This is an automated email from the git hooks/post-receive script.
dom pushed a commit to annotated tag upstream/1.054
in repository libnet-sslglue-perl.
commit 9249d8ce1cb66ad62554e5174edf4e18a91402b2
Author: Dominic Hargreaves <d...@earth.li>
Date: Thu Aug 27 19:57:21 2015 +0100
Imported Upstream version 1.054
---
Changes | 9 ++
MANIFEST | 3 +-
META.json | 46 ++++++++
META.yml | 41 ++++----
lib/Net/SSLGlue.pm | 4 +-
lib/Net/SSLGlue/FTP.pm | 221 +++++++++++++++++++-------------------
lib/Net/SSLGlue/LDAP.pm | 24 ++---
lib/Net/SSLGlue/LWP.pm | 274 +++++++++++++++++++++++++++---------------------
lib/Net/SSLGlue/POP3.pm | 190 ++++++++++++++++++---------------
lib/Net/SSLGlue/SMTP.pm | 181 ++++++++++++++++++--------------
t/external/03_lwp.t | 9 +-
t/external/05_ftp.t | 60 +++++------
12 files changed, 598 insertions(+), 464 deletions(-)
diff --git a/Changes b/Changes
index e853530..5a7e8fe 100644
--- a/Changes
+++ b/Changes
@@ -1,3 +1,12 @@
+1.054 2015/04/28
+- if a version of libnet is detected which already supports TLS (i.e.
+ libnet 3.0+) warn and use this instead.
+
+1.053 2014/05/28
+- if current LWP is detected is use this mostly unpatched
+- fix Net::SSLGlue::FTP to use the same hostname when verifying the
+ certificate of the data connection
+
1.052 2014/01/16
- FTPS: reuse same SSL session for control and data channnel to work
with default configuration of proftpd.
diff --git a/MANIFEST b/MANIFEST
index 2c2acbf..211ae7d 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -22,4 +22,5 @@ t/external/02_smtp.t
t/external/03_lwp.t
t/external/04_pop3.t
t/external/05_ftp.t
-META.yml Module meta-data (added by MakeMaker)
+META.yml Module YAML meta-data (added by
MakeMaker)
+META.json Module JSON meta-data (added by
MakeMaker)
diff --git a/META.json b/META.json
new file mode 100644
index 0000000..45287a6
--- /dev/null
+++ b/META.json
@@ -0,0 +1,46 @@
+{
+ "abstract" : "unknown",
+ "author" : [
+ "unknown"
+ ],
+ "dynamic_config" : 1,
+ "generated_by" : "ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter
version 2.120921",
+ "license" : [
+ "unknown"
+ ],
+ "meta-spec" : {
+ "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec";,
+ "version" : "2"
+ },
+ "name" : "Net-SSLGlue",
+ "no_index" : {
+ "directory" : [
+ "t",
+ "inc"
+ ]
+ },
+ "prereqs" : {
+ "build" : {
+ "requires" : {
+ "ExtUtils::MakeMaker" : "0"
+ }
+ },
+ "configure" : {
+ "requires" : {
+ "ExtUtils::MakeMaker" : "0"
+ }
+ },
+ "runtime" : {
+ "requires" : {
+ "IO::Socket::SSL" : "1.19"
+ }
+ }
+ },
+ "release_status" : "stable",
+ "resources" : {
+ "repository" : {
+ "url" : "https://github.com/noxxi/p5-net-sslglue";
+ }
+ },
+ "version" : "1.054"
+}
diff --git a/META.yml b/META.yml
index 8007d08..f840198 100644
--- a/META.yml
+++ b/META.yml
@@ -1,23 +1,24 @@
---- #YAML:1.0
-name: Net-SSLGlue
-version: 1.052
-abstract: ~
-author: []
-license: unknown
-distribution_type: module
-configure_requires:
- ExtUtils::MakeMaker: 0
+---
+abstract: unknown
+author:
+ - unknown
build_requires:
- ExtUtils::MakeMaker: 0
+ ExtUtils::MakeMaker: 0
+configure_requires:
+ ExtUtils::MakeMaker: 0
+dynamic_config: 1
+generated_by: 'ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version
2.120921'
+license: unknown
+meta-spec:
+ url: http://module-build.sourceforge.net/META-spec-v1.4.html
+ version: 1.4
+name: Net-SSLGlue
+no_index:
+ directory:
+ - t
+ - inc
requires:
- IO::Socket::SSL: 1.19
+ IO::Socket::SSL: 1.19
resources:
- repository: https://github.com/noxxi/p5-net-sslglue
-no_index:
- directory:
- - t
- - inc
-generated_by: ExtUtils::MakeMaker version 6.57_05
-meta-spec:
- url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: 1.4
+ repository: https://github.com/noxxi/p5-net-sslglue
+version: 1.054
diff --git a/lib/Net/SSLGlue.pm b/lib/Net/SSLGlue.pm
index 8e7ce83..70f1d34 100644
--- a/lib/Net/SSLGlue.pm
+++ b/lib/Net/SSLGlue.pm
@@ -1,5 +1,5 @@
package Net::SSLGlue;
-our $VERSION = '1.052';
+our $VERSION = '1.054';
=head1 NAME
@@ -25,7 +25,7 @@ available:
=item Net::LDAP - add proper certificate checking
-=item LWP - add proper certificate checking
+=item LWP - add proper certificate checking for older LWP versions
=back
diff --git a/lib/Net/SSLGlue/FTP.pm b/lib/Net/SSLGlue/FTP.pm
index 70d020a..ea1ba96 100644
--- a/lib/Net/SSLGlue/FTP.pm
+++ b/lib/Net/SSLGlue/FTP.pm
@@ -8,11 +8,20 @@ use IO::Socket::SSL '$SSL_ERROR';
use Net::SSLGlue::Socket;
use Socket 'AF_INET';
-our $VERSION = 1.001;
+our $VERSION = 1.002;
BEGIN {
+ require Net::FTP;
+ if (defined &Net::FTP::starttls) {
+ warn "using SSL support of Net::FTP $Net::FTP::VERSION instead of
SSLGlue";
+ goto DONE;
+ }
+
+ $Net::FTP::VERSION eq '2.77'
+ or warn "Not tested with Net::FTP version $Net::FTP::VERSION";
+
+ require Net::FTP::dataconn;
for my $class (qw(Net::FTP Net::FTP::dataconn)) {
- eval "require $class" or die "failed to load $class";
no strict 'refs';
my $fixed;
for( @{ "${class}::ISA" } ) {
@@ -24,13 +33,9 @@ BEGIN {
