $loop->await( $socketstream->new_close_future, $stdiostream->new_close_future ); IO-Async-SSL-0.25/lib000755001750001750 014467177317 12771 5ustar00leoleo000000000000IO-Async-SSL-0.25/lib/IO000755001750001750 014467177317 13300 5ustar00leoleo000000000000IO-Async-SSL-0.25/lib/IO/Async000755001750001750 014467177317 14355 5ustar00leoleo000000000000IO-Async-SSL-0.25/lib/IO/Async/SSL.pm000444001750001750 3564614467177317 15547 0ustar00leoleo000000000000# You may distribute under the terms of either the GNU General Public License # or the Artistic License (the same terms as Perl itself) # # (C) Paul Evans, 2010-2023 -- leonerd@leonerd.org.uk package IO::Async::SSL 0.25; use v5.14; use warnings; use Carp; use POSIX qw( EAGAIN EWOULDBLOCK ); use IO::Socket::SSL 2.003 qw( $SSL_ERROR SSL_WANT_READ SSL_WANT_WRITE ); # default_ca # require >= 2.003 for bugfixes - see RT#125220 use Future 0.33; # ->catch_with_f use IO::Async::Handle 0.29; use IO::Async::Loop 0.61; # new Listen API =head1 NAME C - use SSL/TLS with L =head1 SYNOPSIS use IO::Async::Loop; use IO::Async::SSL; my $loop = IO::Async::Loop->new(); $loop->SSL_connect( host => "www.example.com", service => "https", on_stream => sub { my ( $stream ) = @_; $stream->configure( on_read => sub { ... }, ); $loop->add( $stream ); ... }, on_resolve_error => sub { print STDERR "Cannot resolve - $_[0]\n"; }, on_connect_error => sub { print STDERR "Cannot connect\n"; }, on_ssl_error => sub { print STDERR "Cannot negotiate SSL - $_[-1]\n"; }, ); =head1 DESCRIPTION This module extends existing L classes with extra methods to allow the use of SSL or TLS-based connections using L. It does not directly provide any methods or functions of its own. Primarily, it provides C and C, which yield C-upgraded socket handles or L instances, and two forms of C to upgrade an existing TCP connection to use SSL. As an additional convenience, if the C and C options are omitted, the module will attempt to provide them by querying the result of L's C function. Otherwise, the module will print a warning and set C instead. =cut my %SSL_ca_args = IO::Socket::SSL::default_ca(); sub _SSL_args { my %args = @_; # SSL clients (i.e. non-server) require a verify mode if( !$args{SSL_server} and !defined $args{SSL_verify_mode} and !defined $args{SSL_ca_file} and !defined $args{SSL_ca_path} ) { unless( %SSL_ca_args ) { carp "Unable to set SSL_VERIFY_PEER because IO::Socket::SSL::default_ca() gives nothing"; $SSL_ca_args{SSL_verify_mode} = IO::Socket::SSL::SSL_VERIFY_NONE(); } %args = ( %SSL_ca_args, %args ); } return %args; } sub sslread { my $stream = shift; my ( $fh, undef, $len ) = @_; my $ret = $stream->_sysread( $fh, $_[1], $len ); my $read_wants_write = !defined $ret && ( $! == EAGAIN or $! == EWOULDBLOCK ) && $SSL_ERROR == SSL_WANT_WRITE; $stream->want_writeready_for_read( $read_wants_write ); # It's possible SSL_read took all the data out of the filehandle, thus # making it not appear read-ready any more. if( $fh->pending ) { $stream->loop->later( sub { $stream->on_read_ready } ); } return $ret; } sub sslwrite { my $stream = shift; my ( $fh, undef, $len ) = @_; # Placate RT98372 utf8::downgrade( $_[1] ) or carp "Wide character in sslwrite"; my $ret = $stream->_syswrite( $fh, $_[1], $len ); my $write_wants_read = !defined $ret && ( $! == EAGAIN or $! == EWOULDBLOCK ) && $SSL_ERROR == SSL_WANT_READ; $stream->want_readready_for_write( $write_wants_read ); # If write wants read, there's no point waiting on writereadiness either $stream->want_writeready_for_write( !$write_wants_read ); return $ret; } =head1 LOOP METHODS The following extra methods are added to L. =cut =head2 SSL_upgrade ( $stream or $socket ) = $loop->SSL_upgrade( %params )->get; This method upgrades a given stream filehandle into an SSL-wrapped stream, returning a future which will yield the given stream object or socket. Takes the following parameters: =over 8 =item handle => IO::Async::Stream | IO The C object containing the IO handle of an already-established connection to act as the transport for SSL; or the plain IO socket handle itself. If an C is passed it will have the C and C functions set on it suitable for SSL use, and will be returned as the result from the future. If a plain socket handle is passed, that will be returned from the future instead. =item SSL_server => BOOL If true, indicates this is the server side of the connection. =back In addition, any parameter whose name starts C will be passed to the C constructor. The following legacy callback arguments are also supported, in case the returned future is not used: =over 8 =item on_upgraded => CODE A continuation that is invoked when the socket has been successfully upgraded to SSL. It will be passed an instance of an C, which will have appropriate SSL-compatible reader/writer functions attached. $on_upgraded->( $sslsocket ) =item on_error => CODE A continuation that is invoked if C detects an error while negotiating the upgrade. $on_error->( $! ) =back =cut sub IO::Async::Loop::SSL_upgrade { my $loop = shift; my %params = @_; my $f = $loop->new_future; $params{handle} or croak "Expected 'handle'"; my $stream; my $socket; if( $params{handle}->isa( "IO::Async::Stream" ) ) { $stream = delete $params{handle}; $socket = $stream->read_handle; } else { $socket = delete $params{handle}; } { my $on_upgraded = delete $params{on_upgraded} or defined wantarray or croak "Expected 'on_upgraded' or to return a Future"; my $on_error = delete $params{on_error} or defined wantarray or croak "Expected 'on_error' or to return a Future"; $f->on_done( $on_upgraded ) if $on_upgraded; $f->on_fail( $on_error ) if $on_error; } my %ssl_params = map { $_ => delete $params{$_} } grep m/^SSL_/, keys %params; eval { $socket = IO::Socket::SSL->start_SSL( $socket, _SSL_args SSL_startHandshake => 0, # Required to make IO::Socket::SSL not ->close before we have a chance to remove it from the loop SSL_error_trap => sub { }, %ssl_params, ) or die IO::Socket::SSL->errstr; } or do { chomp( my $e = $@ ); return $f->fail( $e, "ssl" ); }; my $ready_method = $ssl_params{SSL_server} ? "accept_SSL" : "connect_SSL"; my $ready = sub { my ( $self ) = @_; if( $socket->$ready_method ) { $loop->remove( $self ); if( $stream ) { $stream->configure( handle => $socket, reader => \&sslread, writer => \&sslwrite, ); } $f->done( $stream || $socket ); return; } if( $! != EAGAIN and $! != EWOULDBLOCK ) { my $errstr = IO::Socket::SSL::errstr(); $loop->remove( $self ); $f->fail( $errstr, "ssl" ); return; } $self->want_readready ( $SSL_ERROR == SSL_WANT_READ ); $self->want_writeready( $SSL_ERROR == SSL_WANT_WRITE ); }; # We're going to steal the IO handle from $stream, so we'll have to # temporarily deconfigure it $stream->configure( handle => undef ) if $stream; $loop->add( my $handle = IO::Async::Handle->new( handle => $socket, on_read_ready => $ready, on_write_ready => $ready, ) ); $ready->( $handle ); return $f if defined wantarray; # Caller is not going to keep hold of the Future, so we have to ensure it # stays alive somehow $f->on_ready( sub { undef $f } ); # intentional cycle } =head2 SSL_connect $stream = $loop->SSL_connect( %params )->get; This method performs a non-blocking connection to a given address or set of addresses, upgrades the socket to SSL, then yields a C object when the SSL handshake is complete. It takes all the same arguments as C. Any argument whose name starts C will be passed on to the L constructor rather than the Loop's C method. It is not required to pass the C option, as SSL implies this will be C. This method can also upgrade an existing C or subclass instance given as the C argument, by setting the C and C functions. =head2 SSL_connect (void) $loop->SSL_connect( %params, on_connected => sub { ... }, on_stream => sub { ... }, ); When not returning a future, this method also supports the C and C continuations. In addition, the following arguments are then required: =over 8 =item on_ssl_error => CODE A continuation that is invoked if C detects an SSL-based error once the actual stream socket is connected. =back If the C continuation is used, the socket handle it yields will be a C, which must be wrapped in C to be used by C. The C continuation will already yield such an instance. =cut sub IO::Async::Loop::SSL_connect { my $loop = shift; my %params = @_; my %ssl_params = map { $_ => delete $params{$_} } grep m/^SSL_/, keys %params; my $on_done; if( exists $params{on_connected} ) { my $on_connected = delete $params{on_connected}; $on_done = sub { my ( $stream ) = @_; $on_connected->( $stream->read_handle ); }; } elsif( exists $params{on_stream} ) { my $on_stream = delete $params{on_stream}; $on_done = $on_stream; } else { croak "Expected 'on_connected' or 'on_stream' or to return a Future" unless defined wantarray; } my $on_ssl_error = delete $params{on_ssl_error} or defined wantarray or croak "Expected 'on_ssl_error' or to return a Future"; my $stream = delete $params{handle} || do { require IO::Async::Stream; IO::Async::Stream->new; }; $stream->isa( "IO::Async::Stream" ) or croak "Can only SSL_connect a handle instance of IO::Async::Stream"; # Don't ->connect with the handle yet, because we'll first have to use the # socket to perform SSL_upgrade on. We don't want to confuse the loop by # giving it the same fd twice. my $f = $loop->connect( socktype => 'stream', # SSL over DGRAM or RAW makes no sense %params, )->then( sub { my ( $socket ) = @_; $stream->configure( handle => $socket ); $loop->SSL_upgrade( _SSL_args( %ssl_params ), handle => $stream, ) }); $f->on_done( $on_done ) if $on_done; $f->on_fail( sub { $on_ssl_error->( $_[0] ) if defined $_[1] and $_[1] eq "ssl"; }) if $on_ssl_error; return $f if defined wantarray; # Caller is not going to keep hold of the Future, so we have to ensure it # stays alive somehow $f->on_ready( sub { undef $f } ); # intentional cycle } =head2 SSL_listen $loop->SSL_listen( %params )->get; This method sets up a listening socket using the addresses given, and will invoke the callback each time a new connection is accepted on the socket and the SSL handshake has been completed. This can be either the C or C continuation; C is not supported. It takes all the same arguments as C. Any argument whose name starts C will be passed on to the L constructor rather than the Loop's C method. It is not required to pass the C option, as SSL implies this will be C. In addition, the following arguments are rquired: =over 8 =item on_ssl_error => CODE A continuation that is invoked if C detects an SSL-based error once the actual stream socket is connected. =back The underlying L socket will also require the server key and certificate for a server-mode socket. See its documentation for more details. If the C continuation is used, the socket handle it yields will be a C, which must be wrapped in C to be used by C. The C continuation will already yield such an instance. =cut sub IO::Async::Loop::SSL_listen { my $loop = shift; my %params = @_; my %ssl_params = map { $_ => delete $params{$_} } grep m/^SSL_/, keys %params; my $on_ssl_error = delete $params{on_ssl_error} or defined wantarray or croak "Expected 'on_ssl_error'"; my $f = $loop->listen( socktype => 'stream', %params, )->on_done( sub { my $listener = shift; my $cleartext_acceptor = $listener->acceptor; my $ssl_acceptor = sub { my $listener = shift; my ( $listen_sock, %params ) = @_; my $stream = $params{handle}; !defined $stream or $stream->isa( "IO::Async::Stream" ) or croak "Can only accept SSL on IO::Async::Stream handles"; $listener->$cleartext_acceptor( $listen_sock )->then( sub { my ( $socket ) = @_; return Future->done() unless $socket; # EAGAIN $stream->configure( handle => $socket ) if $stream; $loop->SSL_upgrade( _SSL_args( SSL_server => 1, %ssl_params ), handle => ( $stream || $socket ), )->catch_with_f( ssl => sub { my ( $f, $failure ) = @_; if( $on_ssl_error ) { $on_ssl_error->( $failure ); return Future->done; # eat it } return $f; }); }); }; $listener->configure( acceptor => $ssl_acceptor ); }); return $f if defined wantarray; # Caller is not going to keep hold of the Future, so we have to ensure it # stays alive somehow $f->on_ready( sub { undef $f } ); # intentional cycle } =head1 STREAM PROTOCOL METHODS The following extra methods are added to L. =cut =head2 SSL_upgrade $protocol->SSL_upgrade( %params )->get; A shortcut to calling C<< $loop->SSL_upgrade >>. This method will unconfigure the C of the Protocol, upgrade its underlying filehandle to SSL, then reconfigure it again with SSL reader and writer functions on it. It takes the same arguments as C<< $loop->SSL_upgrade >>, except that the C argument is not required as it's taken from the Protocol's C. =cut sub IO::Async::Protocol::Stream::SSL_upgrade { my $protocol = shift; my %params = @_; my $on_upgraded = delete $params{on_upgraded} or croak "Expected 'on_upgraded'"; my $loop = $protocol->get_loop or croak "Expected to be a member of a Loop"; my $transport = $protocol->transport; $protocol->configure( transport => undef ); $loop->SSL_upgrade( handle => $transport, on_upgraded => sub { my ( $transport ) = @_; $protocol->configure( transport => $transport ); $on_upgraded->(); }, %params, ); } =head1 AUTHOR Paul Evans =cut 0x55AA; IO-Async-SSL-0.25/lib/IO/Async/SSLStream.pm000444001750001750 331514467177317 16667 0ustar00leoleo000000000000# You may distribute under the terms of either the GNU General Public License # or the Artistic License (the same terms as Perl itself) # # (C) Paul Evans, 2010-2023 -- leonerd@leonerd.org.uk package IO::Async::SSLStream 0.25; use v5.14; use warnings; use base qw( IO::Async::Stream ); IO::Async::Stream->VERSION( '0.59' ); use IO::Async::SSL; =head1 NAME C - read and write buffers around an SSL connection =head1 DESCRIPTION This subclass of L provides support for using an SSL connection, as created by L's C or C extension methods. After one of these methods has provided a socket handle, it should be wrapped in an L object to provide the usual C callback. It provides no extra methods and consumes no extra configuration parameters; treat it the same as a regular C object. See the main L documentation for an example of its use. =cut sub _init { my $self = shift; my ( $params ) = @_; $params->{reader} = \&IO::Async::SSL::sslread; $params->{writer} = \&IO::Async::SSL::sslwrite; $self->SUPER::_init( $params ); } =head1 BUGS =over 4 =item * Currently, this subclass does not completely handle the C configure option. It is possible for the C call to fail with C and C, indicating that it wishes to read (perhaps to obtain fresh keys from the server). In this case, the subclass will not correctly poll for readability and retry the write operation. This bug does not occur with regular C with C turned off. =back =head1 AUTHOR Paul Evans =cut 0x55AA; IO-Async-SSL-0.25/t000755001750001750 014467177317 12466 5ustar00leoleo000000000000IO-Async-SSL-0.25/t/00use.t000444001750001750 21114467177317 13716 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use_ok( 'IO::Async::SSL' ); use_ok( 'IO::Async::SSLStream' ); done_testing; IO-Async-SSL-0.25/t/01upgrade.t000444001750001750 1300514467177317 14617 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use Test::Identity; use IO::Async::Test 0.68; # wait_for_future use Future; use IO::Async::OS; use IO::Async::Loop; use IO::Async::SSL; use IO::Async::Stream; my $loop = IO::Async::Loop->new; testing_loop( $loop ); # ->SSL_upgrade on IO::Async::Stream { my ( $server_sock, $client_sock ) = IO::Async::OS->socketpair or die "Cannot socketpair - $!"; $server_sock->blocking( 0 ); $client_sock->blocking( 0 ); my @server_lines; my $server_stream = IO::Async::Stream->new( handle => $server_sock, on_read => sub { my ( $self, $buffref, $closed ) = @_; push @server_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $server_stream ); my @client_lines; my $client_stream = IO::Async::Stream->new( handle => $client_sock, on_read => sub { my ( $self, $buffref, $closed ) = @_; push @client_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $client_stream ); my $server_f = $loop->SSL_upgrade( handle => $server_stream, SSL_server => 1, SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", ); my $client_f = $loop->SSL_upgrade( handle => $client_stream, SSL_verify_mode => 0, ); wait_for_future( Future->needs_all( $server_f, $client_f ) ); identical( $server_f->get, $server_stream, 'server SSL_upgrade yields $server_stream' ); identical( $client_f->get, $client_stream, 'client SSL_upgrade yields $client_stream' ); # Gutwrenching but no other easy way to do this is( $server_stream->{reader}, \&IO::Async::SSL::sslread, '$server_stream has SSL reader' ); is( $server_stream->{writer}, \&IO::Async::SSL::sslwrite, '$server_stream has SSL writer' ); is( $client_stream->{reader}, \&IO::Async::SSL::sslread, '$client_stream has SSL reader' ); is( $client_stream->{writer}, \&IO::Async::SSL::sslwrite, '$client_stream has SSL writer' ); $server_stream->write( "Send a line\n" ); wait_for { @client_lines }; is( $client_lines[0], "Send a line", 'Line received by client' ); $client_stream->write( "Reply a line\n" ); wait_for { @server_lines }; is( $server_lines[0], "Reply a line", 'Line received by server' ); } # ->SSL_upgrade on IO handles { my ( $server_sock, $client_sock ) = IO::Async::OS->socketpair or die "Cannot socketpair - $!"; $server_sock->blocking( 0 ); $client_sock->blocking( 0 ); my ( $server_upgraded, $client_upgraded ); my $server_f = $loop->SSL_upgrade( handle => $server_sock, SSL_server => 1, SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", on_upgraded => sub { $server_upgraded++ }, on_error => sub { die "Test failed early - $_[-1]" }, ); my $client_f = $loop->SSL_upgrade( handle => $client_sock, SSL_verify_mode => 0, on_upgraded => sub { $client_upgraded++ }, on_error => sub { die "Test failed early - $_[-1]" }, ); ok( defined $server_f, 'defined ->SSL_upgrade Future for server' ); ok( defined $client_f, 'defined ->SSL_upgrade Future for client' ); wait_for_future( Future->needs_all( $server_f, $client_f ) ); identical( $server_f->get, $server_sock, 'server SSL_upgrade yields $server_sock' ); identical( $client_f->get, $client_sock, 'client SSL_upgrade yields $client_sock' ); } { my ( $server_sock, $client_sock ) = IO::Async::OS->socketpair or die "Cannot socketpair - $!"; $server_sock->blocking( 0 ); $client_sock->blocking( 0 ); my $client_errored; my $f = $loop->SSL_upgrade( handle => $client_sock, SSL_verify_mode => 0, on_upgraded => sub { die "Test failed early - SSL upgrade succeeded" }, on_error => sub { $client_errored++ }, ); $server_sock->syswrite( "A line of plaintext content\n" ); wait_for { $f->is_ready }; ok( scalar $f->failure, '$f indicates client upgrade failure' ); ok( $client_errored, 'on_error invoked for client upgrade failure' ); } # An erroneous SSL_upgrade { my ( $server_sock, $client_sock ) = IO::Async::OS->socketpair or die "Cannot socketpair - $!"; $server_sock->blocking( 0 ); $client_sock->blocking( 0 ); my ( $server_upgraded, $client_upgraded ); my $server_f = $loop->SSL_upgrade( handle => $server_sock, SSL_server => 1, SSL_key_file => {}, SSL_cert_file => {}, ); wait_for { $server_f->is_ready }; # Message wording changed format a lot at 1.92 if( eval { Net::SSLeay->VERSION( '1.92' ) } ) { # Don't be too dependent on the exact wording of the message like( $server_f->failure, qr/^Failed to load certificate from file /, 'SSL_upgrade yields correct error on failure' ); } } { my ( $server_sock, $client_sock ) = IO::Async::OS->socketpair or die "Cannot socketpair - $!"; $server_sock->blocking( 0 ); $client_sock->blocking( 0 ); my $server_errored; my $f = $loop->SSL_upgrade( handle => $server_sock, SSL_server => 1, SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", on_upgraded => sub { die "Test failed early - SSL upgrade succeeded" }, on_error => sub { $server_errored++ }, ); $client_sock->syswrite( "A line of plaintext content\n" ); wait_for { $f->is_ready }; ok( scalar $f->failure, '$f indicates server upgrade failure' ); ok( $server_errored, 'on_error invoked for server upgrade failure' ); } done_testing; IO-Async-SSL-0.25/t/02protocol-upgrade.t000444001750001750 446614467177317 16452 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::OS; use IO::Async::Loop; use IO::Async::SSL; use IO::Async::Stream; use IO::Async::Protocol::Stream; my $loop = IO::Async::Loop->new; testing_loop( $loop ); my ( $server_sock, $client_sock ) = IO::Async::OS->socketpair or die "Cannot socketpair - $!"; $server_sock->blocking( 0 ); $client_sock->blocking( 0 ); my @server_lines; my $server_proto = IO::Async::Protocol::Stream->new( transport => IO::Async::Stream->new( handle => $server_sock ), on_read => sub { my ( $self, $buffref, $closed ) = @_; push @server_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $server_proto ); my @client_lines; my $client_proto = IO::Async::Protocol::Stream->new( transport => IO::Async::Stream->new( handle => $client_sock ), on_read => sub { my ( $self, $buffref, $closed ) = @_; push @client_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $client_proto ); my ( $server_upgraded, $client_upgraded ); $server_proto->SSL_upgrade( SSL_server => 1, SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", on_upgraded => sub { $server_upgraded++ }, on_error => sub { die "Test failed early - $_[-1]" }, ); $client_proto->SSL_upgrade( SSL_verify_mode => 0, on_upgraded => sub { $client_upgraded++ }, on_error => sub { die "Test failed early - $_[-1]" }, ); wait_for { $server_upgraded and $client_upgraded }; ok( 1, "Sockets upgraded" ); # Gutwrenching but no other easy way to do this is( $server_proto->transport->{reader}, \&IO::Async::SSL::sslread, '$server_proto->transport has SSL reader' ); is( $server_proto->transport->{writer}, \&IO::Async::SSL::sslwrite, '$server_proto->transport has SSL writer' ); is( $client_proto->transport->{reader}, \&IO::Async::SSL::sslread, '$client_proto->transport has SSL reader' ); is( $client_proto->transport->{writer}, \&IO::Async::SSL::sslwrite, '$client_proto->transport has SSL writer' ); $server_proto->write( "Send a line\n" ); wait_for { @client_lines }; is( $client_lines[0], "Send a line", 'Line received by client' ); $client_proto->write( "Reply a line\n" ); wait_for { @server_lines }; is( $server_lines[0], "Reply a line", 'Line received by server' ); done_testing; IO-Async-SSL-0.25/t/03cross.t000444001750001750 1643414467177317 14334 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::Loop; use IO::Async::Listener; use IO::Async::SSL; use Socket qw( unpack_sockaddr_in ); use IO::Async::Stream 0.59; my $loop = IO::Async::Loop->new; testing_loop( $loop ); { my $a_stream; my $listener = IO::Async::Listener->new( handle_class => "IO::Async::Stream", on_accept => sub { shift; $a_stream = shift; }, ); $loop->add( $listener ); my $listen_f = $listener->listen( family => "inet", host => "localhost", service => "", socktype => "stream", # TODO imply extensions => [ 'SSL' ], SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", ); wait_for { $listen_f->is_ready }; my $port = $listener->read_handle->sockport; my @c_lines; my $c_stream = IO::Async::Stream->new( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @c_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $c_stream ); my $conn_f = $loop->SSL_connect( family => "inet", host => "localhost", service => $port, SSL_verify_mode => 0, handle => $c_stream, ); wait_for { $conn_f->is_ready and defined $a_stream }; # Gutwrenching but no other easy way to do this is( $a_stream->{reader}, \&IO::Async::SSL::sslread, '$a_stream has SSL reader' ); is( $a_stream->{writer}, \&IO::Async::SSL::sslwrite, '$a_stream has SSL writer' ); is( $c_stream->{reader}, \&IO::Async::SSL::sslread, '$c_stream