/ 
SPVM-IO-Socket-SSL-0.007
River stage zero No dependents
/ SPVM::IO::Socket::SSL

Name

SPVM::IO::Socket::SSL - Sockets for SSL Communication.

Description

This class is highly experimental and not yet implemented completly and not tested well and not yet documented.

IO::Socket::SSL class in SPVM represents sockets for SSL communication.

Usage

use IO::Socket::SSL;

# Client
my $host = "www.google.com";
my $port = 443;
my $socket = IO::Socket::SSL->new({PeerAddr => $host, PeerPort => $port});

my $write_buffer = "GET / HTTP/1.0\r\nHost: $host\r\n\r\n";
$socket->write($write_buffer);

my $read_buffer = (mutable string)new_string_len 100000;
while (1) {
  my $read_length = $socket->read($read_buffer);
  
  if ($read_length < 0) {
    die "Read error";
  }
  
  if ($read_length < length $read_buffer) {
    last;
  }
}

# Server
my $server_socket = IO::Socket::SSL->new({
  Listen => 10,
});
$server_socket->accept;

Super Class

IO::Socket::IP

Fields

ssl_ctx

has ssl_ctx : ro Net::SSLeay::SSL_CTX;

A Net::SSLeay::SSL_CTX object.

ssl

has ssl : ro Net::SSLeay;

A Net::SSLeay object. This object is set after "connect_SSL" method or "accept_SSL" method succeeds.

before_connect_SSL_cbs_list

has before_connect_SSL_cbs_list : ro List of IO::Socket::SSL::Callback::BeforeConnectSSL;

before_accept_SSL_cbs_list

has before_accept_SSL_cbs_list : ro List of IO::Socket::SSL::Callback::BeforeAcceptSSL;

Class Methods

new

static method new : IO::Socket::SSL ($options : object[] = undef);

Creates a new IO::Socket::SSL object, calls "init" method given the options $options, calls "configure" method, and return the new object.

Instance Methods

init

protected method init : void ($options : object[] = undef);

Initialize the instance given the options $options.

Options:

SSL_startHandshake

Type: Int

Default: 1

It this option is a true value, "configure" method calls "connect_SSL" method in the case that the instance is a client socket, and "accept" method calls "accept_SSL".

SSL_verify_mode

Type: Int

If the option is not specified and the instance is a client socket, the option value is set to SSL_VERIFY_PEER|SPVM::Net::SSLeay::Constant#/"SSL_VERIFY_PEER".

Otherwise it is set to SSL_VERIFY_NONE|SPVM::Net::SSLeay::Constant#/"SSL_VERIFY_NONE".

"configure_SSL" method calls set_verify method given the option value and the value of SSL_verify_callback option.

SSL_verify_callback

Type: Net::SSLeay::Callback::Verify

See SSL_verify_mode option about its beheivior.

SSL_passwd_cb

Type: Net::SSLeay::Callback::PemPassword

If the option value is defined, "configure_SSL" method calls set_default_passwd_cb method given the option value.

SSL_check_crl

Type: Int

The option value is a true value, X509_V_FLAG_CRL_CHECK|SPVM::Net::SSLeay::Constant#/"X509_V_FLAG_CRL_CHECK" flag is set to the Net::SSLeay::X509_VERIFY_PARAM object stored in the Net::SSLeay::SSL_CTX object.

SSL_crl_file

Type: string

SSL_ca_file

Type: string

SSL_ca_path

Type: string

SSL_ca

Type: Net::SSLeay::X509[]

SSL_cert_file

Type: string

SSL_cert

Type: Net::SSLeay::X509[]

SSL_key_file

Type: string

SSL_key

Type: Net::SSLeay::EVP_PKEY

SSL_hostname

Type: string

SSL_alpn_protocols

Type: string[]

option_names

protected method option_names : string[] ();

Returns available option names in "init" method.

configure

protected method configure : void ();

Congigures the instance by the following way.

Calls configure method in the super class, and calls "configure_SSL" method.

If the value of "SSL_startHandshake" option is a true value and the instance is a client socket, calls "connect_SSL" method.

configure_SSL

protected method configure_SSL : void ();

Configures this instacne and a Net::SSLeay::SSL_CTX object using options passed from "init" method.

connect_SSL

method connect_SSL : void ();

accept_SSL

method accept_SSL : void ();

accept

method accept : IO::Socket::SSL ($peer_ref : Sys::Socket::Sockaddr[] = undef);

read

method read : int ($buffer : mutable string, $length : int = -1, $offset : int = 0);

write

method write : int ($buffer : string, $length : int = -1, $offset : int = 0);

shutdown_SSL

method shutdown_SSL : int ();

dump_peer_certificate

method dump_peer_certificate : string ();

Calls Net::SSLeay#dump_peer_certificate method given the value of "ssl" field, and returns its return value.

Exceptions:

Exceptions thrown by Net::SSLeay#dump_peer_certificate method could be thrown.

alpn_selected

method alpn_selected : string ();

Calls Net::SSLeay#get0_alpn_selected method given appropriate arguments, converts the value of output argument to a string of appropriate length, and retunrs it.

get_sslversion

method get_sslversion : string ();

Returns the same output of Perl's IO::Socket::SSL method.