die "cannot replace IO::Socket::INET with Net::SSLGlue::Socket in
${class}::ISA"
if ! $fixed;
}
- $Net::FTP::VERSION eq '2.77'
- or warn "Not tested with Net::FTP version $Net::FTP::VERSION";
-}
-# redefine Net::FTP::new so that it understands SSL => 1 and connects directly
-# with SSL to the server
-{
+ # redefine Net::FTP::new so that it understands SSL => 1 and connects
directly
+ # with SSL to the server
no warnings 'redefine';
my $onew = Net::FTP->can('new');
*Net::FTP::new = sub {
@@ -53,68 +58,65 @@ BEGIN {
${*$self}{net_ftp_tlsargs} = \%sslargs;
return $self;
};
-}
-# add starttls method to upgrade connection to SSL: AUTH TLS
-sub Net::FTP::starttls {
- my $self = shift;
- $self->is_ssl and croak("called starttls within SSL session");
- $self->_AUTH('TLS') == Net::FTP::CMD_OK or return;
-
- my $host = $self->host;
- # for name verification strip port from domain:port, ipv4:port, [ipv6]:port
- $host =~s{(?<!:):\d+$}{};
-
- my %args = (
- SSL_verify_mode => 1,
- SSL_verifycn_scheme => 'ftp',
- SSL_verifycn_name => $host,
- # reuse SSL session of control connection in data connections
- SSL_session_cache => Net::SSLGlue::FTP::SingleSessionCache->new,
- %{ ${*$self}{net_ftp_tlsargs}},
- @_
- );
+ # add starttls method to upgrade connection to SSL: AUTH TLS
+ *Net::FTP::starttls = sub {
+ my $self = shift;
+ $self->is_ssl and croak("called starttls within SSL session");
+ $self->_AUTH('TLS') == &Net::FTP::CMD_OK or return;
+
+ my $host = $self->host;
+ # for name verification strip port from domain:port, ipv4:port,
[ipv6]:port
+ $host =~s{(?<!:):\d+$}{};
+
+ my %args = (
+ SSL_verify_mode => 1,
+ SSL_verifycn_scheme => 'ftp',
+ SSL_verifycn_name => $host,
+ # reuse SSL session of control connection in data connections
+ SSL_session_cache => Net::SSLGlue::FTP::SingleSessionCache->new,
+ %{ ${*$self}{net_ftp_tlsargs}},
+ @_
+ );
- $self->start_SSL(%args) or return;
- ${*$self}{net_ftp_tlsargs} = \%args;
- $self->prot('P');
- return 1;
-}
+ $self->start_SSL(%args) or return;
+ ${*$self}{net_ftp_tlsargs} = \%args;
+ $self->prot('P');
+ return 1;
+ };
-# add prot method to set protection level (PROT C|P)
-sub Net::FTP::prot {
- my ($self,$type) = @_;
- $type eq 'C' or $type eq 'P' or croak("type must by C or P");
- $self->_PBSZ(0) or return;
- $self->_PROT($type) or return;
- ${*$self}{net_ftp_tlstype} = $type;
- return 1;
-}
+ # add prot method to set protection level (PROT C|P)
+ *Net::FTP::prot = sub {
+ my ($self,$type) = @_;
+ $type eq 'C' or $type eq 'P' or croak("type must by C or P");
+ $self->_PBSZ(0) or return;
+ $self->_PROT($type) or return;
+ ${*$self}{net_ftp_tlstype} = $type;
+ return 1;
+ };
-# add stoptls method to downgrade connection from SSL: CCC
-sub Net::FTP::stoptls {
- my $self = shift;
- $self->is_ssl or croak("called stoptls outside SSL session");
- $self->_CCC() or return;
- $self->stop_SSL();
- return 1;
-}
+ # add stoptls method to downgrade connection from SSL: CCC
+ *Net::FTP::stoptls = sub {
+ my $self = shift;
+ $self->is_ssl or croak("called stoptls outside SSL session");
+ $self->_CCC() or return;
+ $self->stop_SSL();
+ return 1;
+ };
-# add EPSV for new style passive mode (incl. IPv6)
-sub Net::FTP::epsv {
- my $self = shift;
- @_ and croak 'usage: $ftp->epsv()';
- delete ${*$self}{net_ftp_intern_port};
+ # add EPSV for new style passive mode (incl. IPv6)
+ *Net::FTP::epsv = sub {
+ my $self = shift;
+ @_ and croak 'usage: $ftp->epsv()';
+ delete ${*$self}{net_ftp_intern_port};
- $self->_EPSV && $self->message =~ m{\(([\x33-\x7e])\1\1(\d+)\1\)}
- ? ${*$self}{'net_ftp_pasv'} = [ $self->peerhost, $2 ]
- : undef;
-}
+ $self->_EPSV && $self->message =~ m{\(([\x33-\x7e])\1\1(\d+)\1\)}
+ ? ${*$self}{'net_ftp_pasv'} = [ $self->peerhost, $2 ]
+ : undef;
+ };
-# redefine PASV so that it uses EPSV on IPv6
-# also net_ftp_pasv contains now the parsed [ip,port]
-{
- no warnings 'redefine';
+ # redefine PASV so that it uses EPSV on IPv6
+ # also net_ftp_pasv contains now the parsed [ip,port]
*Net::FTP::pasv = sub {
my $self = shift;
@_ and croak 'usage: $ftp->port()';
@@ -129,62 +131,56 @@ sub Net::FTP::epsv {
}
return;
};
-}
-# add EPRT for new style passive mode (incl. IPv6)
-sub Net::FTP::eprt {
- @_ == 1 || @_ == 2 or croak 'usage: $self->eprt([PORT])';
- return _eprt('EPRT',@_);
-}
+ # add EPRT for new style passive mode (incl. IPv6)
+ *Net::FTP::eprt = sub {
+ @_ == 1 || @_ == 2 or croak 'usage: $self->eprt([PORT])';
+ return _eprt('EPRT',@_);
+ };
-# redefine PORT to use EPRT for IPv6
-{
- no warnings 'redefine';
+ # redefine PORT to use EPRT for IPv6
*Net::FTP::port = sub {
@_ == 1 || @_ == 2 or croak 'usage: $self->port([PORT])';
return _eprt('PORT',@_);
};
-}
-sub _eprt {
- my ($cmd,$self,$port) = @_;
- delete ${*$self}{net_ftp_intern_port};
- unless ($port) {
- my $listen = ${*$self}{net_ftp_listen} ||= Net::SSLGlue::Socket->new(
- Listen => 1,
- Timeout => $self->timeout,
- LocalAddr => $self->sockhost,
- );
- ${*$self}{net_ftp_intern_port} = 1;
