Net-Sieve
view release on metacpan or search on metacpan
lib/Net/Sieve.pm view on Meta::CPAN
my $self = bless ({}, ref ($class) || $class);
my $server = $param{server}||'localhost';
my $port = $param{port}||'2000';
my $user = $param{user};
my $password = $param{password};
my $net_domain = $param{net_domain}||AF_UNSPEC;
my $sslkeyfile = $param{sslkeyfile};
my $sslcertfile = $param{sslcertfile};
my $realm = $param{realm};
my $authmech = $param{autmech};
my $authzid = $param{authzid};
my $ssl_verify = 0x01;
$ssl_verify = 0x01 if $param{ssl_verify};
$ssl_verify = 0x00 if $param{ssl_verify} eq '0x00';
$ssl_verify = 0x00 if $param{notssl_verify};
my $dump_tls_information = $param{dumptlsinfo};
$DEBUGGING = $param{debug};
my %ssl_options = (
SSL_version => 'SSLv23:!SSLv2:!SSLv3',
SSL_cipher_list => 'ALL:!aNULL:!NULL:!LOW:!EXP:!ADH:@STRENGTH',
SSL_verify_mode => $ssl_verify,
SSL_ca_path => '/etc/ssl/certs',
);
my $prioritise_auth_external = 0;
my ($forbid_clearauth, $forbid_clearchan) = (0, 0);
unless (defined $server) {
$server = 'localhost';
if (exists $ENV{'IMAP_SERVER'}
and $ENV{'IMAP_SERVER'} !~ m!^/!) {
$server = $ENV{'IMAP_SERVER'};
# deal with a port number.
unless ($server =~ /:.*:/) { # IPv6 address literal
$server =~ s/:\d+\z//;
}
}
}
die "Bad server name\n"
unless $server =~ /^[A-Za-z0-9_.-]+\z/;
die "Bad port specification\n"
unless $port =~ /^[A-Za-z0-9_()-]+\z/;
unless (defined $user) {
if ($^O eq "MSWin32") {
# perlvar documents always "MSWin32" on Windows ...
# what about 64bit windows?
if (exists $ENV{USERNAME} and length $ENV{USERNAME}) {
$user = $ENV{USERNAME};
} elsif (exists $ENV{LOGNAME} and length $ENV{LOGNAME}) {
$user = $ENV{LOGNAME};
} else {
die "Unable to figure out a default user, sorry.\n";
}
} else {
$user = getpwuid $>;
}
# this should handle the non-mswin32 case if 64bit _is_ different.
die "Unable to figure out a default user, sorry!\n"
unless defined $user;
}
if ((defined $sslkeyfile and not defined $sslcertfile) or
(defined $sslcertfile and not defined $sslkeyfile)) {
die "Need both a client key and cert for SSL certificate auth.\n";
}
if (defined $sslkeyfile) {
$ssl_options{SSL_use_cert} = 1;
$ssl_options{SSL_key_file} = $sslkeyfile;
$ssl_options{SSL_cert_file} = $sslcertfile;
$prioritise_auth_external = 1;
}
my $sock = IO::Socket::INET6->new(
PeerHost => $server,
PeerPort => $port,
Proto => 'tcp',
Domain => $net_domain,
MultiHomed => 1, # try multiple IPs (IPv4 works, v6 doesn't?)
);
unless (defined $sock) {
my $extra = '';
if ($!{EINVAL} and $net_domain != AF_UNSPEC) {
$extra = " (Probably no host record for overriden IP version)\n";
}
die qq{Connection to "$server" [port $port] failed: $!\n$extra};
}
$sock->autoflush(1);
_debug("connection: remote host address is @{[$sock->peerhost()]}");
$self->{_sock} = $sock;
$self->_parse_capabilities();
$self->{_capa} = $raw_capabilities{SIEVE};
my $tls_bitlength = -1;
if (exists $capa{STARTTLS}) {
$self->ssend("STARTTLS");
$self->sget();
die "STARTTLS request rejected: $_\n" unless /^OK\b/;
IO::Socket::SSL->start_SSL($sock, %ssl_options) or do {
my $e = IO::Socket::SSL::errstr();
die "STARTTLS promotion failed: $e\n";
};
if (exists $main::{"Net::"} and exists $main::{"Net::"}{"SSLeay::"}) {
my $t = Net::SSLeay::get_cipher_bits($sock->_get_ssl_object(), 0);
$tls_bitlength = $t if defined $t and $t;
}
_debug("--- TLS activated here [$tls_bitlength bits]");
if ($dump_tls_information) {
print $sock->dump_peer_certificate();
( run in 2.447 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )