UniEvent
view release on metacpan or search on metacpan
clib/src/panda/unievent/SslContext.cc view on Meta::CPAN
auto ret = SslContext::attach(ctx);
int ok;
ok = SSL_CTX_use_certificate_file(ctx, cert_file.c_str(), SSL_FILETYPE_PEM);
if (!ok) return make_unexpected(make_ssl_error_code(SSL_ERROR_SSL));
ok = SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM);
if (!ok) return make_unexpected(make_ssl_error_code(SSL_ERROR_SSL));
ok = SSL_CTX_check_private_key(ctx);
if (!ok) return make_unexpected(make_ssl_error_code(SSL_ERROR_SSL));
return ret;
}
}}
clib/src/panda/unievent/ssl/SslFilter.cc view on Meta::CPAN
WriteRequest* orig;
bool final;
SslWriteRequest (WriteRequest* req = nullptr) : WriteRequest(), orig(req), final() {}
};
using SslWriteRequestSP = iptr<SslWriteRequest>;
SslFilter::SslFilter (Stream* stream, const SslContext &context, const SslFilterSP& server_filter)
: StreamFilter(stream, TYPE, PRIORITY), state(State::initial), profile(Profile::UNKNOWN), server_filter(server_filter)
{
panda_log_ctor();
if (stream->listening() && !SSL_CTX_check_private_key(context)) throw Error("SSL certificate&key needed to listen()");
#ifdef RENEGOTIATION_DISABLED
SSL_CTX_set_options(context, SSL_OP_NO_RENEGOTIATION);
#endif
init(context);
}
SslFilter::SslFilter (Stream* stream, const SSL_METHOD* method) : SslFilter(stream, ssl_ctx_from_method(method)) {
}
SslFilter::~SslFilter () {
clib/src/panda/unievent/ssl/SslFilter.cc view on Meta::CPAN
write_bio = BIO_new(SslBio::method());
if (!write_bio) throw Error(make_ssl_error_code(SSL_ERROR_SSL));
SslBio::set_handle(read_bio, handle);
SslBio::set_handle(write_bio, handle);
SSL_set_bio(raw_ssl, read_bio, write_bio);
ssl = raw_ssl;
}
void SslFilter::listen () {
if (!SSL_check_private_key(ssl)) throw Error("SSL certificate&key needed to listen()");
NextFilter::listen();
}
void SslFilter::reset () {
if (state == State::initial) return;
_ESSL("reset, state: %d, connecting: %d", (int)state, handle->connecting());
StreamFilterSP hold = this;
(void)hold;
source_request = nullptr;
clib/tests/lib/test.cc view on Meta::CPAN
static SslContext ctx = nullptr;
if (ctx) {
return ctx;
}
auto raw = SSL_CTX_new(SSLv23_server_method());
if (!raw) throw Error(make_ssl_error_code(SSL_ERROR_SSL));
ctx = SslContext::attach(raw);
SSL_CTX_use_certificate_file(ctx, "tests/cert/ca.pem", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, "tests/cert/ca.key", SSL_FILETYPE_PEM);
if (!SSL_CTX_check_private_key(ctx)) throw panda::exception("bad ctx");
return ctx;
}
TcpSP make_basic_server (const LoopSP& loop, const SockAddr& sa) {
TcpSP server = new Tcp(loop);
server->bind(sa);
server->listen(1);
return server;
}
clib/tests/tcp/ssl.cc view on Meta::CPAN
err = SSL_CTX_load_verify_locations(ctx, ca.c_str(), nullptr);
assert(err);
err = SSL_CTX_use_certificate_file(ctx, cert.c_str(), SSL_FILETYPE_PEM);
assert(err);
err = SSL_CTX_use_PrivateKey_file(ctx, key.c_str(), SSL_FILETYPE_PEM);
assert(err);
SSL_CTX_check_private_key(ctx);
assert(err);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, nullptr);
SSL_CTX_set_verify_depth(ctx, 4);
return r;
}
static SslContext get_server_context(string ca_name) {
auto ctx = SSL_CTX_new(SSLv23_server_method());
clib/tests/tcp/ssl.cc view on Meta::CPAN
string cert = path + "/" + ca_name + ".pem";
string key = path + "/" + ca_name + ".key";
int err;
err = SSL_CTX_use_certificate_file(ctx, cert.c_str(), SSL_FILETYPE_PEM);
assert(err);
err = SSL_CTX_use_PrivateKey_file(ctx, key.c_str(), SSL_FILETYPE_PEM);
assert(err);
err = SSL_CTX_check_private_key(ctx);
assert(err);
err = SSL_CTX_load_verify_locations(ctx, cert.c_str(), nullptr);
