Net-BEEP-Lite-TLSProfile
6 results

 view release on metacpan or  search on metacpan

META.yml  view on Meta::CPAN 

# http://module-build.sourceforge.net/META-spec.html
#XXXXXXX This is a prototype!!!  It will change in the future!!! XXXXX#
name:         Net-BEEP-Lite-TLSProfile
version:      0.01
version_from: TLSProfile.pm
installdirs:  site
requires:
    Carp:                          0
    IO::Socket::SSL:               0.9
    Net::BEEP::Lite:               0.02
    XML::LibXML:                   1.5

distribution_type: module
generated_by: ExtUtils::MakeMaker version 6.16

Makefile.PL  view on Meta::CPAN 


# See lib/ExtUtils/MakeMaker.pm for details of how to influence
# the contents of the Makefile that is written.

WriteMakefile
  (
   'NAME'		=> 'Net::BEEP::Lite::TLSProfile',
   'VERSION_FROM'	=> 'TLSProfile.pm',
   'PREREQ_PM'		=> {
			    'Net::BEEP::Lite' => 0.02,
			    'IO::Socket::SSL' => 0.90,
			    'Carp'            => 0,
			    'XML::LibXML'     => 1.50
			   },
   ABSTRACT_FROM        => 'TLSProfile.pm',
   AUTHOR               => 'David Blacka <davidb@verisignlabs.com>'
  );

README  view on Meta::CPAN 


   perl Makefile.PL
   make
   make test
   make install

DEPENDENCIES

This module requires these other modules and libraries:

  IO::Socket::SSL
  XML::LibXML

AUTHOR

Send questions, comments, suggestions, bugs to
davidb@verisignlabs.com.

COPYRIGHT AND LICENCE

Copyright (C) 2003 Verisign, Inc.

TLSProfile.pm  view on Meta::CPAN 


=head1 ABSTRACT

<Net::BEEP::Lite::TLSProfile> is a TLS profile for BEEP as defined by
RFC 3080 for use with the C<Net::BEEP::Lite> module.

=head1 DESCRIPTION

This is a TLS profile for BEEP as defined by RFC 3080 for use with the
C<Net::BEEP::Lite> module.  It can be use for both the initiator and
listener roles.  This module relies heavily on the C<IO::Socket::SSL>
module for the TLS implementation.

=cut

use Carp;
use strict;
use warnings;

use XML::LibXML;
use IO::Socket::SSL;

use Net::BEEP::Lite::Message;

use base qw(Net::BEEP::Lite::BaseProfile);

our($URI, $errstr, $VERSION);

$URI = 'http://iana.org/beep/TLS';

$VERSION = '0.01';

TLSProfile.pm  view on Meta::CPAN 


=item Callback

If this is set to a sub reference, this subroutine will be called upon
a successful TLS negotiation.  It will be passed a reference to the
session as its first and only argument.  For example, this might be
used to change the local profiles offered.

=item SSL_*

These are parameters that are understood by C<IO::Socket::SSL::new>.
You will probably want to use a few of them: SSL_cert_file,
SSL_key_file, and SSL_verify_mode are typical.

=back

=cut

sub initialize {
  my $self = shift;
  my %args = @_;

TLSProfile.pm  view on Meta::CPAN 

  my $self    = shift;
  my $session = shift;
  my $res;

  # start SSL
  my $sock = $session->_socket();
  my %ssl_args = %{$self->{_ssl_args}};
  $ssl_args{SSL_server} = $self->{_is_server} if $self->{_is_server};


  my $ssl_sock = IO::Socket::SSL->start_SSL($sock, %ssl_args);

  if ($ssl_sock) {
    # SSL negotation succeeded.
    $session->_set_socket($ssl_sock);

    # if there is a peer cert, load its info into the session;
    $session->{peer_certificate} = $ssl_sock->dump_peer_certificate();

    # normally, we remove the TLS profile itself.
    delete $session->{profiles}->{$self->uri()};

TLSProfile.pm  view on Meta::CPAN 

    &{$self->{_callback}}($session) if $self->{_callback};

    # FIXME: normally this would be done below, but some testing has
    # indicated that negotiation failure doesn't work the way it
    # ought.
    $session->_tuning_reset();

    $res = 1;
  }
  else {
    $errstr = "SSL/TLS negotiation failed: ",  &IO::Socket::SSL::errstr();
    print STDERR $errstr if $self->{debug};

    $res = undef;
  }

  # Do a tuning reset.
  # NOTE: this must be done even if the TLS negotation failed.
  # FIXME: some testing indicates otherwise, although the spec is clear.
  #$session->_tuning_reset();

TLSProfile.pm  view on Meta::CPAN 

}

=pod

=back

=head1 SEE ALSO

=over 4

=item L<IO::Socket::SSL>

=item L<Net::BEEP::Lite>

=cut

1;

t/test_tls_echo_client.pl  view on Meta::CPAN 


# if the remote end advertises TLS, we attempt to start it.
print "seeing if remote peer advertises $Net::BEEP::Lite::TLSProfile::URI\n";
if ($session->has_remote_profile($Net::BEEP::Lite::TLSProfile::URI)) {
  my $tls_profile = new Net::BEEP::Lite::TLSProfile
    (SSL_verify_mode => 0x01,
     SSL_ca_file     => "./localhost_ca-cacert.pem",
     Debug 	     => 1);

  # if you want to see the SSL debugging...
  # $IO::Socket::SSL::DEBUG = 4;

  $tls_profile->start_TLS($session) || die "could not establish TLS";

  print "Peer certificate: ", $session->{peer_certificate}, "\n";
  # you can also get the peer cert fields directly from the SSL socket
  # (although this uses an "internal" session API:
  print "Peer subject: ", $session->_socket()->peer_certificate("subject"),
    "\n";

  print "Peer now supports (after TLS):\n",

t/test_tls_echo_server.pl  view on Meta::CPAN 

   Debug         => 1,
   SSL_verify_mode => 0x00,  # do not verify client cert.
   SSL_ca_file   => "./localhost_ca-cacert.pem",
   SSL_cert_file => "./localhost-cert.pem",
   SSL_key_file  => "./localhost-key.pem",
   # the password callback isn't necessary, since the
   # localhost-key.pem isn't password protected.
   SSL_passwd_cb => sub { "some_pass" });

# if you wish to see the SSL debugging info
# $IO::Socket::SSL::DEBUG = 4;

Net::BEEP::Lite::beep_listen(Port                  => 10288,
                             Method                => 'fork',
                             Profiles              => [ $tls_profile ],
                             Debug                 => 1,
                             AllowMultipleChannels => 1);

sub tls_callback {
  my $session = shift;



( run in 0.555 second using v1.01-cache-2.11-cpan-4d50c553e7e )