AnyEvent
view release on metacpan or search on metacpan
to emulate to avoid "criticals". what where they thinking...).
- mention json security issues in AnyEvent::Handle, now that Douglas
Crockford has foolishly and incompatibly changed JSON.
- changed default dns resolver "max_outstanding" value from 1 to 10,
the latter beinfg the intended value all along
(reported by Ilya Chesnokov).
- added new "AnyEvent::Impl::UV" interface module to the UV event lib
(written by Mike Lowell).
7.07 Tue Dec 17 17:45:02 CET 2013
- the documentation for custom tls verify schemes was wrong. make it agree
with the code (reported by Maxime Soulé).
- added cbor read and write types to AnyEvent::Handle (using CBOR::XS).
- work around an API change in openssl that could cause wrong tls connection
aborts, likely on windows only (analyzed by sten).
- calling AnyEvent->now_update with AnyEvent::Impl::Perl caused an
endless loop (reported by Dietrich Rebmann).
- add tlsv1_1 and tlsv1_2 protocols to AnyEvent::TLS
(patch by Maxime Soulé).
- document AnyEvent::Impl::IOAsync::set_loop and
$AnyEvent::Impl::IOAsync::LOOP. Though only documented now, this
- the timeout callback did not expect that $self can go
away any time.
4.12 Tue Jun 3 10:58:04 CEST 2008
- include AnyEvent::Intro, a tutorial for anyevent,
anyevent::socket and anyevent::handle.
- allow more options in on_error.
4.11 Fri May 30 23:42:25 CEST 2008
- INCOMPATIBLE CHANGE: replace ptr by real PTR lookup, provide
reverse_lookup and reverse_verify to replace it, support
v4mapped and v4compat addresses.
- provide more documentation for the resolver class.
- really replace longest run of :0: by :: in format_address,
also properly convert :: and ::1 again.
- support NAPTR record name and decode it.
- implement random weight sampling for SRV records, as per
rfc 2782.
- correctly abort on srv-record targets of ".".
- added AnyEvent::DNS::wait_for_slot.
- in the unlikely event of a virtual circuit connection
lib/AnyEvent/DNS.pm view on Meta::CPAN
=item AnyEvent::DNS::any $domain, $cb->(@rrs)
Tries to resolve the given domain and passes all resource records found
to the callback. Note that this uses a DNS C<ANY> query, which, as of RFC
8482, are officially deprecated.
=item AnyEvent::DNS::ptr $domain, $cb->(@hostnames)
Tries to make a PTR lookup on the given domain. See C<reverse_lookup>
and C<reverse_verify> if you want to resolve an IP address to a hostname
instead.
=item AnyEvent::DNS::reverse_lookup $ipv4_or_6, $cb->(@hostnames)
Tries to reverse-resolve the given IPv4 or IPv6 address (in textual form)
into its hostname(s). Handles V4MAPPED and V4COMPAT IPv6 addresses
transparently.
=item AnyEvent::DNS::reverse_verify $ipv4_or_6, $cb->(@hostnames)
The same as C<reverse_lookup>, but does forward-lookups to verify that
the resolved hostnames indeed point to the address, which makes spoofing
harder.
If you want to resolve an address into a hostname, this is the preferred
method: The DNS records could still change, but at least this function
verified that the hostname, at one point in the past, pointed at the IP
address you originally resolved.
Example:
AnyEvent::DNS::reverse_verify "2001:500:2f::f", sub { print shift };
# => f.root-servers.net
=cut
sub MAX_PKT() { 4096 } # max packet size we advertise and accept
sub DOMAIN_PORT() { 53 } # if this changes drop me a note
sub resolver ();
lib/AnyEvent/DNS.pm view on Meta::CPAN
my ($ip, $cb) = @_;
$ip = _munge_ptr AnyEvent::Socket::parse_address ($ip)
or return $cb->();
resolver->resolve ($ip => "ptr", sub {
$cb->(map $_->[4], @_);
});
}
sub reverse_verify($$) {
my ($ip, $cb) = @_;
my $ipn = AnyEvent::Socket::parse_address ($ip)
or return $cb->();
my $af = AnyEvent::Socket::address_family ($ipn);
my @res;
my $cnt;
lib/AnyEvent/Handle.pm view on Meta::CPAN
This will not work for partial TLS data that could not be encoded
yet. This data will be lost. Calling the C<stoptls> method in time might
help.
=item peername => $string
A string used to identify the remote site - usually the DNS hostname
(I<not> IDN!) used to create the connection, rarely the IP address.