- my $fam = ($listen->sockdomain == AF_INET) ? 1:2;
- if ( $cmd eq 'EPRT' || $fam == 2 ) {
- $port = "|$fam|".$listen->sockhost."|".$listen->sockport."|";
- $cmd = 'EPRT';
- } else {
- my $p = $listen->sockport;
- $port = join(',',split(m{\.},$listen->sockhost),$p >> 8,$p & 0xff);
+ sub _eprt {
+ my ($cmd,$self,$port) = @_;
+ delete ${*$self}{net_ftp_intern_port};
+ unless ($port) {
+ my $listen = ${*$self}{net_ftp_listen} ||=
Net::SSLGlue::Socket->new(
+ Listen => 1,
+ Timeout => $self->timeout,
+ LocalAddr => $self->sockhost,
+ );
+ ${*$self}{net_ftp_intern_port} = 1;
+ my $fam = ($listen->sockdomain == AF_INET) ? 1:2;
+ if ( $cmd eq 'EPRT' || $fam == 2 ) {
+ $port = "|$fam|".$listen->sockhost."|".$listen->sockport."|";
+ $cmd = 'EPRT';
+ } else {
+ my $p = $listen->sockport;
+ $port = join(',',split(m{\.},$listen->sockhost),$p >> 8,$p &
0xff);
+ }
}
+ my $ok = $cmd eq 'EPRT' ? $self->_EPRT($port) : $self->_PORT($port);
+ ${*$self}{net_ftp_port} = $port if $ok;
+ return $ok;
}
- my $ok = $cmd eq 'EPRT' ? $self->_EPRT($port) : $self->_PORT($port);
- ${*$self}{net_ftp_port} = $port if $ok;
- return $ok;
-}
-for my $cmd (qw(PBSZ PROT CCC EPRT EPSV)) {
- no strict 'refs';
- *{"Net::FTP::_$cmd"} = sub {
- shift->command("$cmd @_")->response() == Net::FTP::CMD_OK
+ for my $cmd (qw(PBSZ PROT CCC EPRT EPSV)) {
+ no strict 'refs';
+ *{"Net::FTP::_$cmd"} = sub {
+ shift->command("$cmd @_")->response() == &Net::FTP::CMD_OK
+ }
}
-}
-# redefine _dataconn to
-# - support IPv6
-# - upgrade data connection to SSL if PROT P
-{
- no warnings 'redefine';
+ # redefine _dataconn to
+ # - support IPv6
+ # - upgrade data connection to SSL if PROT P
*Net::FTP::_dataconn = sub {
my $self = shift;
my $pkg = "Net::FTP::" . $self->type;
@@ -205,10 +201,13 @@ for my $cmd (qw(PBSZ PROT CCC EPRT EPSV)) {
}
if (( ${*$self}{net_ftp_tlstype} || '') eq 'P'
- && ! $conn->start_SSL( $self->is_ssl
- ? ( SSL_reuse_ctx => $self )
- : ( %{${*$self}{net_ftp_tlsargs}} )
- ) ) {
+ && ! $conn->start_SSL( $self->is_ssl ? (
+ SSL_reuse_ctx => $self,
+ SSL_verifycn_name =>
${*$self}{net_ftp_tlsargs}->{SSL_verifycn_name}
+ ):(
+ %{${*$self}{net_ftp_tlsargs}}
+ )
+ )) {
croak("failed to ssl upgrade dataconn: $SSL_ERROR");
return;
}
@@ -220,6 +219,9 @@ for my $cmd (qw(PBSZ PROT CCC EPRT EPSV)) {
${*$conn}{net_ftp_blksize} = ${*$self}{net_ftp_blksize};
return $conn;
};
+
+ DONE:
+ 1;
}
{
@@ -288,8 +290,7 @@ of L<IO::Socket::SSL> to C<Net::FTP::new>.
=item starttls
If the connection is not yet SSLified it will issue the "AUTH TLS" command and
-change the object, so that SSL will now be used. The usual C<SSL_*> parameter
of
-L<IO::Socket::SSL> will be given.
+change the object, so that SSL will now be used.
=item peer_certificate ...
diff --git a/lib/Net/SSLGlue/LDAP.pm b/lib/Net/SSLGlue/LDAP.pm
index e26f26a..d618341 100644
--- a/lib/Net/SSLGlue/LDAP.pm
+++ b/lib/Net/SSLGlue/LDAP.pm
@@ -12,16 +12,16 @@ our %SSLopts;
# Net::LDAP::_SSL_context_init_args
my $old = defined &Net::LDAP::_SSL_context_init_args
- && \&Net::LDAP::_SSL_context_init_args
- || die "cannot find Net::LDAP::_SSL_context_init_args";
+ && \&Net::LDAP::_SSL_context_init_args
+ || die "cannot find Net::LDAP::_SSL_context_init_args";
no warnings 'redefine';
*Net::LDAP::_SSL_context_init_args = sub {
- my %arg = $old->(@_);
- $arg{SSL_verifycn_scheme} ||= 'ldap' if $arg{SSL_verify_mode};
- while ( my ($k,$v) = each %SSLopts ) {
- $arg{$k} = $v;
- }
- return %arg;
+ my %arg = $old->(@_);
+ $arg{SSL_verifycn_scheme} ||= 'ldap' if $arg{SSL_verify_mode};
+ while ( my ($k,$v) = each %SSLopts ) {
+ $arg{$k} = $v;
+ }
+ return %arg;
};
1;
@@ -32,10 +32,10 @@ Net::SSLGlue::LDAP - proper certificate checking for ldaps
in Net::LDAP
=head1 SYNOPSIS
- use Net::SSLGlue::LDAP;
- local %Net::SSLGlue::LDAP = ( SSL_verifycn_name => $hostname_in_cert );
- my $ldap = Net::LDAP->new( $hostname, capath => ... );
- $ldap->start_tls;
+ use Net::SSLGlue::LDAP;
+ local %Net::SSLGlue::LDAP = ( SSL_verifycn_name => $hostname_in_cert );
+ my $ldap = Net::LDAP->new( $hostname, capath => ... );
+ $ldap->start_tls;
=head1 DESCRIPTION
diff --git a/lib/Net/SSLGlue/LWP.pm b/lib/Net/SSLGlue/LWP.pm
index 9eb83b8..43ec259 100644
--- a/lib/Net/SSLGlue/LWP.pm
+++ b/lib/Net/SSLGlue/LWP.pm
@@ -1,132 +1,156 @@
use strict;
use warnings;
package Net::SSLGlue::LWP;
-our $VERSION = 0.4;
+our $VERSION = 0.5;
use LWP::UserAgent '5.822';
use IO::Socket::SSL 1.19;
use URI;
# force Net::SSLGlue::LWP::Socket as superclass of Net::HTTPS, because
# only it can verify certificates
+my $use_existent;
BEGIN {
+ require LWP::Protocol::https;
+ $use_existent = $LWP::Protocol::https::VERSION >= 6.06
+ && $LWP::UserAgent::VERSION >= 6.06;
+ if ($use_existent) {
+ my $oc = $Net::HTTPS::SSL_SOCKET_CLASS ||
+ $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS};
+ $use_existent = 0 if $oc && $oc ne 'IO::Socket::SSL';
+ }
+ if ($use_existent) {
+ warn "Your LWP::UserAgent/LWP::Protocol::https looks fine.\n".
+ "Will use it instead of Net::SSLGLue::LWP\n";
+ } else {
my $oc = $Net::HTTPS::SSL_SOCKET_CLASS;
$Net::HTTPS::SSL_SOCKET_CLASS = my $need = 'Net::SSLGlue::LWP::Socket';
require Net::HTTPS;
- require LWP::Protocol::https;
+
if ( ( my $oc = $Net::HTTPS::SSL_SOCKET_CLASS ) ne $need ) {
- # was probably loaded before, change ISA
- grep { s{^\Q$oc\E$}{$need} } @Net::HTTPS::ISA
+ # was probably loaded before, change ISA
+ grep { s{^\Q$oc\E$}{$need} } @Net::HTTPS::ISA
}
die "cannot force $need into Net::HTTPS"
- if $Net::HTTPS::SSL_SOCKET_CLASS ne $need;
+ if $Net::HTTPS::SSL_SOCKET_CLASS ne $need;
+ }
}
+
our %SSLopts; # set by local and import
sub import {
- shift;
- %SSLopts = @_;
+ shift;
+ %SSLopts = @_;
}
-{
- # add SSL options
- my $old_eso = UNIVERSAL::can( 'LWP::Protocol::https','_extra_sock_opts'
);
- no warnings 'redefine';
- *LWP::Protocol::https::_extra_sock_opts = sub {
- return (
- $old_eso ? ( $old_eso->(@_) ):(),
- SSL_verify_mode => 1,
- SSL_verifycn_scheme => 'http',
- HTTPS_proxy => $_[0]->{ua}{https_proxy},
- %SSLopts,
- );
- };
+if (!$use_existent) {
+ # add SSL options
+ my $old_eso = UNIVERSAL::can( 'LWP::Protocol::https','_extra_sock_opts' );
+ no warnings 'redefine';
+ *LWP::Protocol::https::_extra_sock_opts = sub {
+ return (
+ $old_eso ? ( $old_eso->(@_) ):(),
+ SSL_verify_mode => 1,
+ SSL_verifycn_scheme => 'http',
+ HTTPS_proxy => $_[0]->{ua}{https_proxy},
+ %SSLopts,
+ );
+ };
+
+ # fix https_proxy handling - forward it to a variable handled by me
+ my $old_proxy = defined &LWP::UserAgent::proxy && \&LWP::UserAgent::proxy
+ or die "cannot find LWP::UserAgent::proxy";
+ *LWP::UserAgent::proxy = sub {
+ my ($self,$key,$val) = @_;
+ goto &$old_proxy if ref($key) || $key ne 'https';
+ if (@_>2) {
+ my $rv = &$old_proxy;
+ $self->{https_proxy} = delete $self->{proxy}{https}
+ || die "https proxy not set?";
+ }
+ return $self->{https_proxy};
+ };
+
+} else {
+ # wrapper around LWP::Protocol::https::_extra_sock_opts to support %SSLopts
+ my $old_eso = UNIVERSAL::can( 'LWP::Protocol::https','_extra_sock_opts' )
+ or die "no LWP::Protocol::https::_extra_sock_opts found";
+ no warnings 'redefine';
+ *LWP::Protocol::https::_extra_sock_opts = sub {
+ return (
+ $old_eso->(@_),
+ %SSLopts,
+ );
+ };
}
{
- # fix https_proxy handling - forward it to a variable handled by me
- my $old_proxy = defined &LWP::UserAgent::proxy &&
\&LWP::UserAgent::proxy
- or die "cannot find LWP::UserAgent::proxy";
- no warnings 'redefine';
- *LWP::UserAgent::proxy = sub {
- my ($self,$key,$val) = @_;
- goto &$old_proxy if ref($key) || $key ne 'https';
- if (@_>2) {
- my $rv = &$old_proxy;
- $self->{https_proxy} = delete $self->{proxy}{https}
- || die "https proxy not set?";
- }
- return $self->{https_proxy};
+
+ package Net::SSLGlue::LWP::Socket;
+ use IO::Socket::SSL;
+ use base 'IO::Socket::SSL';
+ my $sockclass = 'IO::Socket::INET';
+ use URI::Escape 'uri_unescape';
+ use MIME::Base64 'encode_base64';
+ $sockclass .= '6' if eval "require IO::Socket::INET6";
+
+ sub configure {
+ my ($self,$args) = @_;
+ my $phost = delete $args->{HTTPS_proxy}
+ or return $self->SUPER::configure($args);
+ $phost = URI->new($phost) if ! ref $phost;
+
+ my $port = $args->{PeerPort};
+ my $host = $args->{PeerHost} || $args->{PeerAddr};
+ if ( ! $port ) {
+ $host =~s{:(\w+)$}{};
+ $port = $args->{PeerPort} = $1;
+ $args->{PeerHost} = $host;
+ }
+ if ( $phost->scheme ne 'http' ) {
+ $@ = "scheme ".$phost->scheme." not supported for https_proxy";
+ return;
+ }
+ my $auth = '';
+ if ( my ($user,$pass) = split( ':', $phost->userinfo || '' ) ) {
+ $auth = "Proxy-authorization: Basic ".
+ encode_base64( uri_unescape($user).':'.uri_unescape($pass),'' ).
+ "\r\n";
}
-}
-{
+ my $pport = $phost->port;
+ $phost = $phost->host;
+
+ # temporally downgrade $self so that the right connect chain
+ # gets called w/o doing SSL stuff. If we don't do it it will
+ # try to call IO::Socket::SSL::connect
+ my $ssl_class = ref($self);
+ bless $self,$sockclass;
+ $self->configure({ %$args, PeerAddr => $phost, PeerPort => $pport }) or
do {
+ $@ = "connect to proxy $phost port $pport failed";
+ return;
+ };
+ print $self "CONNECT $host:$port HTTP/1.0\r\n$auth\r\n";
+ my $hdr = '';
+ while (<$self>) {
+ $hdr .= $_;
+ last if $_ eq "\n" or $_ eq "\r\n";
+ }
+ if ( $hdr !~m{\AHTTP/1.\d 2\d\d} ) {
+ # error
+ $@ = "non 2xx response to CONNECT: $hdr";
+ return;
+ }
- package Net::SSLGlue::LWP::Socket;
- use IO::Socket::SSL;
- use base 'IO::Socket::SSL';
- my $sockclass = 'IO::Socket::INET';
- use URI::Escape 'uri_unescape';
- use MIME::Base64 'encode_base64';
- $sockclass .= '6' if eval "require IO::Socket::INET6";
-
- sub configure {
- my ($self,$args) = @_;
- my $phost = delete $args->{HTTPS_proxy}
- or return $self->SUPER::configure($args);
- $phost = URI->new($phost) if ! ref $phost;
-
- my $port = $args->{PeerPort};
- my $host = $args->{PeerHost} || $args->{PeerAddr};
- if ( ! $port ) {
- $host =~s{:(\w+)$}{};
- $port = $args->{PeerPort} = $1;
- $args->{PeerHost} = $host;
- }
- if ( $phost->scheme ne 'http' ) {
- $@ = "scheme ".$phost->scheme." not supported for
https_proxy";
- return;
- }
- my $auth = '';
- if ( my ($user,$pass) = split( ':', $phost->userinfo || '' ) ) {
- $auth = "Proxy-authorization: Basic ".
- encode_base64(
uri_unescape($user).':'.uri_unescape($pass),'' ).