has SSL reader' ); is( $c_stream->{writer}, \&IO::Async::SSL::sslwrite, '$c_stream has SSL writer' ); $conn_f->get if $conn_f->failure; is_deeply( [ unpack_sockaddr_in $c_stream->read_handle->sockname ], [ unpack_sockaddr_in $a_stream->write_handle->peername ], 'Sockets crossconnected' ); my @a_lines; $a_stream->configure( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @a_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $a_stream ); $a_stream->write( "Send a line\n" ); wait_for { @c_lines }; is( $c_lines[0], "Send a line", 'Line received by openssl' ); $c_stream->write( "Reply a line\n" ); wait_for { @a_lines }; is( $a_lines[0], "Reply a line", 'Line received by local socket' ); undef @c_lines; undef @a_lines; $a_stream->write( ("X" x 1_000_000 ) . "\n" ); wait_for { @c_lines }; is( length $c_lines[0], 1_000_000, 'Bulk data received by openssl' ); $c_stream->write( ("X" x 1_000_000 ) . "\n" ); wait_for { @a_lines }; is( length $a_lines[0], 1_000_000, 'Bulk data received by local socket' ); undef @c_lines; undef @a_lines; # syswrite() more than we sysread(), so as to try to provoke a condition where # SSL_read() reads all the data from the socket, making it not read-ready, but # that we haven't yet got all the data at the on_read level. $a_stream->configure( write_len => 16384, read_len => 128 ); $c_stream->configure( write_len => 16384, read_len => 128 ); $a_stream->write( ("X" x 1024 ) . "\n" ); wait_for { @c_lines }; is( length $c_lines[0], 1024, 'Data received by openssl without stall' ); $c_stream->write( ("X" x 1024 ) . "\n" ); wait_for { @a_lines }; is( length $a_lines[0], 1024, 'Data received by local socket without stall' ); $loop->remove( $listener ); $loop->remove( $c_stream ); $loop->remove( $a_stream ); } # $loop->connect( SSL ) { my $a_stream; my $listener = IO::Async::Listener->new( handle_class => "IO::Async::Stream", on_accept => sub { shift; $a_stream = shift; }, ); $loop->add( $listener ); my $listen_f = $listener->listen( family => "inet", host => "localhost", service => "", socktype => "stream", # TODO imply extensions => [ 'SSL' ], SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_listen_error => sub { die "Cannot listen - $_[-1]\n" }, on_ssl_error => sub { die "SSL error - $_[-1]\n" }, ); wait_for { $listen_f->is_ready }; my $port = $listener->read_handle->sockport; my $conn_f = $loop->connect( extensions => [ 'SSL' ], family => "inet", host => "localhost", service => $port, SSL_verify_mode => 0, on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_connect_error => sub { die "Cannot connect\n" }, on_ssl_error => sub { die "SSL error - $_[-1]\n" }, handle => IO::Async::Stream->new, ); wait_for { $conn_f->is_ready and defined $a_stream }; $conn_f->get if $conn_f->failure; is_deeply( [ unpack_sockaddr_in $conn_f->get->read_handle->sockname ], [ unpack_sockaddr_in $a_stream->write_handle->peername ], 'Sockets crossconnected using ->connect extensions' ); } # connect SSL error { my $listen_sock; my $accepted_sock; $loop->listen( family => "inet", host => "localhost", service => "", socktype => "stream", on_listen => sub { $listen_sock = shift }, on_accept => sub { $accepted_sock = shift }, on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_listen_error => sub { die "Cannot listen - $_[-1]\n" }, ); wait_for { defined $listen_sock }; my $port = $listen_sock->sockport; my $connected_sock; my $client_errored; $loop->SSL_connect( family => "inet", host => "localhost", service => $port, SSL_verify_mode => 0, on_connected => sub { $connected_sock = shift }, on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_connect_error => sub { die "Cannot connect\n" }, on_ssl_error => sub { $client_errored++ }, ); wait_for { defined $accepted_sock }; $accepted_sock->syswrite( "A line of plaintext content\n" ); wait_for { $client_errored }; ok( 1, "Client socket indicates error" ); } # connect SSL error { my $listen_sock; my $server_errored; $loop->SSL_listen( family => "inet", host => "localhost", service => "", SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", on_listen => sub { $listen_sock = shift }, on_accept => sub { die "Test failed early - SSL listen succeeded" }, on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_listen_error => sub { die "Cannot listen - $_[-1]\n" }, on_ssl_error => sub { $server_errored++ }, ); wait_for { defined $listen_sock }; my $port = $listen_sock->sockport; my $connected_sock; $loop->connect( family => "inet", host => "localhost", service => $port, socktype => "stream", on_connected => sub { $connected_sock = shift }, on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_connect_error => sub { die "Cannot connect\n" }, ); wait_for { defined $connected_sock }; $connected_sock->syswrite( "A line of plaintext content\n" ); wait_for { $server_errored }; ok( 1, "Server socket indicates error" ); } done_testing; IO-Async-SSL-0.25/t/04readwrite.t000444001750001750 731614467177317 15151 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::Loop; use IO::Async::SSL; my $loop = IO::Async::Loop->new; testing_loop( $loop ); my $listen_sock = IO::Socket::INET->new( LocalHost => "localhost", LocalPort => 0, Listen => 1, ) or die "Cannot listen - $@"; # Mass cheating here no warnings 'redefine'; *IO::Socket::SSL::connect_SSL = sub { return 1; }; my $f = $loop->SSL_connect( addr => { family => "inet", ip => $listen_sock->sockhost, port => $listen_sock->sockport }, ); wait_for { $f->is_ready }; my $stream = $f->get; my $server_sock = $listen_sock->accept; my $read; $stream->configure( on_read => sub { my ( $self, $readbuf ) = @_; $read = $$readbuf; $$readbuf = ""; return 0; }, ); $loop->add( $stream ); # A micro mocking framework { my @EXPECT; sub expect { my ( $method, $args, $result, $return ) = @_; push @EXPECT, [ $method, $args, $result, $return ]; } *IO::Socket::SSL::sysread = sub { my ( $fh, undef, $len, $offset ) = @_; @EXPECT or fail( "Expected no more calls, got