Apart from being useful in error messages, this string is also used in TLS
peername verification (see C<verify_peername> in L<AnyEvent::TLS>). This
verification will be skipped when C<peername> is not specified or is
C<undef>.
=item tls => "accept" | "connect" | Net::SSLeay::SSL object
When this parameter is given, it enables TLS (SSL) mode, that means
AnyEvent will start a TLS handshake as soon as the connection has been
established and will transparently encrypt/decrypt data afterwards.
All TLS protocol errors will be signalled as C<EPROTO>, with an
lib/AnyEvent/Handle.pm view on Meta::CPAN
tls => "connect",
on_error => sub { ... };
$handle->push_write (...);
};
=item I want to contact a TLS/SSL server, I do care about security.
Then you should additionally enable certificate verification, including
peername verification, if the protocol you use supports it (see
L<AnyEvent::TLS>, C<verify_peername>).
E.g. for HTTPS:
tcp_connect $host, $port, sub {
my ($fh) = @_;
my $handle = new AnyEvent::Handle
fh => $fh,
peername => $host,
tls => "connect",
tls_ctx => { verify => 1, verify_peername => "https" },
...
Note that you must specify the hostname you connected to (or whatever
"peername" the protocol needs) as the C<peername> argument, otherwise no
peername verification will be done.
The above will use the system-dependent default set of trusted CA
certificates. If you want to check against a specific CA, add the
C<ca_file> (or C<ca_cert>) arguments to C<tls_ctx>:
tls_ctx => {
verify => 1,
verify_peername => "https",
ca_file => "my-ca-cert.pem",
},
=item I want to create a TLS/SSL server, how do I do that?
Well, you first need to get a server certificate and key. You have
three options: a) ask a CA (buy one, use cacert.org etc.) b) create a
self-signed certificate (cheap. check the search engine of your choice,
there are many tutorials on the net) or c) make your own CA (tinyca2 is a
nice program for that purpose).
lib/AnyEvent/IO.pm view on Meta::CPAN
aio_symlink "random data", "slink", sub {
@_
or return AE::log error => "slink: $!";
};
=item aio_readlink $path, $cb->($target)
Calls C<readlink> on the paths and passes the link target string to the
callback.
Example: read the symlink called Fyslink> and verify that it contains "random data".
aio_readlink "slink", sub {
my ($target) = @_
or return AE::log error => "slink: $!";
$target eq "random data"
or AE::log critical => "omg, the world will end!";
};
=item aio_rename $oldpath, $newpath, $cb->($success)
lib/AnyEvent/TLS.pm view on Meta::CPAN
# via AnyEvent::Handle
use AnyEvent;
use AnyEvent::Handle;
use AnyEvent::Socket;
# simple https-client
my $handle = new AnyEvent::Handle
connect => [$host, $port],
tls => "connect",
tls_ctx => { verify => 1, verify_peername => "https" },
...
# simple ssl-server
tcp_server undef, $port, sub {
my ($fh) = @_;
my $handle = new AnyEvent::Handle
fh => $fh,
tls => "accept",
tls_ctx => { cert_file => "my-server-keycert.pem" },
...
# directly
my $tls = new AnyEvent::TLS
verify => 1,
verify_peername => "ldaps",
ca_file => "/etc/cacertificates.pem";
=head1 DESCRIPTION
This module is a helper module that implements TLS/SSL (Transport Layer
Security/Secure Sockets Layer) contexts. A TLS context is a common set of
configuration values for use in establishing TLS connections.
For some quick facts about SSL/TLS, see the section of the same name near
the end of the document.
lib/AnyEvent/TLS.pm view on Meta::CPAN
This requires L<Net::SSLeay> >= 1.55 and OpenSSL >= 1.0.1. Check the
L<Net::SSLeay> and OpenSSL documentations for more details.
=item tlsv1_2 => $enabled
Enable or disable TLSv1_2 (normally I<enabled>).
This requires L<Net::SSLeay> >= 1.55 and OpenSSL >= 1.0.1. Check the
L<Net::SSLeay> and OpenSSL documentations for more details.
=item verify => $enable
Enable or disable peer certificate checking (default is I<disabled>, which
is I<not recommended>).
This is the "master switch" for all verify-related parameters and
functions.
If it is disabled, then no peer certificate verification will be done
- the connection will be encrypted, but the peer certificate won't be
verified against any known CAs, or whether it is still valid or not. No
peername verification or custom verification will be done either.
