Hi all May i know if i can use max retries like below
my $dbpool = POE::Component::Pool::DBI->new( connections => 1, dsn => "DBI:Oracle:192.168.21.200:1521/CRMDB", max_retries => "-1", reconnect_wait => "5", username => "test_db", password => "test_db" ); regards YAmbu 2011/5/25 Markus Müller <p...@priv.de> > Hi Dario and everyone. > > CONCLUSION: POE::Filter:SSL works as designed. > > Your explanation shows that there is no problem in POE::Filter::SSL, you > describe the wanted and necessary behavior of SSL and the implementation of > SSL proxying in browsers. > > If you configure in a SSL proxy in a browser then it WON'T do SSL with the > proxy for HTTP Connections. The browser will only send for HTTPS requests a > line to the proxy with the question "Please connect mit directly to > IP:Port", and it then relies that it is connected DIRECTLY (on tcp/ip level) > to the SSL server. It then tries to do SSL with the target server, and NOT > with the proxy. The proxy is only intended to relay tcp raw data. And HTTP > connections can't be encrypted at all by configuring a SSL proxy! > > Further: If you want to encrypt HTTPS requests, then what you want to do is > (in the sight of the browser) a man-in-the-middle attack. For this to work > you need to act as a tcp relay as mentioned but don't do a raw forwarding of > tcp data. You then need to do SSL to the target and a futher SSL to the > client. The browser will determine this as an attack, if a appropriate > certificate is not generated on the fly the browser trusts in. > > Nevertheless this is possible with POE::Filter:SSL. You are able to switch > during runtime the filter (see IMAP-Relay example on the CPAN search): You > can interpret the mentioned "CONNECT"-Line from the browser, do the creation > of a ssl certificate, and then switch the filter to ssl. On serverside you > just do a SSL client handshake and forward the uncrypted data to the client > ssl connection. But only for HTTPS connections; as already said HTTP is not > possible to encrypt this way. > > -> As you can see: It won't be getting working by just add a ssl filter > before the HTTPD! > > An example solutions for the HTTPS proxying can be found on > http://crypto.stanford.edu/ssl-mitm/. Please read here the documentation > and on how proxying in browser works. > > Regards, > Markus Mueller > >> >> Sorry for the delay. >> >> Yes your example works well without the proxy. The browser is a Firefox >> 3.0.17 under Ubunut 8.04 (is a virtual machine...). If I try your example >> with Firefox's proxy enable I get the same error. >> >> And the proxy is under Ubuntu 10.10 >> >> I don't know so much about HTTPS protocol and communications, Does It >> makes sense for you? >> >> Regards, >> >> Dario. >> >> On 25/05/11 16:53, Markus Müller wrote: >> >>> Hello Dario, >>> >>> did this help? >>> >>> Regards, >>> Markus Mueller >>> >>>> >>>> Did you use my example as proxy or did you disable the proxy in browser >>>> and access it with "https://server:ip/" ? >>>> >>>> Did I right understand that firefox work but other browser not? >>>> >>>> Which distribution and version of linux do you use? >>>> >>>> Regards, >>>> Markus Mueller >>>> >>>> >>>>> I tried your example and the result was the same error. I thought that >>>>> there was a problem with the server because even with your script I didn't >>>>> see any screen on the server to accept the certificate. >>>>> >>>>> My problem is that the browser enters in a infinite loop after the page >>>>> request. And no page related to any certificate is shown. I am usgin >>>>> Firfox >>>>> 3.0.17 and the certificate with apache went fine, the screen appeared and >>>>> I >>>>> could accept the certificate. >>>>> >>>>> Does It make sense? Do I forgot something, maybe a parameter of the >>>>> filter? >>>>> >>>>> Regards and thank you for the help. >>>>> >>>>> Dario. >>>>> >>>>> On 24/05/11 12:35, Markus Müller wrote: >>>>> >>>>>> Hi Dario, >>>>>> >>>>>> I am also using untrusted certificates. There is no issue on server at >>>>>> all for that, only on client side. You have to accept the certificate in >>>>>> the >>>>>> browser, the server don't do anything about that. I just don't understand >>>>>> why you think it could be anything about untrusted certificates... >>>>>> Everything I mentioned is that in my test the message only occures if I >>>>>> connect with a browser which aborts the connection cause the certificate >>>>>> is >>>>>> not accepted by the client (= the browser). >>>>>> >>>>>> What exactly is your problem? Maybe your browser don't allow untrusted >>>>>> certificates from a proxy server? >>>>>> >>>>>> Did you try my example? It makes a https server and not a https proxy. >>>>>> Please try if http server works, maybe you just have a problem in your >>>>>> browser about poxying and untrusted certificates. >>>>>> >>>>>> Regards, >>>>>> Markus Mueller >>>>>> >>>>>>> >>>>>>> You are right Markus, I am using a unstrusted certificate. Is there >>>>>>> any way to use the SSL filter with untrusted certificates? I know other >>>>>>> libs >>>>>>> like LWP can deal with them. >>>>>>> >>>>>>> If this is a TODO or a bug I can help you fixing this on the POE SSL >>>>>>> Filter code :) >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Dario. >>>>>>> >>>>>>> On 24/05/11 11:35, Andy Jenkinson wrote: >>>>>>> >>>>>>>> When doing something similar, I seem to remember I got this error >>>>>>>> when attempting to connect via HTTP too. I could be making that up >>>>>>>> though. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Andy >>>>>>>> >>>>>>>> On 24 May 2011, at 10:07, Markus Müller wrote: >>>>>>>> >>>>>>>> Hello everyone, >>>>>>>>> >>>>>>>>> I've tried the following program and it works under Debian Squeeze. >>>>>>>>> >>>>>>>>> The message "POE::Filter::SSL: UNEXPECTED ERROR: ERR1:0 ERR2:1 >>>>>>>>> HINT: Check if you have configured a CRT and KEY file, and that both >>>>>>>>> are >>>>>>>>> readable at /usr/share/perl5/POE/Wheel/ReadWrite.pm line 280" occures >>>>>>>>> in my >>>>>>>>> test only if the browser aborts the connection during SSL handshake >>>>>>>>> because >>>>>>>>> the certificate is untrusted. In any other case I can see the data the >>>>>>>>> server is returning. >>>>>>>>> >>>>>>>>> Dieser Verbindung wird nicht vertraut >>>>>>>>> >>>>>>>>> Sie haben Firefox angewiesen, eine gesicherte Verbindung zu >>>>>>>>> saytest.priv.de:82 aufzubauen, es kann aber nicht überprüft >>>>>>>>> werden, ob die Verbindung sicher ist. Wenn Sie normalerweise eine >>>>>>>>> gesicherte >>>>>>>>> Verbindung aufbauen, weist sich die Website mit einer >>>>>>>>> vertrauenswürdigen >>>>>>>>> Identifikation aus, um zu garantieren, dass Sie die richtige Website >>>>>>>>> besuchen. Die Identifikation dieser Website dagegen kann nicht >>>>>>>>> bestätigt >>>>>>>>> werden. >>>>>>>>> >>>>>>>>> Was sollte ich tun? >>>>>>>>> >>>>>>>>> Falls Sie für gewöhnlich keine Probleme mit dieser Website haben, >>>>>>>>> könnte dieser Fehler bedeuten, dass jemand die Website fälscht. Sie >>>>>>>>> sollten >>>>>>>>> in dem Fall nicht fortfahren. >>>>>>>>> >>>>>>>>> Much regards, >>>>>>>>> Markus Mueller >>>>>>>>> >>>>>>>>> #!perl >>>>>>>>> >>>>>>>>> use strict; >>>>>>>>> use warnings; >>>>>>>>> use Socket; >>>>>>>>> use POE qw( >>>>>>>>> Wheel::SocketFactory >>>>>>>>> Wheel::ReadWrite >>>>>>>>> Driver::SysRW >>>>>>>>> Filter::SSL >>>>>>>>> Filter::Stackable >>>>>>>>> Filter::HTTPD >>>>>>>>> Component::Server::TCP >>>>>>>>> ); >>>>>>>>> POE::Component::Server::TCP->new( >>>>>>>>> Alias => "web_server", >>>>>>>>> Port => 82, >>>>>>>>> #ClientFilter => 'POE::Filter::HTTPD', ##WITHOUT HTTPD FILTER >>>>>>>>> THERE ISN'T HTTP HEADERS!!! >>>>>>>>> ClientFilter => POE::Filter::Stackable->new( >>>>>>>>> Filters => [ >>>>>>>>> POE::Filter::SSL->new(crt => 'sslkeys/server.crt', key >>>>>>>>> => 'sslkeys/server.key'), >>>>>>>>> POE::Filter::HTTPD->new(), >>>>>>>>> ] >>>>>>>>> ), >>>>>>>>> >>>>>>>>> ClientInput => \&handle_http_request, >>>>>>>>> InlineStates => {got_response => \&handle_http_response,}, >>>>>>>>> ); >>>>>>>>> >>>>>>>>> sub handle_http_request { >>>>>>>>> my ($kernel, $session, $heap, $buf) = @_[KERNEL, SESSION, HEAP, >>>>>>>>> ARG0]; >>>>>>>>> my $content .= "Your URL was: ".$buf->uri."<hr>" >>>>>>>>> if (ref($buf) eq "HTTP::Request"); >>>>>>>>> $content .= localtime(time()); >>>>>>>>> my $response = HTTP::Response->new(200); >>>>>>>>> $response->push_header('Content-type', 'text/html'); >>>>>>>>> $response->content($content); >>>>>>>>> $_[HEAP]{client}->put($response); >>>>>>>>> $_[KERNEL]->yield("shutdown"); >>>>>>>>> }; >>>>>>>>> >>>>>>>>> POE::Kernel->run; >>>>>>>>> exit; >>>>>>>>> >>>>>>>>> I am making a proxy and it must support the https protocol. I am >>>>>>>>>> trying to enable SSL feature in the server side with this command: >>>>>>>>>> >>>>>>>>>> POE::Component::Server::TCP->new( >>>>>>>>>> Alias => "web_server", >>>>>>>>>> Port => LISTEN_PORT, >>>>>>>>>> #ClientFilter => 'POE::Filter::HTTPD', ##WITHOUT HTTPD FILTER >>>>>>>>>> THERE ISN'T HTTP HEADERS!!! >>>>>>>>>> ClientFilter => POE::Filter::Stackable->new( >>>>>>>>>> Filters => [ >>>>>>>>>> POE::Filter::SSL->new(crt => 'sslkeys/server.crt', key >>>>>>>>>> => >>>>>>>>>> 'sslkeys/server.key'), >>>>>>>>>> POE::Filter::HTTPD->new(), >>>>>>>>>> ] >>>>>>>>>> ), >>>>>>>>>> >>>>>>>>>> ClientInput => \&handle_http_request, >>>>>>>>>> InlineStates => {got_response => \&handle_http_response,}, >>>>>>>>>> ); >>>>>>>>>> >>>>>>>>>> But when a https request hit the server I get the following error: >>>>>>>>>> >>>>>>>>>> POE::Filter::SSL: UNEXPECTED ERROR: ERR1:-1 ERR2:1 HINT: Check if >>>>>>>>>> you >>>>>>>>>> have configured a CRT and KEY file, and that both are readable at >>>>>>>>>> /usr/share/perl5/POE/Wheel/ReadWrite.pm line 280 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I don't know what this error means because the files has the >>>>>>>>>> permission flags set to 777. Are required some special certs? >>>>>>>>>> >>>>>>>>>> Thanks in advance. >>>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>> >>> >> >> >