Exceptions:

If the version number is unknown, an exception is thrown.

get_sslversion_int

method get_sslversion_int : int ();

Calls Net::SSLeay#version method given the value of "ssl" field, and returns its return value.

get_cipher

method get_cipher : string ();

Calls Net::SSLeay#get_cipher method given the value of "ssl" field, and returns its return value.

Exceptions:

Exceptions thrown by Net::SSLeay#get_cipher method could be thrown.

get_servername

method get_servername : string ();

Calls Net::SSLeay#get_servername method given the value of "ssl" field, the value of TLSEXT_NAMETYPE_host_name, and returns its return value.

Exceptions:

Exceptions thrown by Net::SSLeay#get_servername method could be thrown.

peer_certificate

method peer_certificate : Net::SSLeay::X509 ();

Calls Net::SSLeay#get1_peer_certificate method given the value of "ssl" field, and returns its return value.

Exceptions:

Exceptions thrown by Net::SSLeay#get1_peer_certificate method could be thrown.

peer_certificates

method peer_certificates : Net::SSLeay::X509[];

Returns the same output of Perl's IO::Socket::SSL method.

sock_certificate

method sock_certificate : Net::SSLeay::X509 ();

Calls Net::SSLeay#get_certificate method given the value of "ssl" field, and returns its return value.

Exceptions:

Exceptions thrown by Net::SSLeay#get_certificate method could be thrown.

add_before_connect_SSL_cb

method add_before_connect_SSL_cb : void ($cb : IO::Socket::SSL::Callback::BeforeConnectSSL);

add_before_accept_SSL_cb

method add_before_accept_SSL_cb : void ($cb : IO::Socket::SSL::Callback::BeforeAcceptSSL);

stat

method stat : Sys::IO::Stat ();

This method is not supported in IO::Socket::SSL.

Exceptions:

An exception is thrown.

send

method send : int ($buffer : string, $flags : int = 0, $length : int = -1, $offset : int = 0);

This method is not supported in IO::Socket::SSL.

Exceptions:

An exception is thrown.

sendto

method sendto : int ($buffer : string, $flags : int, $to : Sys::Socket::Sockaddr, $length : int = -1, $offset : int = 0);

This method is not supported in IO::Socket::SSL.

Exceptions:

An exception is thrown.

recv

method recv : int ($buffer : mutable string, $length : int = -1, $flags : int = 0, $offset : int = 0);

This method is not supported in IO::Socket::SSL.

Exceptions:

An exception is thrown.

recvfrom

method recvfrom : int ($buffer : mutable string, $length : int, $flags : int, $from_ref : Sys::Socket::Sockaddr[], $offset : int = 0);

This method is not supported in IO::Socket::SSL.

Exceptions:

An exception is thrown.

DESTROY

method DESTROY : void ();

FAQ

How to customize Net::SSLeay::SSL_CTX object?

Sets "SSL_startHandshake" option to 0, gets a Net::SSLeay::SSL_CTX object by "ssl_ctx" getter, customizes it, and calls "connect_SSL" method in a client or calls "accept_SSL" method.

Client:

use Net::SSLeay::Constant as SSL;

my $host = "www.google.com";
my $port = 443;
my $socket = IO::Socket::SSL->new({PeerAddr => $host, PeerPort => $port, SSL_startHandshake => 0});

my $ssl_ctx = $socket->ssl_ctx;

$ssl_ctx->set_min_proto_version(SSL->TLS1_1_VERSION);

$socket->connect_SSL;

my $ssl = $socket->ssl;

Server:

use Net::SSLeay::Constant as SSL;

my $host = "www.google.com";
my $port = 443;
my $socket = IO::Socket::SSL->new({Listen => 1, SSL_startHandshake => 0});

my $ssl_ctx = $socket->ssl_ctx;

$ssl_ctx->set_min_proto_version(SSL->TLS1_1_VERSION);

my $accepted_socket = $socket->accept;

$accepted_socket->accept_SSL;

How to create Net::SSLeay::X509 objects for SSL_ca option from the return value of Mozilla::CA#SSL_ca method?

use Mozilla::CA;
use Net::SSLeay::BIO;
use Net::SSLeay::PEM;
use List;

my $ca = Mozilla::CA->SSL_ca;

my $bio = Net::SSLeay::BIO->new;

$bio->write($ca);

my $x509s_list = List->new(new Net::SSLeay::X509[0]);
while (1) {
  my $x509 = (Net::SSLeay::X509)undef;
  
  eval { $x509 = Net::SSLeay::PEM->read_bio_X509($bio); }
  
  if ($@) {
    if (eval_error_id isa_error Net::SSLeay::Error::PEM_R_NO_START_LINE) {
      last;
    }
    else {
      die $@;
    }
  }
  
  $x509s_list->push($x509);
}

my $x509s = (Net::SSLeay::X509[])$x509s_list->to_array;

my $SSL_ca_option = $x509x;

See Also

Repository

SPVM::IO::Socket::SSL - Github

Author

Yuki Kimoto kimoto.yuki@gmail.com

Copyright & License

Copyright (c) 2024 Yuki Kimoto

MIT License