If enabled, then the peer certificate (required in client mode, optional
in server mode, see C<verify_require_client_cert>) will be checked against
its CA certificate chain - that means there must be a signing chain from
the peer certificate to any of the CA certificates you trust locally, as
specified by the C<ca_file> and/or C<ca_path> and/or C<ca_cert> parameters
(or the system default CA repository, if all of those parameters are
missing - see also the L<AnyEvent> manpage for the description of
PERL_ANYEVENT_CA_FILE).
Other basic checks, such as checking the validity period, will also be
done, as well as optional peername/hostname/common name verification
C<verify_peername>.
An optional C<verify_cb> callback can also be set, which will be invoked
with the verification results, and which can override the decision.
=item verify_require_client_cert => $enable
Enable or disable mandatory client certificates (default is
I<disabled>). When this mode is enabled, then a client certificate will be
required in server mode (a server certificate is mandatory, so in client
mode, this switch has no effect).
=item verify_peername => $scheme | $callback->($tls, $cert, $peername)
TLS only protects the data that is sent - it cannot automatically verify
that you are really talking to the right peer. The reason is that
certificates contain a "common name" (and a set of possible alternative
"names") that need to be checked against the peername (usually, but not
always, the DNS name of the server) in a protocol-dependent way.
This can be implemented by specifying a callback that has to verify that
the actual C<$peername> matches the given certificate in C<$cert>.
Since this can be rather hard to implement, AnyEvent::TLS offers a variety
of predefined "schemes" (lifted from L<IO::Socket::SSL>) that are named
like the protocols that use them:
=over 4
=item ldap (rfc4513), pop3,imap,acap (rfc2995), nntp (rfc4642)
lib/AnyEvent/TLS.pm view on Meta::CPAN
common name will always be checked against the peername.
=back
You can specify either the name of the parent protocol (recommended,
e.g. C<http>, C<ldap>), the protocol name as usually used in URIs
(e.g. C<https>, C<ldaps>) or the RFC (not recommended, e.g. C<rfc2995>,
C<rfc3920>).
This verification will only be done when verification is enabled (C<<
verify => 1 >>).
=item verify_cb => $callback->($tls, $ref, $cn, $depth, $preverify_ok, $x509_store_ctx, $cert)
Provide a custom peer verification callback used by TLS sessions,
which is called with the result of any other verification (C<verify>,
C<verify_peername>).
This callback will only be called when verification is enabled (C<< verify
=> 1 >>).
C<$tls> is the C<AnyEvent::TLS> object associated with the session,
while C<$ref> is whatever the user associated with the session (usually
an L<AnyEvent::Handle> object when used by AnyEvent::Handle).
C<$depth> is the current verification depth - C<$depth = 0> means the
certificate to verify is the peer certificate, higher levels are its CA
certificate and so on. In most cases, you can just return C<$preverify_ok>
if the C<$depth> is non-zero:
verify_cb => sub {
my ($tls, $ref, $cn, $depth, $preverify_ok, $x509_store_ctx, $cert) = @_;
return $preverify_ok
if $depth;
# more verification
},
C<$preverify_ok> is true iff the basic verification of the certificates
was successful (a valid CA chain must exist, the certificate has passed
basic validity checks, peername verification succeeded).
C<$x509_store_ctx> is the Net::SSLeay::X509_CTX> object.
C<$cert> is the C<Net::SSLeay::X509> object representing the
peer certificate, or zero if there was an error. You can call
C<AnyEvent::TLS::certname $cert> to get a nice user-readable string to
identify the certificate.
The callback must return either C<0> to indicate failure, or C<1> to
indicate success.
=item verify_client_once => $enable
Enable or disable skipping the client certificate verification on
renegotiations (default is I<disabled>, the certificate will always be
checked). Only makes sense in server mode.
=item ca_file => $path
If this parameter is specified and non-empty, it will be the path to a
file with (server) CA certificates in PEM format that will be loaded. Each
certificate will look like:
-----BEGIN CERTIFICATE-----
... (CA certificate in base64 encoding) ...
-----END CERTIFICATE-----
You have to enable verify mode (C<< verify => 1 >>) for this parameter to
have any effect.
=item ca_path => $path
If this parameter is specified and non-empty, it will be
the path to a directory with hashed CA certificate files in
PEM format. When the ca certificate is being verified, the
certificate will be hashed and looked up in that directory (see
L<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html> for
details)
The certificates specified via C<ca_file> take precedence over the ones
found in C<ca_path>.
You have to enable verify mode (C<< verify => 1 >>) for this parameter to
have any effect.
