Skip Menu |

This queue is for tickets about the POE CPAN distribution.

Report information
The Basics
Id: 1622
Status: resolved
Priority: 0/
Queue: POE
People
Owner: Nobody in particular
Requestors: RCAPUTO [...] cpan.org
troc [...] netrus.net
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Oct 07 00:26:59 2002 RCAPUTO [...] cpan.org - Ticket created
Subject: SSL support for SocketFactory
SocketFactory is an ideal place to add SSL socket negotiation and setup. However, the traditional way to do this is through Net::SSLeay. Moderate success has been achieved with Net::SSLeay::Handle as well (see POE::Component::Client::HTTP). Previous attempts at integrating Net::SSLeay with the SocketFactory class have uncovered a nasty little surprise. Namely, Net::SSLeay tends to die at slight offenses. This makes it difficult to use in our case. Perhaps someone can come up with an alternative to this. Until then, this task remains a reminder of past attempts.
  Sat Nov 09 01:54:41 2002 troc [...] netrus.net - Ticket #1776: Ticket created
Date: Sat, 9 Nov 2002 01:54:18 -0500
From: Rocco Caputo <troc [...] netrus.net>
To: bug-POE [...] rt.cpan.org
Subject: using other SSL libraries
20:30 <cz_> oh hey 20:31 <cz_> remember we were talkin about SSL socketfactory or whatever 20:31 <cz_> and i mentioned IO::Socket::SSL 20:31 <cz_> and you said you were using Net::SSLeay directly because you could take a non-SSL socket and change it to SSL-enabled 20:31 <cz_> well i just saw this in the IO::Socket::SSL doc 20:31 <cz_> IO::Socket::SSL::socket_to_SSL($socket, ... ) 20:31 <cz_> just thought i'd pass that along 20:32 <cz_> i still dont need the functionality for socketfactory, but i will.. so if you dont do it by then, i'll probably end up patching it :) The idea is to add SSL directly to SocketFactory. So far, though, doing non-blocking SSL accept() has been impossible.
  Sun Dec 15 15:22:29 2002 RCAPUTO [...] cpan.org - Correspondence added
I have written POE-compatible subclasses of Net::SSLeay::Handle to do client and server sockets. They seem to work, but they also have the nasty habit of dying on errors. In practice I haven't had this happen, but security people will be very familiar with the subtle ways to spoof Net::SSLeay and cause it to crash/die, thus denying service to whatever program uses them. Bleah. Still to do: Find a tidy way to package up the secure socket classes.
  Mon Apr 19 08:57:37 2004 SUNGO [...] cpan.org - Ticket #1776: Ticket 1776 MergedInto ticket 1622.
  Sat Nov 27 11:10:20 2004 RCAPUTO [...] cpan.org - Status changed from 'new' to 'resolved'