sysread" ), $! = Errno::EINVAL, return undef; my $e = shift @EXPECT; $e->[0] eq "sysread" or fail( "Expected $e->[0], got sysread" ), $! = Errno::EINVAL, return undef; pass( "Got sysread" ); if( $e->[2] eq "return" ) { $_[1] = $e->[3]; return length $e->[3]; } elsif( $e->[2] eq "err" ) { $! = Errno::EAGAIN; $IO::Socket::SSL::SSL_ERROR = $e->[3]; return undef; } }; *IO::Socket::SSL::syswrite = sub { my ( $fh, $buff, $len ) = @_; @EXPECT or fail( "Expected no more calls, got syswrite" ), $! = Errno::EINVAL, return undef; my $e = shift @EXPECT; $e->[0] eq "syswrite" or fail( "Expected $e->[0], got syswrite" ), $! = Errno::EINVAL, return undef; pass( "Got syswrite" ); is( $e->[1][0], $buff, 'Data for syswrite' ); if( $e->[2] eq "return" ) { return $len; } elsif( $e->[2] eq "err" ) { $! = Errno::EAGAIN; $IO::Socket::SSL::SSL_ERROR = $e->[3]; return undef; } }; } # read-wants-read { # Make serversock readready $server_sock->syswrite( "1" ); expect sysread => [], return => "the data"; wait_for { length $read }; is( $read, "the data", 'read-wants-read reads data' ); $read = ""; CORE::sysread( $stream->read_handle, my $dummy, 8192 ); } # read-wants-write { # Make serversock readready $server_sock->syswrite( "2" ); expect sysread => [], err => IO::Socket::SSL::SSL_WANT_WRITE; wait_for { $stream->want_writeready }; pass( '$stream->want_writeready' ); CORE::sysread( $stream->read_handle, my $dummy, 8192 ); expect sysread => [], return => "late data"; wait_for { length $read }; is( $read, "late data", 'read-wants-write reads data after writeready' ); $read = ""; } # write-wants-write { my $flushed; $stream->write( "out data", on_flush => sub { $flushed++ } ); expect syswrite => [ "out data" ], return =>; wait_for { $flushed }; pass( 'write-wants-write flushes data' ); } # write-wants-read { my $flushed; $stream->write( "late out data", on_flush => sub { $flushed++ } ); # more cheating $stream->want_readready( 0 ); expect syswrite => [ "late out data" ], err => IO::Socket::SSL::SSL_WANT_READ; wait_for { $stream->want_readready }; pass( '$stream->want_readready' ); expect sysread => [], err => 0; expect syswrite => [ "late out data" ], return =>; $server_sock->syswrite( "4" ); wait_for { $flushed }; pass( 'write-wants-read flushes data after readready' ); } done_testing; IO-Async-SSL-0.25/t/05utf8.t000444001750001750 374414467177317 14053 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use utf8; use Test::More; use Test::Identity; use IO::Async::Test 0.68; # wait_for_future use Future; use IO::Async::OS; use IO::Async::Loop; use IO::Async::SSL; use IO::Async::Stream; use Encode qw( encode_utf8 decode_utf8 ); my $loop = IO::Async::Loop->new; # A message containing non-8859-1 characters as this tests Perl more interestingly my $message = "Ĉu vi ĉi tion vidas?"; sub chomped { chomp( my $tmp = $_[0] ); return $tmp } testing_loop( $loop ); { my ( $server_sock, $client_sock ) = IO::Async::OS->socketpair or die "Cannot socketpair - $!"; $server_sock->blocking( 0 ); $client_sock->blocking( 0 ); my $server_stream = IO::Async::Stream->new( handle => $server_sock, on_read => sub { 0 }, ); $loop->add( $server_stream ); my $client_stream = IO::Async::Stream->new( handle => $client_sock, on_read => sub { 0 }, ); $loop->add( $client_stream ); my $server_f = $loop->SSL_upgrade( handle => $server_stream, SSL_server => 1, SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", ); my $client_f = $loop->SSL_upgrade( handle => $client_stream, SSL_verify_mode => 0, ); wait_for_future( Future->needs_all( $server_f, $client_f ) ); # Check that we can pass UTF-8 bytes unmolested my $bytes = encode_utf8( $message ); $client_stream->write( "$bytes\n" ); my $read_f = $server_stream->read_until( "\n" ); wait_for { $read_f->is_ready }; is( decode_utf8( chomped $read_f->get ), $message, 'UTF-8 string unmolested' ); # Check further that the bytes remain umolested even if they somehow end # up with the SvUTF8 flag set utf8::upgrade( $bytes ); $client_stream->write( "$bytes\n" ); $read_f = $server_stream->read_until( "\n" ); wait_for { $read_f->is_ready }; is( decode_utf8( chomped $read_f->get ), $message, 'UTF-8 string unmolested even with SvUTF8' ); } done_testing; IO-Async-SSL-0.25/t/10connect-openssl.t000444001750001750 400514467177317 16262 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::OS; use IO::Async::Loop; use IO::Async::SSL; use POSIX qw( WEXITSTATUS ); system( "openssl help >/dev/null 2>&1" ) == 0 or plan skip_all => "no openssl"; my $loop = IO::Async::Loop->new; testing_loop( $loop ); my $port = do { IO::Socket::INET->new( LocalPort => 0, Listen => 1 )->sockport }; my ( $my_rd, $ssl_wr, $ssl_rd, $my_wr ) = IO::Async::OS->pipequad or die "Cannot pipequad - $!"; my $kid = $loop->spawn_child( setup => [ chdir => "t", stdin => $ssl_rd, stdout => $ssl_wr, ], command => [ "openssl", "s_server", "-accept", $port, "-key", "privkey.pem", "-cert", "server.pem", "-quiet" ], on_exit => sub { my ( $pid, $exitcode ) = @_; my $status = WEXITSTATUS( $exitcode ); $status == 0 or die "openssl failed with $status\n"; }, ); close $ssl_rd; close $ssl_wr; END { kill TERM => $kid if defined $kid } my @openssl_lines; $loop->add( my $openssl_stream = IO::Async::Stream->new( read_handle => $my_rd, write_handle => $my_wr, on_read => sub { my ( $stream, $buffref, $closed ) = @_; push @openssl_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ) ); sleep 1; # This is a hack. Waiting for openssl to start my @local_lines; my $sslstream = IO::Async::Stream->new( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @local_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $sslstream ); $sslstream->connect( family => "inet", host => "localhost", service => $port, extensions => [ 'SSL' ], SSL_verify_mode => 0, )->get; $sslstream->write( "Send a line\n" ); wait_for { @openssl_lines }; is( $openssl_lines[0], "Send a line", 'Line received by openssl' ); $openssl_stream->write( "Reply