assert(err);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
SSL_CTX_set_verify_depth(ctx, 4);
return r;
}
examples/echo-server.plx view on Meta::CPAN
my $server = UniEvent::Tcp->new;
if ($ca && $key) {
require Net::SSLeay;
my $ssl_err = sub {
die Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error);
};
my $serv_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_use_certificate_file($serv_ctx, $ca, &Net::SSLeay::FILETYPE_PEM) or $ssl_err->();
Net::SSLeay::CTX_use_PrivateKey_file($serv_ctx, $key, &Net::SSLeay::FILETYPE_PEM) or $ssl_err->();
Net::SSLeay::CTX_check_private_key($serv_ctx) or $ssl_err->();
$server->use_ssl($serv_ctx);
}
$server->bind('127.0.0.1', $port);
$server->listen;
say "$$ listening on port $port";
my %clients;
lib/UniEvent/Stream.pod view on Meta::CPAN
$client->use_ssl;
$client->connect($host, $port);
...
For servers, SSL must be enabled on listening stream, not on individual connection streams. The same SSL context will be used for accepted streams.
my $server = UE::Tcp->new;
my $ssl_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_use_certificate_file($ssl_ctx, "ca.pem", &Net::SSLeay::FILETYPE_PEM) or die;
Net::SSLeay::CTX_use_PrivateKey_file($ssl_ctx, "ca.key", &Net::SSLeay::FILETYPE_PEM) or die;
Net::SSLeay::CTX_check_private_key($ssl_ctx) or die;
$server->use_ssl($ssl_ctx);
$server->bind(...);
$server->listen;
Enabling or disabling (see C<no_ssl()>) SSL can only be done in certain moments:
=over
=item
misc/sslserv.plx view on Meta::CPAN
my $server = new UniEvent::TCP();
$server->bind("*", $port);
$server->listen(128, \&new_connection);
my $ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_PEER(), sub {
say "VERIFY CALLBACK";
});
Net::SSLeay::CTX_use_certificate_file($ctx, "cppTests/cert.pem", &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_use_PrivateKey_file($ctx, "cppTests/key.pem", &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_check_private_key($ctx) or sslerr();
$server->use_ssl($ctx);
say "ENTERING LOOP";
$d->run;
say "LOOP DONE";
sub new_connection {
my ($server, $err) = @_;
say "new_connection";
say $err if $err;
t/lib/MyTest.pm view on Meta::CPAN
} else {
return var "pipe_$_[0]";
}
}
sub get_ssl_ctx {
my $SERV_CERT = "t/cert/ca.pem";
my $serv_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_use_certificate_file($serv_ctx, $SERV_CERT, &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_use_PrivateKey_file($serv_ctx, "t/cert/ca.key", &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_check_private_key($serv_ctx) or die Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error);
return $serv_ctx unless wantarray();
my $client_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_load_verify_locations($client_ctx, $SERV_CERT, '') or die "something went wrong";
return ($serv_ctx, $client_ctx);
}
sub make_basic_server {
my ($loop, $sa) = @_;
t/tcp/ssl.t view on Meta::CPAN
use MyTest;
use Net::SockAddr;
use Net::SSLeay;
test_catch '[tcp-ssl]';
my $SERV_CERT = "t/cert/ca.pem";
my $serv_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_use_certificate_file($serv_ctx, $SERV_CERT, &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_use_PrivateKey_file($serv_ctx, "t/cert/ca.key", &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_check_private_key($serv_ctx) or sslerr();
my $client_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_load_verify_locations($client_ctx, $SERV_CERT, '') or die "something went wrong";
subtest 'ssl doesnt emit empty messages' => sub {
my $srv = new UE::Tcp;
$srv->use_ssl($serv_ctx);
$srv->bind_addr(SOCKADDR_LOOPBACK);
$srv->listen;
( run in 0.506 second using v1.01-cache-2.11-cpan-a5abf4f5562 )