/usr/share/perl5/Net/Server/Proto/SSL.pm is in libnet-server-perl 0.99-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 | # -*- perl -*-
#
# Net::Server::Proto::SSL - Net::Server Protocol module
#
# $Id: SSL.pm,v 1.13 2010/05/05 03:13:03 rhandom Exp $
#
# Copyright (C) 2001-2007
#
# Paul Seamons
# paul@seamons.com
# http://seamons.com/
#
# This package may be distributed under the terms of either the
# GNU General Public License
# or the
# Perl Artistic License
#
# All rights reserved.
#
################################################################
package Net::Server::Proto::SSL;
use strict;
use vars qw($VERSION $AUTOLOAD @ISA);
use Net::Server::Proto::TCP ();
eval { require IO::Socket::SSL; };
$@ && warn "Module IO::Socket::SSL is required for SSL.";
$VERSION = $Net::Server::VERSION; # done until separated
@ISA = qw(IO::Socket::SSL);
sub object {
my $type = shift;
my $class = ref($type) || $type || __PACKAGE__;
my ($default_host,$port,$server) = @_;
my $prop = $server->{server};
my $host;
### allow for things like "domain.com:80" (IPv4)
if( $port =~ m/^([\w\.\-\*\/]+):(\w+)$/ ){
($host,$port) = ($1,$2);
### allow for things like "[::1]:80" (IPv6)
}elsif( $port =~ m/^\[([\:\w\.\-\*\/]+)\]:(\w+)$/ ){
($host,$port) = ($1,$2);
### allow for things like "80"
}elsif( $port =~ /^(\w+)$/ ){
($host,$port) = ($default_host,$1);
### don't know that style of port
}else{
$server->fatal("Undeterminate port \"$port\" under ".__PACKAGE__);
}
# read any additional protocol specific arguments
my @ssl_args = qw(
SSL_server
SSL_use_cert
SSL_verify_mode
SSL_key_file
SSL_cert_file
SSL_ca_path
SSL_ca_file
SSL_cipher_list
SSL_passwd_cb
SSL_max_getline_length
);
my %args;
$args{$_} = \$prop->{$_} for @ssl_args;
$server->configure(\%args);
my $sock = $class->new;
$sock->NS_host($host);
$sock->NS_port($port);
$sock->NS_proto('SSL');
for my $key (@ssl_args) {
my $val = defined($prop->{$key}) ? $prop->{$key} : $server->can($key) ? $server->$key($host, $port, 'SSL') : undef;
$sock->$key($val);
}
return $sock;
}
sub log_connect {
my $sock = shift;
my $server = shift;
my $host = $sock->NS_host;
my $port = $sock->NS_port;
my $proto = $sock->NS_proto;
$server->log(2,"Binding to $proto port $port on host $host\n");
}
### connect the first time
sub connect {
my $sock = shift;
my $server = shift;
my $prop = $server->{server};
my $host = $sock->NS_host;
my $port = $sock->NS_port;
my %args = ();
$args{LocalPort} = $port; # what port to bind on
$args{Proto} = 'tcp'; # what procol to use
$args{LocalAddr} = $host if $host !~ /\*/; # what local address (* is all)
$args{Listen} = $prop->{listen}; # how many connections for kernel to queue
$args{Reuse} = 1; # allow us to rebind the port on a restart
### add in any ssl specific properties
foreach ( keys %$prop ){
next unless /^SSL_/;
$args{$_} = $prop->{$_};
}
### connect to the sock
$sock->SUPER::configure(\%args)
or $server->fatal("Can't connect to SSL port $port on $host [$!]");
$server->fatal("Back sock [$!]!".caller())
unless $sock;
}
### connect on a sig -HUP
sub reconnect {
my $sock = shift;
my $fd = shift;
my $server = shift;
$sock->fdopen( $fd, 'w' )
or $server->fatal("Error opening to file descriptor ($fd) [$!]");
}
### allow for endowing the child
sub accept {
my $sock = shift;
my $client = $sock->SUPER::accept();
### pass items on
if( defined($client) ){
bless $client, ref($sock);
$client->NS_proto( $sock->NS_proto );
}
return $client;
}
### a string containing any information necessary for restarting the server
### via a -HUP signal
### a newline is not allowed
### the hup_string must be a unique identifier based on configuration info
sub hup_string {
my $sock = shift;
return join("|",
$sock->NS_host,
$sock->NS_port,
$sock->NS_proto,
);
}
### short routine to show what we think we are
sub show {
my $sock = shift;
my $t = "Ref = \"" .ref($sock) . "\"\n";
foreach my $prop ( qw(NS_proto NS_port NS_host) ){
$t .= " $prop = \"" .$sock->$prop()."\"\n";
}
return $t;
}
### self installer
sub AUTOLOAD {
my $sock = shift;
my ($prop) = $AUTOLOAD =~ /::([^:]+)$/ ? $1 : '';
if( ! $prop ){
die "No property called.";
}
if( $prop =~ /^(NS_proto|NS_port|NS_host)$/ ){
no strict 'refs';
* { __PACKAGE__ ."::". $prop } = sub {
my $sock = shift;
if( @_ ){
${*$sock}{$prop} = shift;
return delete ${*$sock}{$prop} unless defined ${*$sock}{$prop};
}else{
return ${*$sock}{$prop};
}
};
use strict 'refs';
$sock->$prop(@_);
}else{
die "What method is that? [$prop]";
}
}
1;
=head1 NAME
Net::Server::Proto::SSL - Net::Server SSL protocol (deprecated - use Net::Server::Proto::SSLEAY instead).
=head1 SYNOPSIS
This module is mostly deprecated - you will want to look at Net::Server::Proto::SSLEAY instead.
See L<Net::Server::Proto>.
See L<Net::Server::Proto::SSLEAY>.
=head1 DESCRIPTION
This original SSL module was experimental. It has been superceeded by
Net::Server::Proto::SSLEAY If anybody has any successes or ideas for
improvment under SSL, please email <paul@seamons.com>.
Protocol module for Net::Server. This module implements a
secure socket layer over tcp (also known as SSL).
See L<Net::Server::Proto>.
There is a limit inherent from using IO::Socket::SSL,
namely that only one SSL connection can be maintained by
Net::Server. However, Net::Server should also be able to
maintain any number of TCP, UDP, or UNIX connections in
addition to the one SSL connection.
Additionally, getline support is very limited and writing directly to
STDOUT will not work. This is entirely dependent upon the
implementation of IO::Socket::SSL. getline may work but the client is
not copied to STDOUT under SSL. It is suggested that clients sysread
and syswrite to the client handle (located in
$self->{server}->{client} or passed to the process_request subroutine
as the first argument).
=head1 PARAMETERS
In addition to the normal Net::Server parameters, any of the
SSL parameters from IO::Socket::SSL may also be specified.
See L<IO::Socket::SSL> for information on setting this up.
=head1 BUGS
Christopher A Bongaarts pointed out that if the SSL negotiation is
slow then the server won't be accepting for that period of time
(because the locking of accept is around both the socket accept and
the SSL negotiation). This means that as it stands now the SSL
implementation is susceptible to DOS attacks. To fix this will
require deviding up the accept call a little bit more finely which may
not yet be possible with IO::Socket::SSL. Any ideas or patches on
this bug are welcome.
=head1 LICENCE
Distributed under the same terms as Net::Server
=head1 THANKS
Thanks to Vadim for pointing out the IO::Socket::SSL accept
was returning objects blessed into the wrong class.
=cut
|