- "\r\n";
- }
-
- my $pport = $phost->port;
- $phost = $phost->host;
-
- # temporally downgrade $self so that the right connect chain
- # gets called w/o doing SSL stuff. If we don't do it it will
- # try to call IO::Socket::SSL::connect
- my $ssl_class = ref($self);
- bless $self,$sockclass;
- $self->configure({ %$args, PeerAddr => $phost, PeerPort =>
$pport }) or do {
- $@ = "connect to proxy $phost port $pport failed";
- return;
- };
- print $self "CONNECT $host:$port HTTP/1.0\r\n$auth\r\n";
- my $hdr = '';
- while (<$self>) {
- $hdr .= $_;
- last if $_ eq "\n" or $_ eq "\r\n";
- }
- if ( $hdr !~m{\AHTTP/1.\d 2\d\d} ) {
- # error
- $@ = "non 2xx response to CONNECT: $hdr";
- return;
- }
-
- # and upgrade self by calling start_SSL
- $ssl_class->start_SSL( $self,
- SSL_verifycn_name => $host,
- %$args
- ) or do {
- $@ = "start SSL failed: $SSL_ERROR";
- return;
- };
- return $self;
+ # and upgrade self by calling start_SSL
+ $ssl_class->start_SSL( $self,
+ SSL_verifycn_name => $host,
+ %$args
+ ) or do {
+ $@ = "start SSL failed: $SSL_ERROR";
+ return;
};
+ return $self;
+ };
}
1;
@@ -136,25 +160,25 @@ sub import {
Net::SSLGlue::LWP - proper certificate checking for https in LWP
=head1 SYNOPSIS
-
- use Net::SSLGlue::LWP SSL_ca_path => ...;
- use LWP::Simple;
- get( 'https://www....' );
-
- {
- local %Net::SSLGlue::LWP::SSLopts = %Net::SSLGlue::LWP::SSLopts;
-
- # switch off verification
- $Net::SSLGlue::LWP::SSLopts{SSL_verify_mode} = 0;
-
- # or: set different verification policy, because cert does
- # not conform to RFC (wildcards in CN are not allowed for https,
- # but some servers do it anyway)
- $Net::SSLGlue::LWP::SSLopts{SSL_verifycn_scheme} = {
- wildcards_in_cn => 'anywhere',
- check_cn => 'always',
- };
- }
+u
+ use Net::SSLGlue::LWP SSL_ca_path => ...;
+ use LWP::Simple;
+ get( 'https://www....' );
+
+ {
+ local %Net::SSLGlue::LWP::SSLopts = %Net::SSLGlue::LWP::SSLopts;
+
+ # switch off verification
+ $Net::SSLGlue::LWP::SSLopts{SSL_verify_mode} = 0;
+
+ # or: set different verification policy, because cert does
+ # not conform to RFC (wildcards in CN are not allowed for https,
+ # but some servers do it anyway)
+ $Net::SSLGlue::LWP::SSLopts{SSL_verifycn_scheme} = {
+ wildcards_in_cn => 'anywhere',
+ check_cn => 'always',
+ };
+ }
=head1 DESCRIPTION
@@ -164,6 +188,9 @@ L<Net::HTTPS> is forced to use L<IO::Socket::SSL> instead
of L<Crypt::SSLeay>,
and that L<LWP::Protocol::https> does proper certificate checking using the
C<http> SSL_verify_scheme from L<IO::Socket::SSL>.
+This module should only be used for older LWP version, see B<Supported LWP
+versions> below.
+
Because L<LWP> does not have a mechanism to forward arbitrary parameters for
the construction of the underlying socket these parameters can be set globally
when including the package, or with local settings of the
@@ -192,13 +219,20 @@ another name you can specify it with this parameter.
=back
+=head1 Supported LWP versions
+
+This module should be used for older LWP version only. Starting with version
+6.06 it is recommended to use LWP directly. If a recent version is found
+Net::SSLGlue::LWP will print out a warning and not monkey patch too much into
+LWP (only as much as necessary to still support
C<%Net::SSLGlue::LWP::SSLopts>).
+
=head1 SEE ALSO
IO::Socket::SSL, LWP, Net::HTTPS, LWP::Protocol::https
=head1 COPYRIGHT
-This module is copyright (c) 2008, Steffen Ullrich.
+This module is copyright (c) 2008..2015, Steffen Ullrich.
All Rights Reserved.
This module is free software. It may be used, redistributed and/or modified
under the same terms as Perl itself.
diff --git a/lib/Net/SSLGlue/POP3.pm b/lib/Net/SSLGlue/POP3.pm
index 498e3fd..34b5174 100644
--- a/lib/Net/SSLGlue/POP3.pm
+++ b/lib/Net/SSLGlue/POP3.pm
@@ -4,42 +4,55 @@ use warnings;
package Net::SSLGlue::POP3;
use IO::Socket::SSL 1.19;
use Net::POP3;
-our $VERSION = 0.91;
-
-##############################################################################
-# mix starttls method into Net::POP3 which on SSL handshake success
-# upgrades the class to Net::POP3::_SSLified
-##############################################################################
-sub Net::POP3::starttls {
+our $VERSION = 0.911;
+
+my $DONT;
+BEGIN {
+ if (defined &Net::POP3::starttls) {
+ warn "using SSL support of Net::POP3 $Net::POP3::VERSION instead of
SSLGlue";
+ $DONT = 1;
+ goto DONE;
+ }
+
+
##############################################################################
+ # mix starttls method into Net::POP3 which on SSL handshake success
+ # upgrades the class to Net::SSLGlue::POP3::_SSLified
+
##############################################################################
+ *Net::POP3::starttls = sub {
my $self = shift;
$self->_STLS or return;
my $host = $self->host;
# for name verification strip port from domain:port, ipv4:port,
[ipv6]:port
$host =~s{(?<!:):\d+$}{};
- Net::POP3::_SSLified->start_SSL( $self,
- SSL_verify_mode => 1,
- SSL_verifycn_scheme => 'pop3',
- SSL_verifycn_name => $host,
- @_
+ Net::SSLGlue::POP3::_SSLified->start_SSL( $self,
+ SSL_verify_mode => 1,
+ SSL_verifycn_scheme => 'pop3',
+ SSL_verifycn_name => $host,
+ @_
) or return;
-}
-sub Net::POP3::_STLS {
+ };
+
+ *Net::POP3::_STLS = sub {
shift->command("STLS")->response() == Net::POP3::CMD_OK
-}
+ };
-no warnings 'redefine';
-my $old_new = \&Net::POP3::new;
-*Net::POP3::new = sub {
+ no warnings 'redefine';
+ my $old_new = \&Net::POP3::new;
+ *Net::POP3::new = sub {
my $class = shift;
my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ );
if ( delete $arg{SSL} ) {
- $arg{Port} ||= 995;
- return Net::POP3::_SSLified->new(%arg);
+ $arg{Port} ||= 995;
+ return Net::SSLGlue::POP3::_SSLified->new(%arg);
} else {
- return $old_new->($class,%arg);
+ return $old_new->($class,%arg);
}
-};
+ };
+
+ DONE:
+ 1;
+}
