net::proxy::connector::ssl(3pm) [debian man page]
Net::Proxy::Connector::ssl(3pm) User Contributed Perl Documentation Net::Proxy::Connector::ssl(3pm) NAME
Net::Proxy::Connector::ssl - SSL Net::Proxy connector DESCRIPTION
"Net::Proxy::Connecter::ssl" is a "Net::Proxy::Connector" that can manage SSL connections (thanks to "IO::Socket::SSL"). By default, this connector creates SSL sockets. You will need to subclass it to create "smarter" connectors than can upgrade their connections to SSL. In addition to the options listed below, this connector accepts all "SSL_..." options to "IO::Socket::SSL". They are transparently passed through to the appropriate "IO::Socket::SSL" methods when needed. CONNECTOR OPTIONS
The connector accept the following options: "in" o host The listening address. If not given, the default is "localhost". o port The listening port. o start_cleartext If true, the connection will start in cleartext. It is possible to upgrade a socket to using SSL with the "upgrade_SSL()" method. "out" o host The listening address. If not given, the default is "localhost". o port The listening port. o start_cleartext If true, the connection will start in cleartext. It is possible to upgrade a socket to using SSL with the "upgrade_SSL()" method. METHODS
The "Net::Proxy::Connector::ssl" connector has an extra method: upgrade_SSL( $sock ) This method will upgrade a cleartext socket to SSL. If the socket is already in SSL, it will "carp()". CREATING A SELF-SIGNED CERTIFICATE I tend to forget this information, and the openssl documentation doesn't make this any clearer, so here are the most basic commands needed to create your own self-signed certificate (courtesy David Morel): $ openssl genrsa -out key.pem 1024 $ openssl req -new -key key.pem -x509 -out cert.pem -days 365 A certificate is required is you want to run a SSL server or a proxy with a "Net::Proxy::Connector::ssl" as its "in" connector. Once the key and certificate have been created, you can use them in your parameter list to "Net::Proxy->new()" (they are passed through to "IO::Socket::SSL"): Net::Proxy->new( { in => { host => '0.0.0.0', port => 443, SSL_key_file => 'key.pem', SSL_cert_file => 'cert.pem', }, out => { type => 'tcp', port => '80' } } ); AUTHOR
Philippe 'BooK' Bruhat, "<book@cpan.org>". COPYRIGHT
Copyright 2006 Philippe 'BooK' Bruhat, All Rights Reserved. LICENSE
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. perl v5.10.1 2009-10-18 Net::Proxy::Connector::ssl(3pm)
Check Out this Related Man Page
Net::Server::Proto::SSL(3) User Contributed Perl Documentation Net::Server::Proto::SSL(3) NAME
Net::Server::Proto::SSL - Net::Server SSL protocol. SYNOPSIS
Until this release, it was preferrable to use the Net::Server::Proto::SSLEAY module. Recent versions include code that overcomes original limitations. See Net::Server::Proto. See Net::Server::Proto::SSLEAY. use base qw(Net::Server::HTTP); main->run( proto => 'ssl', SSL_key_file => "/path/to/my/file.key", SSL_cert_file => "/path/to/my/file.crt", ); # OR sub SSL_key_file { "/path/to/my/file.key" } sub SSL_cert_file { "/path/to/my/file.crt" } main->run(proto = 'ssl'); # OR main->run( port => [443, 8443, "80/tcp"], # bind to two ssl ports and one tcp proto => "ssl", # use ssl as the default ipv => "*", # bind both IPv4 and IPv6 interfaces SSL_key_file => "/path/to/my/file.key", SSL_cert_file => "/path/to/my/file.crt", ); # OR main->run(port => [{ port => "443", proto => "ssl", # ipv => 4, # default - only do IPv4 SSL_key_file => "/path/to/my/file.key", SSL_cert_file => "/path/to/my/file.crt", }, { port => "8443", proto => "ssl", ipv => "*", # IPv4 and IPv6 SSL_key_file => "/path/to/my/file2.key", # separate key SSL_cert_file => "/path/to/my/file2.crt", # separate cert SSL_foo => 1, # Any key prefixed with SSL_ passed as a port hashref # key/value will automatically be passed to IO::Socket::SSL }]); DESCRIPTION
Protocol module for Net::Server based on IO::Socket::SSL. This module implements a secure socket layer over tcp (also known as SSL) via the IO::Socket::SSL module. If this module does not work in your situation, please also consider using the SSLEAY protocol (Net::Server::Proto::SSLEAY) which interfaces directly with Net::SSLeay. See Net::Server::Proto. If you know that your server will only need IPv4 (which is the default for Net::Server), you can load IO::Socket::SSL in inet4 mode which will prevent it from using Socket6 and IO::Socket::INET6 since they would represent additional and unsued overhead. use IO::Socket::SSL qw(inet4); use base qw(Net::Server::Fork); __PACKAGE__->run(proto => "ssl"); PARAMETERS
In addition to the normal Net::Server parameters, any of the SSL parameters from IO::Socket::SSL may also be specified. See IO::Socket::SSL for information on setting this up. All arguments prefixed with SSL_ will be passed to the IO::Socket::SSL->configure method. BUGS
Until version Net::Server version 2, Net::Server::Proto::SSL used the default IO::Socket::SSL::accept method. This old approach introduces a DDOS vulnerability into the server, where the socket is accepted, but the parent server then has to block until the client negotiates the SSL connection. This has now been overcome by overriding the accept method and accepting the SSL negotiation after the parent socket has had the chance to go back to listening. LICENCE
Distributed under the same terms as Net::Server THANKS
Thanks to Vadim for pointing out the IO::Socket::SSL accept was returning objects blessed into the wrong class. perl v5.18.2 2013-01-09 Net::Server::Proto::SSL(3)