=item ca_cert => $string
In addition or instead of using C<ca_file> and/or C<ca_path>, you can
also use C<ca_cert> to directly specify the CA certificates (there can be
multiple) in PEM format, in a string.
=item check_crl => $enable
lib/AnyEvent/TLS.pm view on Meta::CPAN
# ssl_client only trust client certificates
# ssl_server only trust server certificates
# email only trust e-mail certificates
# object_sign only trust signing (CA) certificates
# ocsp_sign only trust ocsp signing certs
# ocsp_request only trust ocsp request certs
# purpose?
#TODO
# verify_depth?
# reuse_ctx
# session_cache_size
# session_cache
#=item debug => $level
#
#Enable or disable sending debugging output to STDERR. This is, as
#the name says, mostly for debugging. The default is taken from the
#C<PERL_ANYEVENT_TLS_DEBUG> environment variable.
#
lib/AnyEvent/TLS.pm view on Meta::CPAN
if ($dh_bio) {
my $dh = Net::SSLeay::PEM_read_bio_DHparams ($dh_bio);
Net::SSLeay::BIO_free ($dh_bio);
$dh or croak "$dh_file: failed to parse DH parameters - not PEM format?";
my $rv = Net::SSLeay::CTX_set_tmp_dh ($ctx, $dh);
Net::SSLeay::DH_free ($dh);
$rv or croak "$dh_file: failed to set DH parameters";
}
if ($arg{verify}) {
$self->{verify_mode} = Net::SSLeay::VERIFY_PEER ();
$self->{verify_mode} |= Net::SSLeay::VERIFY_FAIL_IF_NO_PEER_CERT ()
if $arg{verify_require_client_cert};
$self->{verify_mode} |= Net::SSLeay::VERIFY_CLIENT_ONCE ()
if $arg{verify_client_once};
} else {
$self->{verify_mode} = Net::SSLeay::VERIFY_NONE ();
}
$self->{verify_peername} = $arg{verify_peername}
if exists $arg{verify_peername};
$self->{verify_cb} = $arg{verify_cb}
if exists $arg{verify_cb};
$self->{session_ticket} = $arg{session_ticket}
if exists $arg{session_ticket};
$self->{debug} = $ENV{PERL_ANYEVENT_TLS_DEBUG}
if length $ENV{PERL_ANYEVENT_TLS_DEBUG};
$self->{debug} = $arg{debug}
if exists $arg{debug};
my $pw = $arg{cert_password};
Net::SSLeay::CTX_set_default_passwd_cb ($ctx, ref $pw ? $pw : sub { $pw });
if ($self->{verify_mode}) {
if (exists $arg{ca_file} or exists $arg{ca_path} or exists $arg{ca_cert}) {
# either specified: use them
if (exists $arg{ca_cert}) {
my ($ca_file, $g1) = _tmpfile delete $arg{ca_cert};
Net::SSLeay::CTX_load_verify_locations ($ctx, $ca_file, undef);
}
if (exists $arg{ca_file} or exists $arg{ca_path}) {
Net::SSLeay::CTX_load_verify_locations ($ctx, $arg{ca_file}, $arg{ca_path});
}
} elsif (length $ENV{PERL_ANYEVENT_CA_FILE} or length $ENV{PERL_ANYEVENT_CA_PATH}) {
Net::SSLeay::CTX_load_verify_locations (
$ctx,
$ENV{PERL_ANYEVENT_CA_FILE},
$ENV{PERL_ANYEVENT_CA_PATH},
);
} else {
# else fall back to defaults
Net::SSLeay::CTX_set_default_verify_paths ($ctx);
}
}
if (exists $arg{cert} or exists $arg{cert_file}) {
my ($g1, $g2);
if (exists $arg{cert}) {
croak "specifying both cert_file and cert is not allowed"
if exists $arg{cert_file};
lib/AnyEvent/TLS.pm view on Meta::CPAN
=item $ctx = $tls->ctx
Returns the actual L<Net::SSLeay::CTX> object (just an integer).
=cut
sub ctx {
$_[0]{ctx}
}
sub verify_hostname($$$);
sub _verify_hostname {
my ($self, $cn, $cert) = @_;
return 1
unless defined $cn;
return 1
unless exists $self->{verify_peername} && "none" ne lc $self->{verify_peername};
return $self->{verify_peername}->($self, $cn, $cert)
if ref $self->{verify_peername} && "ARRAY" ne ref $self->{verify_peername};
verify_hostname $cn, $cert, $self->{verify_peername}
}
sub verify {
my ($self, $session, $ref, $cn, $preverify_ok, $x509_store_ctx) = @_;
my $cert = $x509_store_ctx
? Net::SSLeay::X509_STORE_CTX_get_current_cert ($x509_store_ctx)
: undef;
my $depth = Net::SSLeay::X509_STORE_CTX_get_error_depth ($x509_store_ctx);
$preverify_ok &&= $self->_verify_hostname ($cn, $cert)
unless $depth;
$preverify_ok = $self->{verify_cb}->($self, $ref, $cn, $depth, $preverify_ok, $x509_store_ctx, $cert)
if $self->{verify_cb};
$preverify_ok
}
#=item $ssl = $tls->_get_session ($mode[, $ref])
#
#Creates a new Net::SSLeay::SSL session object, puts it into C<$mode>
#(C<accept> or C<connect>) and optionally associates it with the given
#C<$ref>. If C<$mode> is already a C<Net::SSLeay::SSL> object, then just
#associate data with it.
#
#=cut
lib/AnyEvent/TLS.pm view on Meta::CPAN
# # associate data
# Net::SSLeay::set_ex_data ($session, $REF_IDX, $ref+0);
# Scalar::Util::weaken ($REF_MAP{$ref+0} = $ref)
# if ref $ref;
if ($self->{debug}) {
#d# Net::SSLeay::set_info_callback ($session, 50000);
}
if ($self->{verify_mode}) {
Scalar::Util::weaken $self;
Scalar::Util::weaken $ref;
# we have to provide a dummy callbacks as at least Net::SSLeay <= 1.35
# try to call it even if specified as 0 or undef.
Net::SSLeay::set_verify
$session,
$self->{verify_mode},
sub { $self->verify ($session, $ref, $cn, @_) };
}
$session
}
sub _put_session($$) {
my ($self, $session) = @_;
# clear callback, if any
# this leaks memoryin Net::SSLeay up to at least 1.35, but there
# apparently is no other way.
Net::SSLeay::set_verify $session, 0, undef;
# # disassociate data
# delete $REF_MAP{Net::SSLeay::get_ex_data ($session, $REF_IDX)};
Net::SSLeay::free ($session);
}
#sub _ref($) {
# $REF_MAP{Net::SSLeay::get_ex_data ($_[0], $REF_IDX)}
#}
lib/AnyEvent/TLS.pm view on Meta::CPAN
$pattern = qr{^[^.]*\Q$1\E$}i;
} else {
$pattern = qr{^\Q$name\E$}i;
}
$cn =~ $pattern
}
# taken verbatim from IO::Socket::SSL, then changed to take advantage of
# AnyEvent utilities.
sub verify_hostname($$$) {
my ($cn, $cert, $scheme) = @_;
while (!ref $scheme) {
$scheme = $CN_SCHEME{$scheme}
or return 1;
}
my $cert_cn =
Net::SSLeay::X509_NAME_get_text_by_NID (
Net::SSLeay::X509_get_subject_name ($cert), Net::SSLeay::NID_commonName ());
lib/AnyEvent/TLS.pm view on Meta::CPAN
=item * "Trusting" a CA means trusting all certificates it has signed.
If you "trust" a CA certificate, then all certificates signed by it are
automatically considered trusted as well.
=item * A successfully verified certificate means that you can be
reasonably sure that whoever you are talking with really is who he claims
he is.
By verifying certificates against a number of CAs that you trust (meaning
it is signed directly or indirectly by such a CA), you can find out that
the other side really is whoever he claims, according to the CA policies,
and your belief in the integrity of the CA.
=item * Verifying the certificate signature is not everything.
Even when the certificate is correct, it might belong to somebody else: if
www.attacker.com can make your computer believe that it is really called
www.mybank.com (by making your DNS server believe this for example),
then it could send you the certificate for www.attacker.com that your
lib/AnyEvent/TLS.pm view on Meta::CPAN
=head1 BUGS
Due to the abysmal code quality of Net::SSLeay, this module will leak small
amounts of memory per TLS connection (currently at least one perl scalar).
=head1 AUTHORS
Marc Lehmann <schmorp@schmorp.de>.
Some of the API, documentation and implementation (verify_hostname),
and a lot of ideas/workarounds/knowledge have been taken from the
L<IO::Socket::SSL> module. Care has been taken to keep the API similar to
that and other modules, to the extent possible while providing a sensible
API for AnyEvent.
=cut
1
( run in 0.389 second using v1.01-cache-2.11-cpan-5467b0d2c73 )