##############################################################################
# Socket class derived from IO::Socket::SSL
@@ -47,25 +60,29 @@ my $old_new = \&Net::POP3::new;
##############################################################################
our %SSLopts;
{
- package Net::POP3::_SSL_Socket;
- our @ISA = 'IO::Socket::SSL';
- sub configure_SSL {
- my ($self,$arg_hash) = @_;
-
- # set per default strict certificate verification
- $arg_hash->{SSL_verify_mode} = 1
- if ! exists $arg_hash->{SSL_verify_mode};
- $arg_hash->{SSL_verifycn_scheme} = 'pop3'
- if ! exists $arg_hash->{SSL_verifycn_scheme};
- $arg_hash->{SSL_verifycn_name} = $self->host
- if ! exists $arg_hash->{SSL_verifycn_name};
-
- # force keys from %SSLopts
- while ( my ($k,$v) = each %SSLopts ) {
- $arg_hash->{$k} = $v;
- }
- return $self->SUPER::configure_SSL($arg_hash)
+ package Net::SSLGlue::POP3::_SSL_Socket;
+ goto DONE if $DONT;
+ our @ISA = 'IO::Socket::SSL';
+ *configure_SSL = sub {
+ my ($self,$arg_hash) = @_;
+
+ # set per default strict certificate verification
+ $arg_hash->{SSL_verify_mode} = 1
+ if ! exists $arg_hash->{SSL_verify_mode};
+ $arg_hash->{SSL_verifycn_scheme} = 'pop3'
+ if ! exists $arg_hash->{SSL_verifycn_scheme};
+ $arg_hash->{SSL_verifycn_name} = $self->host
+ if ! exists $arg_hash->{SSL_verifycn_name};
+
+ # force keys from %SSLopts
+ while ( my ($k,$v) = each %SSLopts ) {
+ $arg_hash->{$k} = $v;
}
+ return $self->SUPER::configure_SSL($arg_hash)
+ };
+
+ DONE:
+ 1;
}
@@ -74,45 +91,48 @@ our %SSLopts;
# this talks SSL to the peer
##############################################################################
{
- package Net::POP3::_SSLified;
- use Carp 'croak';
-
- # deriving does not work because we need to replace a superclass
- # from Net::POP3, so just copy the class into the new one and then
- # change it
-
- # copy subs
- for ( keys %{Net::POP3::} ) {
- no strict 'refs';
- eval { *{$Net::POP3::{$_}} && *{$Net::POP3::{$_}}{CODE} } or
next;
- *{$_} = \&{ "Net::POP3::$_" };
- }
+ package Net::SSLGlue::POP3::_SSLified;
+ use Carp 'croak';
+ goto DONE if $DONT;
+
+ # deriving does not work because we need to replace a superclass
+ # from Net::POP3, so just copy the class into the new one and then
+ # change it
+
+ # copy subs
+ for ( keys %{Net::POP3::} ) {
+ no strict 'refs';
+ *{$_} = \&{ "Net::POP3::$_" } if defined &{ "Net::POP3::$_" };
+ }
+
+ # copy + fix @ISA
+ our @ISA = @Net::POP3::ISA;
+ grep { s{^IO::Socket::INET$}{Net::SSLGlue::POP3::_SSL_Socket} } @ISA
+ or die "cannot find and replace IO::Socket::INET superclass";
+
+ # we are already sslified
+ no warnings 'redefine';
+ *starttls = sub { croak "have already TLS\n" };
+
+ my $old_new = \&new;
+ *new = sub {
+ my $class = shift;
+ my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ );
+ local %SSLopts;
+ $SSLopts{$_} = delete $arg{$_} for ( grep { /^SSL_/ } keys %arg );
+ return $old_new->($class,%arg);
+ };
+
+ # Net::Cmd getline uses select, but this is not sufficient with SSL
+ # note that this does no EBCDIC etc conversions
+ *getline = sub {
+ my $self = shift;
+ # skip Net::POP3 getline and go directly to IO::Socket::SSL
+ return $self->IO::Socket::SSL::getline(@_);
+ };
- # copy + fix @ISA
- our @ISA = @Net::POP3::ISA;
- grep { s{^IO::Socket::INET$}{Net::POP3::_SSL_Socket} } @ISA
- or die "cannot find and replace IO::Socket::INET superclass";
-
- # we are already sslified
- no warnings 'redefine';
- sub starttls { croak "have already TLS\n" }
-
- my $old_new = \&new;
- *Net::POP3::_SSLified::new = sub {
- my $class = shift;
- my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ );
- local %SSLopts;
- $SSLopts{$_} = delete $arg{$_} for ( grep { /^SSL_/ } keys %arg
);
- return $old_new->($class,%arg);
- };
-
- # Net::Cmd getline uses select, but this is not sufficient with SSL
- # note that this does no EBCDIC etc conversions
- *Net::POP3::_SSLified::getline = sub {
- my $self = shift;
- # skip Net::POP3 getline and go directly to IO::Socket::SSL
- return $self->IO::Socket::SSL::getline(@_);
- };
+ DONE:
+ 1;
}
1;
@@ -123,14 +143,14 @@ Net::SSLGlue::POP3 - make Net::POP3 able to use SSL
=head1 SYNOPSIS
- use Net::SSLGlue::POP3;
- my $pop3s = Net::POP3->new( $host,
- SSL => 1,
- SSL_ca_path => ...
- );
+ use Net::SSLGlue::POP3;
+ my $pop3s = Net::POP3->new( $host,
+ SSL => 1,
+ SSL_ca_path => ...
+ );
- my $pop3 = Net::POP3->new( $host );
- $pop3->starttls( SSL_ca_path => ... );
+ my $pop3 = Net::POP3->new( $host );
+ $pop3->starttls( SSL_ca_path => ... );
=head1 DESCRIPTION
diff --git a/lib/Net/SSLGlue/SMTP.pm b/lib/Net/SSLGlue/SMTP.pm
index c5fb9dd..3b028b8 100644
--- a/lib/Net/SSLGlue/SMTP.pm
+++ b/lib/Net/SSLGlue/SMTP.pm
@@ -4,52 +4,65 @@ use warnings;
package Net::SSLGlue::SMTP;
use IO::Socket::SSL 1.19;
use Net::SMTP;
-our $VERSION = 1.0;
-
-##############################################################################
-# mix starttls method into Net::SMTP which on SSL handshake success
-# upgrades the class to Net::SMTP::_SSLified
-##############################################################################
-sub Net::SMTP::starttls {
+our $VERSION = 1.001;
+
+my $DONT;
+BEGIN {
+ if (defined &Net::SMTP::starttls) {
+ warn "using SSL support of Net::SMTP $Net::SMTP::VERSION instead of
SSLGlue";
+ $DONT = 1;
+ goto DONE;
+ }
+
+
##############################################################################
+ # mix starttls method into Net::SMTP which on SSL handshake success
+ # upgrades the class to Net::SSLGlue::SMTP::_SSLified
+
##############################################################################
+ *Net::SMTP::starttls = sub {
my $self = shift;
$self->_STARTTLS or return;
my $host = $self->host;
# for name verification strip port from domain:port, ipv4:port,
[ipv6]:port
$host =~s{(?<!:):\d+$}{};
- Net::SMTP::_SSLified->start_SSL( $self,
