private_key results from the CPAN

private_key

UniEvent

view release on metacpan or search on metacpan

clib/src/panda/unievent/SslContext.cc view on Meta::CPAN

    auto ret = SslContext::attach(ctx);

    int ok;

    ok = SSL_CTX_use_certificate_file(ctx, cert_file.c_str(), SSL_FILETYPE_PEM);
    if (!ok) return make_unexpected(make_ssl_error_code(SSL_ERROR_SSL));

    ok = SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM);
    if (!ok) return make_unexpected(make_ssl_error_code(SSL_ERROR_SSL));

    ok = SSL_CTX_check_private_key(ctx);
    if (!ok) return make_unexpected(make_ssl_error_code(SSL_ERROR_SSL));

    return ret;
}

}}

clib/src/panda/unievent/ssl/SslFilter.cc view on Meta::CPAN

    WriteRequest* orig;
    bool          final;
    SslWriteRequest (WriteRequest* req = nullptr) : WriteRequest(), orig(req), final() {}
};
using SslWriteRequestSP = iptr<SslWriteRequest>;

SslFilter::SslFilter (Stream* stream, const SslContext &context, const SslFilterSP& server_filter)
        : StreamFilter(stream, TYPE, PRIORITY), state(State::initial), profile(Profile::UNKNOWN), server_filter(server_filter)
{
    panda_log_ctor();
    if (stream->listening() && !SSL_CTX_check_private_key(context)) throw Error("SSL certificate&key needed to listen()");
    #ifdef RENEGOTIATION_DISABLED
        SSL_CTX_set_options(context, SSL_OP_NO_RENEGOTIATION);
    #endif
    init(context);
}

SslFilter::SslFilter (Stream* stream, const SSL_METHOD* method) : SslFilter(stream, ssl_ctx_from_method(method)) {
}

SslFilter::~SslFilter () {

clib/tests/tcp/ssl.cc view on Meta::CPAN


    err = SSL_CTX_load_verify_locations(ctx, ca.c_str(), nullptr);
    assert(err);

    err = SSL_CTX_use_certificate_file(ctx, cert.c_str(), SSL_FILETYPE_PEM);
    assert(err);

    err = SSL_CTX_use_PrivateKey_file(ctx, key.c_str(), SSL_FILETYPE_PEM);
    assert(err);

    SSL_CTX_check_private_key(ctx);
    assert(err);

    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, nullptr);
    SSL_CTX_set_verify_depth(ctx, 4);

    return r;
}

static SslContext get_server_context(string ca_name) {
    auto ctx = SSL_CTX_new(SSLv23_server_method());

lib/UniEvent/Stream.pod view on Meta::CPAN

    $client->use_ssl;
    $client->connect($host, $port);
    ...

For servers, SSL must be enabled on listening stream, not on individual connection streams. The same SSL context will be used for accepted streams.

    my $server = UE::Tcp->new;
    my $ssl_ctx = Net::SSLeay::CTX_new();
    Net::SSLeay::CTX_use_certificate_file($ssl_ctx, "ca.pem", &Net::SSLeay::FILETYPE_PEM) or die;
    Net::SSLeay::CTX_use_PrivateKey_file($ssl_ctx, "ca.key", &Net::SSLeay::FILETYPE_PEM) or die;
    Net::SSLeay::CTX_check_private_key($ssl_ctx) or die;
    $server->use_ssl($ssl_ctx);
    $server->bind(...);
    $server->listen;

Enabling or disabling (see C<no_ssl()>) SSL can only be done in certain moments:

=over

=item

misc/sslserv.plx view on Meta::CPAN

my $server = new UniEvent::TCP();
$server->bind("*", $port);
$server->listen(128, \&new_connection);

my $ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_PEER(), sub {
    say "VERIFY CALLBACK";
});
Net::SSLeay::CTX_use_certificate_file($ctx, "cppTests/cert.pem", &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_use_PrivateKey_file($ctx, "cppTests/key.pem", &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_check_private_key($ctx) or sslerr();
$server->use_ssl($ctx);

say "ENTERING LOOP";
$d->run;
say "LOOP DONE";

sub new_connection {
    my ($server, $err) = @_;
    say "new_connection";
    say $err if $err;

t/lib/MyTest.pm view on Meta::CPAN

    } else {
        return var "pipe_$_[0]";
    }
}

sub get_ssl_ctx {
    my $SERV_CERT = "t/cert/ca.pem";
    my $serv_ctx = Net::SSLeay::CTX_new();
    Net::SSLeay::CTX_use_certificate_file($serv_ctx, $SERV_CERT, &Net::SSLeay::FILETYPE_PEM) or sslerr();
    Net::SSLeay::CTX_use_PrivateKey_file($serv_ctx, "t/cert/ca.key", &Net::SSLeay::FILETYPE_PEM) or sslerr();
    Net::SSLeay::CTX_check_private_key($serv_ctx) or die Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error);
    return $serv_ctx unless wantarray();
    
    my $client_ctx = Net::SSLeay::CTX_new();
    Net::SSLeay::CTX_load_verify_locations($client_ctx, $SERV_CERT, '') or die "something went wrong";
    
    return ($serv_ctx, $client_ctx);
}

sub make_basic_server {
    my ($loop, $sa) = @_;

t/tcp/ssl.t view on Meta::CPAN

use MyTest;
use Net::SockAddr;
use Net::SSLeay;

test_catch '[tcp-ssl]';

my $SERV_CERT = "t/cert/ca.pem";
my $serv_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_use_certificate_file($serv_ctx, $SERV_CERT, &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_use_PrivateKey_file($serv_ctx, "t/cert/ca.key", &Net::SSLeay::FILETYPE_PEM) or sslerr();
Net::SSLeay::CTX_check_private_key($serv_ctx) or sslerr();

my $client_ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_load_verify_locations($client_ctx, $SERV_CERT, '') or die "something went wrong";

subtest 'ssl doesnt emit empty messages' => sub {
    my $srv = new UE::Tcp;
    $srv->use_ssl($serv_ctx);
    $srv->bind_addr(SOCKADDR_LOOPBACK);
    $srv->listen;

view all matches for this distribution
view release on metacpan - search on metacpan

( run in 0.886 second using v1.00-cache-2.02-grep-82fe00e-cpan-f73e49a70403 )