a line\n" ); wait_for { @local_lines }; is( $local_lines[0], "Reply a line", 'Line received by local socket' ); undef @openssl_lines; undef @local_lines; done_testing; IO-Async-SSL-0.25/t/10connect-socat.t000444001750001750 376614467177317 15725 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::OS; use IO::Async::Loop; use IO::Async::SSL; use POSIX qw( WEXITSTATUS ); system( "socat -help >/dev/null 2>&1" ) == 0 or plan skip_all => "no socat"; my $loop = IO::Async::Loop->new; testing_loop( $loop ); my $port = do { IO::Socket::INET->new( LocalPort => 0, Listen => 1 )->sockport }; my ( $my_rd, $ssl_wr, $ssl_rd, $my_wr ) = IO::Async::OS->pipequad or die "Cannot pipequad - $!"; my $kid = $loop->spawn_child( setup => [ chdir => "t", stdin => $ssl_rd, stdout => $ssl_wr, ], command => [ "socat", "OPENSSL-LISTEN:$port,dhparam=dhparam.pem,cert=server.pem,key=privkey.pem,verify=0", "STDIO" ], on_exit => sub { my ( $pid, $exitcode ) = @_; my $status = WEXITSTATUS( $exitcode ); $status == 0 or die "socat failed with $status\n"; }, ); close $ssl_rd; close $ssl_wr; END { kill TERM => $kid if defined $kid } my @socat_lines; $loop->add( my $socat_stream = IO::Async::Stream->new( read_handle => $my_rd, write_handle => $my_wr, on_read => sub { my ( $stream, $buffref, $closed ) = @_; push @socat_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ) ); sleep 1; # This is a hack. Waiting for socat to start my @local_lines; my $sslstream = IO::Async::Stream->new( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @local_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $sslstream ); $sslstream->connect( family => "inet", host => "localhost", service => $port, extensions => [ 'SSL' ], SSL_verify_mode => 0, )->get; $sslstream->write( "Send a line\n" ); wait_for { @socat_lines }; is( $socat_lines[0], "Send a line", 'Line received by openssl' ); $socat_stream->write( "Reply a line\n" ); wait_for { @local_lines }; is( $local_lines[0], "Reply a line", 'Line received by local socket' ); undef @socat_lines; undef @local_lines; done_testing; IO-Async-SSL-0.25/t/11listen-openssl.t000444001750001750 432014467177317 16130 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::OS; use IO::Async::Loop; use IO::Async::SSL; use IO::Async::Listener; use POSIX qw( WEXITSTATUS ); system( "openssl help >/dev/null 2>&1" ) == 0 or plan skip_all => "no openssl"; my $loop = IO::Async::Loop->new; testing_loop( $loop ); my $sslstream; my $listener = IO::Async::Listener->new( handle_class => "IO::Async::Stream", on_accept => sub { shift; $sslstream = shift; }, ); $loop->add( $listener ); $listener->listen( addr => { family => "inet", socktype => "stream" }, extensions => [ 'SSL' ], SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", )->get; my $port = $listener->read_handle->sockport; my ( $my_rd, $ssl_wr, $ssl_rd, $my_wr ) = IO::Async::OS->pipequad or die "Cannot pipequad - $!"; my $kid = $loop->spawn_child( setup => [ stdin => $ssl_rd, stdout => $ssl_wr, stderr => [ open => ">", "/dev/null" ], ], command => [ "openssl", "s_client", "-4", "-host", "localhost", "-port", $port, "-quiet" ], on_exit => sub { my ( $pid, $exitcode ) = @_; my $status = WEXITSTATUS( $exitcode ); $status == 0 or die "openssl failed with $status\n"; }, ); close $ssl_rd; close $ssl_wr; END { kill TERM => $kid if defined $kid } my @openssl_lines; $loop->add( my $openssl_stream = IO::Async::Stream->new( read_handle => $my_rd, write_handle => $my_wr, on_read => sub { my ( $stream, $buffref, $closed ) = @_; push @openssl_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ) ); wait_for { defined $sslstream }; my @local_lines; $sslstream->configure( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @local_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $sslstream ); undef @openssl_lines; $sslstream->write( "Send a line\n" ); wait_for { @openssl_lines }; is( $openssl_lines[0], "Send a line", 'Line received by openssl' ); $openssl_stream->write( "Reply a line\n" ); wait_for { @local_lines }; is( $local_lines[0], "Reply a line", 'Line received by local socket' ); undef @openssl_lines; undef @local_lines; done_testing; IO-Async-SSL-0.25/t/11listen-socat.t000444001750001750 445414467177317 15566 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::OS; use IO::Async::Loop; use IO::Async::SSL; use IO::Async::Listener; use POSIX qw( WEXITSTATUS ); system( "socat -help >/dev/null 2>&1" ) == 0 or plan skip_all => "no socat"; my $loop = IO::Async::Loop->new; testing_loop( $loop ); my $sslstream; my $listener = IO::Async::Listener->new( handle_class => "IO::Async::Stream", on_accept => sub { shift; $sslstream = shift; }, ); $loop->add( $listener ); $listener->listen( addr => { family => "inet", socktype => "stream" }, extensions => [ 'SSL' ], SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_listen_error => sub { die "Cannot listen - $_[-1]\n" }, on_ssl_error => sub { die "SSL error - $_[-1]\n" }, )->get; my $port = $listener->read_handle->sockport; my ( $my_rd, $ssl_wr, $ssl_rd, $my_wr ) = IO::Async::OS->pipequad or die "Cannot pipequad - $!"; my $kid = $loop->spawn_child( setup => [ stdin => $ssl_rd, stdout => $ssl_wr, ], command => [ "socat", "OPENSSL:localhost:$port,verify=0", "STDIO" ], on_exit => sub { my ( $pid, $exitcode ) = @_; my $status = WEXITSTATUS( $exitcode ); $status == 0 or die "socat failed with $status\n"; }, ); close $ssl_rd; close $ssl_wr; END { kill TERM => $kid if defined $kid } my @socat_lines; $loop->add( my $socat_stream = IO::Async::Stream->new( read_handle => $my_rd, write_handle => $my_wr, on_read => sub { my ( $stream, $buffref, $closed ) = @_; push @socat_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ) ); wait_for { defined $sslstream }; my @local_lines; $sslstream->configure( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @local_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $sslstream ); undef @socat_lines; $sslstream->write( "Send a