- SSL_verify_mode => 1,
- SSL_verifycn_scheme => 'smtp',
- SSL_verifycn_name => $host,
- @_
+ Net::SSLGlue::SMTP::_SSLified->start_SSL( $self,
+ SSL_verify_mode => 1,
+ SSL_verifycn_scheme => 'smtp',
+ SSL_verifycn_name => $host,
+ @_
) or return;
# another hello after starttls to read new ESMTP capabilities
return $self->hello(${*$self}{net_smtp_hello_domain});
-}
-sub Net::SMTP::_STARTTLS {
+ };
+
+ *Net::SMTP::_STARTTLS = sub {
shift->command("STARTTLS")->response() == Net::SMTP::CMD_OK
-}
+ };
-no warnings 'redefine';
-my $old_new = \&Net::SMTP::new;
-*Net::SMTP::new = sub {
+ no warnings 'redefine';
+ my $old_new = \&Net::SMTP::new;
+ *Net::SMTP::new = sub {
my $class = shift;
my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ );
if ( delete $arg{SSL} ) {
- $arg{Port} ||= 465;
- return Net::SMTP::_SSLified->new(%arg);
+ $arg{Port} ||= 465;
+ return Net::SSLGlue::SMTP::_SSLified->new(%arg);
} else {
- return $old_new->($class,%arg);
+ return $old_new->($class,%arg);
}
-};
+ };
-my $old_hello = \&Net::SMTP::hello;
-*Net::SMTP::hello = sub {
+ my $old_hello = \&Net::SMTP::hello;
+ *Net::SMTP::hello = sub {
my ($self,$domain) = @_;
${*$self}{net_smtp_hello_domain} = $domain if $domain;
goto &$old_hello;
-};
+ };
+
+ DONE:
+ 1;
+}
##############################################################################
# Socket class derived from IO::Socket::SSL
@@ -57,63 +70,71 @@ my $old_hello = \&Net::SMTP::hello;
##############################################################################
our %SSLopts;
{
- package Net::SMTP::_SSL_Socket;
- our @ISA = 'IO::Socket::SSL';
- sub configure_SSL {
- my ($self,$arg_hash) = @_;
-
- # set per default strict certificate verification
- $arg_hash->{SSL_verify_mode} = 1
- if ! exists $arg_hash->{SSL_verify_mode};
- $arg_hash->{SSL_verifycn_scheme} = 'smtp'
- if ! exists $arg_hash->{SSL_verifycn_scheme};
- $arg_hash->{SSL_verifycn_name} = $self->host
- if ! exists $arg_hash->{SSL_verifycn_name};
-
- # force keys from %SSLopts
- while ( my ($k,$v) = each %SSLopts ) {
- $arg_hash->{$k} = $v;
- }
- return $self->SUPER::configure_SSL($arg_hash)
+ package Net::SSLGlue::SMTP::_SSL_Socket;
+ goto DONE if $DONT;
+ our @ISA = 'IO::Socket::SSL';
+ *configure_SSL = sub {
+ my ($self,$arg_hash) = @_;
+
+ # set per default strict certificate verification
+ $arg_hash->{SSL_verify_mode} = 1
+ if ! exists $arg_hash->{SSL_verify_mode};
+ $arg_hash->{SSL_verifycn_scheme} = 'smtp'
+ if ! exists $arg_hash->{SSL_verifycn_scheme};
+ $arg_hash->{SSL_verifycn_name} = $self->host
+ if ! exists $arg_hash->{SSL_verifycn_name};
+
+ # force keys from %SSLopts
+ while ( my ($k,$v) = each %SSLopts ) {
+ $arg_hash->{$k} = $v;
}
+ return $self->SUPER::configure_SSL($arg_hash)
+ };
+
+ DONE:
+ 1;
}
##############################################################################
-# Net::SMTP derived from Net::SMTP::_SSL_Socket instead of IO::Socket::INET
+# Net::SMTP derived from Net::SSLGlue::SMTP::_SSL_Socket instead of
IO::Socket::INET
# this talks SSL to the peer
##############################################################################
{
- package Net::SMTP::_SSLified;
- use Carp 'croak';
-
- # deriving does not work because we need to replace a superclass
- # from Net::SMTP, so just copy the class into the new one and then
- # change it
-
- # copy subs
- for ( keys %{Net::SMTP::} ) {
- no strict 'refs';
- *{$_} = \&{ "Net::SMTP::$_" } if *{$Net::SMTP::{$_}}{CODE};
- }
+ package Net::SSLGlue::SMTP::_SSLified;
+ use Carp 'croak';
+ goto DONE if $DONT;
+
+ # deriving does not work because we need to replace a superclass
+ # from Net::SMTP, so just copy the class into the new one and then
+ # change it
+
+ # copy subs
+ for ( keys %{Net::SMTP::} ) {
+ no strict 'refs';
+ *{$_} = \&{ "Net::SMTP::$_" } if defined &{ "Net::SMTP::$_" };
+ }
+
+ # copy + fix @ISA
+ our @ISA = @Net::SMTP::ISA;
+ grep { s{^IO::Socket::INET$}{Net::SSLGlue::SMTP::_SSL_Socket} } @ISA
+ or die "cannot find and replace IO::Socket::INET superclass";
+
+ # we are already sslified
+ no warnings 'redefine';
+ *starttls = sub { croak "have already TLS\n" };
+
+ my $old_new = \&new;
+ *new = sub {
+ my $class = shift;
+ my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ );
+ local %SSLopts;
+ $SSLopts{$_} = delete $arg{$_} for ( grep { /^SSL_/ } keys %arg );
+ return $old_new->($class,%arg);
+ };
- # copy + fix @ISA
- our @ISA = @Net::SMTP::ISA;
- grep { s{^IO::Socket::INET$}{Net::SMTP::_SSL_Socket} } @ISA
- or die "cannot find and replace IO::Socket::INET superclass";
-
- # we are already sslified
- no warnings 'redefine';
- sub starttls { croak "have already TLS\n" }
-
- my $old_new = \&new;
- *Net::SMTP::_SSLified::new = sub {
- my $class = shift;
- my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ );
- local %SSLopts;
- $SSLopts{$_} = delete $arg{$_} for ( grep { /^SSL_/ } keys %arg
);
- return $old_new->($class,%arg);
- };
+ DONE:
+ 1;
}
1;
@@ -124,14 +145,14 @@ Net::SSLGlue::SMTP - make Net::SMTP able to use SSL
=head1 SYNOPSIS
- use Net::SSLGlue::SMTP;
- my $smtp_ssl = Net::SMTP->new( $host,
- SSL => 1,
- SSL_ca_path => ...
- );
+ use Net::SSLGlue::SMTP;
+ my $smtp_ssl = Net::SMTP->new( $host,
+ SSL => 1,
+ SSL_ca_path => ...
+ );
- my $smtp_plain = Net::SMTP->new( $host );
- $smtp_plain->starttls( SSL_ca_path => ... );
+ my $smtp_plain = Net::SMTP->new( $host );
+ $smtp_plain->starttls( SSL_ca_path => ... );
=head1 DESCRIPTION
diff --git a/t/external/03_lwp.t b/t/external/03_lwp.t
index a6f5853..aff0e08 100644
--- a/t/external/03_lwp.t
+++ b/t/external/03_lwp.t
@@ -15,8 +15,7 @@ use IO::Socket::SSL;
use LWP::Simple;
my $goodhost = 'google.de';
-# this does not work any longer - will be skipped in test
-my $badhost = 'www.fedora.org';
+my $badhost = 'badcert.maulwuff.de';
my $capath = '/etc/ssl/certs/'; # unix?
-d $capath or do {
@@ -61,6 +60,8 @@ if ( $sock = IO::Socket::INET->new(
if ( IO::Socket::SSL->start_SSL( $sock,
SSL_ca_path => $capath,
SSL_verify_mode => 1,
+ SSL_verifycn_scheme => 'http',
+ SSL_verifycn_name => $badhost,
)) {
diag("certificate for $badhost unexpectly correct");
$badhost = undef;
@@ -84,14 +85,14 @@ print $content ? "ok\n": "not ok # lwp connect $goodhost:
$@\n";
if ( $badhost ) {
# $badhost -> should fail
diag("connecting to $badhost:443 with LWP");
- $content = get( 'https://$badhost' );
+ $content = get( "https://$badhost"; );
print $content ? "not ok # lwp ssl connect $badhost should fail\n": "ok\n";
# $badhost -> should succeed if verify mode is 0
{
local %Net::SSLGlue::LWP::SSLopts = %Net::SSLGlue::LWP::SSLopts;
$Net::SSLGlue::LWP::SSLopts{SSL_verify_mode} = 0;
- $content = get( 'https://$badhost' );
+ $content = get( "https://$badhost"; );
print $content ? "ok\n": "not ok # lwp ssl $badhost w/o ssl verify\n";
}
}
diff --git a/t/external/05_ftp.t b/t/external/05_ftp.t
index 7a8cbbf..6980e03 100644
--- a/t/external/05_ftp.t
+++ b/t/external/05_ftp.t
@@ -3,7 +3,7 @@ use strict;
use warnings;
use Test::More;
-my $server = 'ftp.rebex.net';
+my $server = 'test.rebex.net';
my $debug = 0;
BEGIN {
@@ -28,7 +28,7 @@ IO::Socket::INET->new( "$server:21" ) or do {
# ssl to the right host
diag( "connect inet to $server:990" );
my $sock = IO::Socket::INET->new( "$server:990") or do {
- plan skip_all => "$server:999 not reachable";
+ plan skip_all => "$server:990 not reachable";
};
# now we need CAs
@@ -39,12 +39,12 @@ close($cafh);
diag( "upgrade to ssl $server:990" );
IO::Socket::SSL->start_SSL($sock,
- %sslargs,
SSL_verify_mode => 1,
SSL_verifycn_name => $server,
- SSL_verifycn_scheme => 'ftp'
+ SSL_verifycn_scheme => 'ftp',
+ %sslargs,
) or do {
- plan skip_all => "$server:999 not upgradable to SSL: $SSL_ERROR";
+ plan skip_all => "$server:990 not upgradable to SSL: $SSL_ERROR";
};
plan tests => 9;
@@ -67,9 +67,9 @@ $ftp->prot('C');
ok(~~$ftp->ls,"directory listing clear");
# then TLS upgrade inside plain connection
-$ftp = Net::FTP->new($server, Passive => 1, Debug => $debug);
+$ftp = Net::FTP->new($server, Passive => 1, Debug => $debug, %sslargs);
ok($ftp,"ftp plain connect $server");
-my $ok = $ftp->starttls(%sslargs);
+my $ok = $ftp->starttls();
ok($ok,"ssl upgrade");
$ftp->login("anonymous",'net-sslglue-...@test.perl')
or die "login to $server failed";
@@ -84,24 +84,24 @@ ok(~~$ftp->ls,"directory listing after downgrade");
__DATA__
-# Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Class 1 Primary Intermediate Server CA
+# Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Class 2 Primary Intermediate Server CA
# Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Certification Authority
-----BEGIN CERTIFICATE-----
-MIIGNDCCBBygAwIBAgIBGDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MIIGNDCCBBygAwIBAgIBGjANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NDE3WhcNMTcxMDI0MjA1NDE3WjCB
+dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NzA5WhcNMTcxMDI0MjA1NzA5WjCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
-YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtonGrO8JUngHrJJj0PREGBiE
-gFYfka7hh/oyULTTRwbw5gdfcA4Q9x3AzhA2NIVaD5Ksg8asWFI/ujjo/OenJOJA
-pgh2wJJuniptTT9uYSAK21ne0n1jsz5G/vohURjXzTCm7QduO3CHtPn66+6CPAVv
-kvek3AowHpNz/gfK11+AnSJYUq4G2ouHI2mw5CrY6oPSvfNx23BaKA+vWjhwRRI/
-ME3NO68X5Q/LoKldSKqxYVDLNM08XMML6BDAjJvwAwNi/rJsPnIO7hxDKslIDlc5
-xDEhyBDBLIf+VJVSH1I8MRKbf+fAoKVZ1eKPPvDVqOHXcDGpxLPPr21TLwb0pwID
+YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4IPlfyiAEh
+G5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENVsTUJm9m8
+H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1ks3RVG7RL
+hiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125w2oLJxGE
+d2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhHM7BUxkYa
+8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQpZ4rEAwID
AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
-VR0OBBYEFOtCNNCYsKuf9BtrCPfMZC7vDixFMB8GA1UdIwQYMBaAFE4L7xqkQFul
+VR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaAFE4L7xqkQFul
F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov
L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3
@@ -109,18 +109,18 @@
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0
c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu
BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0
BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl
-LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAIQlJPqWIbuALi0jaMU2P91ZXouHTYlfp
-tVbzhUV1O+VQHwSL5qBaPucAroXQ+/8gA2TLrQLhxpFy+KNN1t7ozD+hiqLjfDen
-xk+PNdb01m4Ge90h2c9W/8swIkn+iQTzheWq8ecf6HWQTd35RvdCNPdFWAwRDYSw
-xtpdPvkBnufh2lWVvnQce/xNFE+sflVHfXv0pQ1JHpXo9xLBzP92piVH0PN1Nb6X
-t1gW66pceG/sUzCv6gRNzKkC4/C2BBL2MLERPZBOVmTX3DxDX3M570uvh+v2/miI
-RHLq0gfGabDBoYvvF0nXYbFFSF87ICHpW7LM9NfpMfULFWE7epTj69m8f5SuauNi
-YpaoZHy4h/OZMn6SolK+u/hlz8nyMPyLwcKmltdfieFcNID1j0cHL7SRv7Gifl9L
-WtBbnySGBVFaaQNlQ0lxxeBvlDRr9hvYqbBMflPrj0jfyjO1SPo2ShpTpjMM0InN
-SRXNiTE8kMBy12VLUjWKRhFEuT2OKGWmPnmeXAhEKa2wNREuIU640ucQPl2Eg7PD
-wuTSxv0JS3QJ3fGz0xk+gA2iCxnwOOfFwq/iI9th4p1cbiCJSS4jarJiwUW0n6+L
-p/EiO/h94pDQehn7Skzj0n1fSoMD7SfWI55rjbRZotnvbIIp3XUZPD9MEI3vu3Un
-0q6Dp6jOW6c=
+LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAnQfh7pB2MWcWRXCMy4SLS1doRKWJwfJ+
+yyiL9edwd9W29AshYKWhdHMkIoDW2LqNomJdCTVCKfs5Y0ULpLA4Gmj0lRPM4EOU
+7Os5GuxXKdmZbfWEzY5zrsncavqenRZkkwjHHMKJVJ53gJD2uSl26xNnSFn4Ljox
+uMnTiOVfTtIZPUOO15L/zzi24VuKUx3OrLR2L9j3QGPV7mnzRX2gYsFhw3XtsntN
+rCEnME5ZRmqTF8rIOS0Bc2Vb6UGbERecyMhK76F2YC2uk/8M1TMTn08Tzt2G8fz4
+NVQVqFvnhX76Nwn/i7gxSZ4Nbt600hItuO3Iw/G2QqBMl3nf/sOjn6H0bSyEd6Si
+BeEX/zHdmvO4esNSwhERt1Axin/M51qJzPeGmmGSTy+UtpjHeOBiS0N9PN7WmrQQ
+oUCcSyrcuNDUnv3xhHgbDlePaVRCaHvqoO91DweijHOZq1X1BwnSrzgDapADDC+P
+4uhDwjHpb62H5Y29TiyJS1HmnExUdsASgVOb7KD8LJzaGJVuHjgmQid4YAjff20y
+6NjAbx/rJnWfk/x7G/41kNxTowemP4NVCitOYoIlzmYwXSzg+RkbdbmdmFamgyd6
+0Y+NWZP8P3PXLrQsldiL98l+x/ydrHIEH9LMF/TtNGCbnkqXBP7dcg5XVFEGcE3v
+qhykguAzx/Q=
-----END CERTIFICATE-----
# Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Certification Authority
# Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Certification Authority
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-perl/packages/libnet-sslglue-perl.git
_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits
