Armadito-Agent
2 results

 view release on metacpan or  search on metacpan

lib/Armadito/Agent/HTTP/Client.pm  view on Meta::CPAN 


	if ( $self->{no_ssl_check} ) {

		# LWP 6 default behaviour is to check hostname
		# Fedora also backported this behaviour change in its LWP5 package, so
		# just checking on LWP version is not enough
		$self->{ua}->ssl_opts( verify_hostname => 0, SSL_verify_mode => 0 )
			if $self->{ua}->can('ssl_opts');
	}
	else {
		# only IO::Socket::SSL can perform full server certificate validation,
		# Net::SSL is only able to check certification authority, and not
		# certificate hostname
		IO::Socket::SSL->require();
		die "IO::Socket::SSL Perl module not available, "
			. "unable to validate SSL certificates "
			. "(workaround: use 'no-ssl-check' configuration parameter)"
			if $EVAL_ERROR;

		if ( $self->{logger}{verbosity} > LOG_DEBUG2 ) {
			$Net::SSLeay::trace = 2;
		}

		if ( $LWP::VERSION >= 6 ) {
			$self->{ua}->ssl_opts( SSL_ca_file => $self->{ca_cert_file} )
				if $self->{ca_cert_file};
			$self->{ua}->ssl_opts( SSL_ca_path => $self->{ca_cert_dir} )
				if $self->{ca_cert_dir};
		}
		else {
			# SSL_verifycn_scheme and SSL_verifycn_name are required
			die "IO::Socket::SSL Perl module too old "
				. "(available: $IO::Socket::SSL::VERSION, required: 1.14), "
				. "unable to validate SSL certificates "
				. "(workaround: use 'no-ssl-check' configuration parameter)"
				if $IO::Socket::SSL::VERSION < 1.14;

			# use a custom HTTPS handler to workaround default LWP5 behaviour
			Armadito::Agent::HTTP::Protocol::https->use(
				ca_cert_file => $self->{ca_cert_file},
				ca_cert_dir  => $self->{ca_cert_dir},
			);

			LWP::Protocol::implementor( 'https', 'Armadito::Agent::HTTP::Protocol::https' );

			# abuse user agent internal to pass values to the handler, so

lib/Armadito/Agent/HTTP/Protocol/https.pm  view on Meta::CPAN 

package Armadito::Agent::HTTP::Protocol::https;

use strict;
use warnings;
use base qw(LWP::Protocol::https);

use IO::Socket::SSL qw(SSL_VERIFY_NONE SSL_VERIFY_PEER);

sub import {
	my ( $class, %params ) = @_;

	IO::Socket::SSL::set_ctx_defaults( ca_file => $params{ca_cert_file} )
		if $params{ca_cert_file};
	IO::Socket::SSL::set_ctx_defaults( ca_path => $params{ca_cert_dir} )
		if $params{ca_cert_dir};
}

sub _extra_sock_opts {
	my ( $self, $host ) = @_;

	return (
		SSL_verify_mode => $self->{ua}->{ssl_check} ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
		SSL_verifycn_scheme => 'http',
		SSL_verifycn_name   => $host



( run in 0.236 second using v1.01-cache-2.11-cpan-0d8aa00de5b )