view release on metacpan or  search on metacpan

SSLeay.pm  view on Meta::CPAN

   'IDEA-CBC-MD5' => "128 bit IDEA encryption with a MD5 MAC",
   'DES-CBC-MD5'  => "56 bit DES encryption with a MD5 MAC",
   'DES-CBC-SHA'  => "56 bit DES encryption with a SHA MAC",
   'DES-CBC3-MD5' => "192 bit EDE3 DES encryption with a MD5 MAC",
   'DES-CBC3-SHA' => "192 bit EDE3 DES encryption with a SHA MAC",
   'DES-CFB-M1'   => "56 bit CFB64 DES encryption with a one byte MD5 MAC",
);

use Crypt::SSLeay::X509;

# A xsupp bug made this necessary
sub Crypt::SSLeay::CTX::DESTROY  { shift->free; }
sub Crypt::SSLeay::Conn::DESTROY { shift->free; }
sub Crypt::SSLeay::X509::DESTROY { shift->free; }

1;

__END__

=head1 NAME

Crypt::SSLeay - OpenSSL support for LWP

=head1 HEARTBLEED WARNING

C<perl Makefile.PL> will display a warning if it thinks your OpenSSL might be vulnerable to the  L<Heartbleed Bug|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>. You can, of course, go ahead and install the module, but you should be aw...

=head1 SYNOPSIS

    use Net::SSL;
    use LWP::UserAgent;

    my $ua  = LWP::UserAgent->new(
        ssl_opts => { verify_hostname => 0 },
    );

    my $response = $ua->get('https://www.example.com/');
    print $response->content, "\n";

=head1 DESCRIPTION

This Perl module provides support for the HTTPS protocol under L<LWP>, to
allow an L<LWP::UserAgent> object to perform GET, HEAD, and POST requests
over encrypted socket connections. Please see L<LWP> for more information
on POST requests.

The C<Crypt::SSLeay> package provides C<Net::SSL>, which, if requested, is
loaded by C<LWP::Protocol::https> for https requests and provides the
necessary SSL glue.

This distribution also makes following deprecated modules available:

    Crypt::SSLeay::CTX
    Crypt::SSLeay::Conn
    Crypt::SSLeay::X509

=head1 DO YOU NEED Crypt::SSLeay?

Starting with version 6.02 of L<LWP>, C<https> support was unbundled into
L<LWP::Protocol::https>. This module specifies as one of its prerequisites
L<IO::Socket::SSL> which is automatically used by L<LWP::UserAgent> unless
this preference is overridden separately. C<IO::Socket::SSL> is a more
complete implementation, and, crucially, it allows hostname verification.
C<Crypt::SSLeay> does not support this. At this point, C<Crypt::SSLeay> is
maintained to support existing software that already depends on it.
However, it is possible that your software does not really depend on
C<Crypt::SSLeay>, only on the ability of C<LWP::UserAgent> class to
communicate with sites over SSL/TLS.

If are using version C<LWP> 6.02 or later, and therefore have installed
C<LWP::Protocol::https> and its dependencies, and do not explicitly C<use>
C<Net::SSL> before loading C<LWP::UserAgent>, or override the default socket
class, you are probably using C<IO::Socket::SSL> and do not really need
C<Crypt::SSLeay>.

If you have both C<Crypt::SSLeay> and C<IO::Socket::SSL> installed, and
would like to force C<LWP::UserAgent> to use C<Crypt::SSLeay>, you can
use:

    use Net::HTTPS;
    $Net::HTTPS::SSL_SOCKET_CLASS = 'Net::SSL';
    use LWP::UserAgent;

or

    local $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = 'Net::SSL';
    use LWP::UserAgent;

or

    use Net::SSL;
    use LWP::UserAgent;

=head1 ENVIRONMENT VARIABLES

=over 4

=item Specify SSL Socket Class

C<$ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS}> can be used to instruct
C<LWP::UserAgent> to use C<Net::SSL> for HTTPS support rather than
C<IO::Socket::SSL>.

=item Proxy Support

    $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';

=item Proxy Basic Authentication

    $ENV{HTTPS_PROXY_USERNAME} = 'username';
    $ENV{HTTPS_PROXY_PASSWORD} = 'password';

=item SSL diagnostics and Debugging

    $ENV{HTTPS_DEBUG} = 1;

=item Default SSL Version

    $ENV{HTTPS_VERSION} = '3';

=item Client Certificate Support

    $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
    $ENV{HTTPS_KEY_FILE}  = 'certs/notacakeynopass.pem';

=item CA cert Peer Verification

    $ENV{HTTPS_CA_FILE}   = 'certs/ca-bundle.crt';
    $ENV{HTTPS_CA_DIR}    = 'certs/';

=item Client PKCS12 cert support

    $ENV{HTTPS_PKCS12_FILE}     = 'certs/pkcs12.pkcs12';
    $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';

=back

=head1 INSTALL

=head2 OpenSSL

You must have OpenSSL installed before compiling this module. You can get
the latest OpenSSL package from L<https://www.openssl.org/source/>. We no
longer support pre-2000 versions of OpenSSL.

If you are building OpenSSL from source, please follow the directions
included in the source package.

=head2 Crypt::SSLeay via Makefile.PL

C<Makefile.PL> accepts the following command line arguments:

=over 4

=item C<incpath>

Path to OpenSSL headers. Can also be specified via C<$ENV{OPENSSL_INCLUDE}>.
If the command line argument is provided, it overrides any value specified
via the environment variable. Of course, you can ignore both the command
line argument and the environment variable, and just add the path to your
compiler specific environment variable such as C<CPATH> or C<INCLUDE> etc.