line\n" ); wait_for { @socat_lines }; is( $socat_lines[0], "Send a line", 'Line received by socat' ); $socat_stream->write( "Reply a line\n" ); wait_for { @local_lines }; is( $local_lines[0], "Reply a line", 'Line received by local socket' ); undef @socat_lines; undef @local_lines; done_testing; IO-Async-SSL-0.25/t/20stream.t000444001750001750 341514467177317 14450 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; use IO::Async::Test; use IO::Async::Loop; use IO::Async::SSL; my $loop = IO::Async::Loop->new; testing_loop( $loop ); my $listen_sock; my $a_stream; $loop->SSL_listen( family => "inet", host => "localhost", service => "0", SSL_key_file => "t/privkey.pem", SSL_cert_file => "t/server.pem", on_listen => sub { $listen_sock = shift }, on_stream => sub { $a_stream = shift }, on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_listen_error => sub { die "Cannot listen - $_[-1]\n" }, on_ssl_error => sub { die "SSL error - $_[-1]\n" }, ); wait_for { defined $listen_sock }; my $c_stream; $loop->SSL_connect( family => "inet", host => "localhost", service => $listen_sock->sockport, SSL_verify_mode => 0, on_stream => sub { $c_stream = shift }, on_resolve_error => sub { die "Cannot resolve - $_[-1]\n" }, on_connect_error => sub { die "Cannot connect\n" }, on_ssl_error => sub { die "SSL error - $_[-1]\n" }, ); wait_for { defined $c_stream and defined $a_stream }; my @c_lines; $c_stream->configure( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @c_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $c_stream ); my @a_lines; $a_stream->configure( on_read => sub { my ( $self, $buffref, $closed ) = @_; push @a_lines, $1 while $$buffref =~ s/^(.*)\n//; return 0; }, ); $loop->add( $a_stream ); $a_stream->write( "Send a line\n" ); wait_for { @c_lines }; is( $c_lines[0], "Send a line", 'Line received by openssl' ); $c_stream->write( "Reply a line\n" ); wait_for { @a_lines }; is( $a_lines[0], "Reply a line", 'Line received by local socket' ); done_testing; IO-Async-SSL-0.25/t/99pod.t000444001750001750 25614467177317 13737 0ustar00leoleo000000000000#!/usr/bin/perl use v5.14; use warnings; use Test::More; eval "use Test::Pod 1.00"; plan skip_all => "Test::Pod 1.00 required for testing POD" if $@; all_pod_files_ok(); IO-Async-SSL-0.25/t/dhparam.pem000444001750001750 65014467177317 14723 0ustar00leoleo000000000000-----BEGIN DH PARAMETERS----- MIIBCAKCAQEAmI6zBc2nRtH0oRZ+BZ1rl9bLjUo0yVgKeA9Y09Di2S60aNx0ovob o0T4Jc5jwZ/YAIMjrNIoWDGCKHcFKn7kghyk9e6HryK/YX6pR0Ma/GCoz/MJ5eGn zA/KW8FfP4Ldq5JHkXVlG2HeCua1TqzciQtKtWPakB4zdTeKgF6FfSibXrYDUWTS +6jDnh9HTPjPyyCwqsj1X74J9MxOKYhOQG7ucIOrcp9m+sgzPbX71S3pz5Ze/7Xg k0JmSLmiprXn27USBzd70jC4ZNzv22aaRmQ+MBsMWLlqYUgEfjmRN4rzgko5en5j N/XRQlHgKq1RWum6CoKEaRwNmcQmXwQK8wIBAg== -----END DH PARAMETERS----- IO-Async-SSL-0.25/t/privkey.pem000444001750001750 321314467177317 15016 0ustar00leoleo000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAxlFv8a+BYzvjyHl7P0jrCO5Akovzp2hCl8/w9LWqpmdq7Z3H Xs2vGfbPzJPiLvjIZY//2YDNet6FxMkbmvZ1HfaIaUbd5JH5D/nsl10hZX8csWI/ vRGkCAFtF/pQwPLcEhj3j51/dO6T59PbhPc5+w9VSV2Jaq5RT/ZINyZao/v1khmK Lh6OzFkmmxxU80nmKvTstGQ/Yjmk0DhTc8Bp/ahBaQHamhnTHh8vQoSw9B8qGiKh JqHzbfRCX4nL3RwUN1v7bL1SYY8yJ+8vs3TxPLYB3r0oUvXmtVZiwx6zg8qFQFbL TTq5/AHSV3erMDaT7yVBgR5DtwRDYBnSK40wmQIDAQABAoIBAQCnfqp0To2R+UgV znxIY9aWMVt6Khd8gXMU8vwIQdLCPkAyNfrn2AIWhLzWhOQYVegy1x74XW+uYXhL TqsxAwzBZLGrcL4ByUO4uZWX9YE6TtQ2AMvibJ7EYCf6g2BmxfcWld2ofxXh9YoX 13fk4kUnBLk8gHKKFnX4egJeCdet/KbXgdtHnLpU/PVvxMyMLgvWP1BfFqKtPXyq 5qeFYd//ZCC6jqWYz8ByxAkdsqxgmm8KZ78PkBEQUqtmoEKB1XvYpV/WxPm6VijM hqYfZ5kB3XVeYqxlvrc9kGawNyb69TY8Fbmrcp7sn470sUTMiL7RP95ucrLuyVCr QW0ahHi9AoGBAPFTR2FzQ50Sa+v1XU055xNfGyPV3pHzqaSTWJb73o/14mDpGc8B WP4kBcSeuFZUmZhnXywX+xo6wFuejDPcHEr7BBtd5Jq2v5QLyronvc45zY5pzdnQ ffX31cGUUD1tkPCoEhit4LxaIDI1mHyO2Wt8qXfiNtsGrJl2efOLPNs7AoGBANJg qeYyWiMu2vZ/t9dm5ofCKktW5dU56RDHnAdIWCdPChmnD2iAjbEZI+bsw4GHEMLT e2Duq0ka/MD5qtLZBA1E8K8XlrYbblWJEayF8wKvVOI8d7WEMEHTMN19iNNwGivF khlHYKPLbi1vX1SHWtbX3Gt3sA4JOHFSneldpV47AoGAKeDm2T10dVSWD+uTlmw+ 8nilsBFUP4XGYb4EOKda1ya3c1PgW7EDLY84xQc6PBkQUodV18QNml6ptPyNng5L hqOK8ejYXBTsqBdnxehRovEa/+TSiUMKKN4qZR6E0jQqW+j+wvOhtW36elwcqzjq +CE5E4nZNScyWqtZvG7kT7MCgYAKgn26XEWYgFy798FtZ1yY56BJRzwQHOaByhcH XhvZSt+MTIY+iD2L3V+nx6g0rlSuBvag7wtriYea9F4OTn0fVJRZiuoiithGOaTC Y6ayOaQZ8T9huArZHv3P8teFCJKmISadUK2JQT5t0qSGioSFOx9t1vramKdTMfdl kyIRxQKBgGSsbXYmtTY43ogkbveGRJ7QOxBLaHhYHdvtQ4tyW55NU4A9IB3gbZKE Sanp6qKDxwMcwQk3lG5HeOc1l+IIdW8GxgME2hHHnw1sq13sU550Rz4S++3FUgbx puB2lUQzwIyhygfITlwLPabS9Y/mWim2zLK9u19TSOdhR9ofg35d -----END RSA PRIVATE KEY----- IO-Async-SSL-0.25/t/server.pem000444001750001750 236514467177317 14642 0ustar00leoleo000000000000-----BEGIN CERTIFICATE----- MIIDfTCCAmWgAwIBAgIUWPfcWp15laOQvwxbARX9csG1BPYwDQYJKoZIhvcNAQEL BQAwTjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEVMBMGA1UECgwMSU8t QXN5bmMtU1NMMRcwFQYDVQQLDA5UZXN0aW5nIFNlcnZlcjAeFw0yMjA1MjMwOTEy MDNaFw0zMjA1MjAwOTEyMDNaME4xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25k b24xFTATBgNVBAoMDElPLUFzeW5jLVNTTDEXMBUGA1UECwwOVGVzdGluZyBTZXJ2 ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGUW/xr4FjO+PIeXs/ SOsI7kCSi/OnaEKXz/D0taqmZ2rtncdeza8Z9s/Mk+Iu+Mhlj//ZgM163oXEyRua 9nUd9ohpRt3kkfkP+eyXXSFlfxyxYj+9EaQIAW0X+lDA8twSGPePnX907pPn09uE 9zn7D1VJXYlqrlFP9kg3Jlqj+/WSGYouHo7MWSabHFTzSeYq9Oy0ZD9iOaTQOFNz wGn9qEFpAdqaGdMeHy9ChLD0HyoaIqEmofNt9EJficvdHBQ3W/tsvVJhjzIn7y+z dPE8tgHevShS9ea1VmLDHrODyoVAVstNOrn8AdJXd6swNpPvJUGBHkO3BENgGdIr jTCZAgMBAAGjUzBRMB0GA1UdDgQWBBRcdM88LCiGjxMURXm1B6rZjC2aWjAfBgNV HSMEGDAWgBRcdM88LCiGjxMURXm1B6rZjC2aWjAPBgNVHRMBAf8EBTADAQH/MA0G CSqGSIb3DQEBCwUAA4IBAQBEfHTM7yfy6/cb3/pdEMe2cu5eo1PQShLdjISGrfBU TIlvauUTdIVqZU4QrsaubvgcB3kZcsUtGOx8b7+95zqs3LJrfYi4apzpDHL/mU2s Pq25QxjYCPXNH2Ye8d87yMsX+1CuCaDh/2Frdlism1V/DZI2FcARtP3SW6cY9kBv N8o7FZY7vTYpg3wx2Npp5u4wT/Z6GZNW3PHCxNhfK9CnU+RwhbpoPj4CUY7+BcBY csBcWXhgf8etctJ4EkOzyRby28lIaHRkcSUPZvvp/dWgiOYwSFfgJVuMZdJFpSVD Mk1dcNRwU0wv0VDFyqhboHgj7Ssr2Ty0aU7k2wCt8C2J -----END CERTIFICATE-----