Bug #36648 for POE: SSL support in POE::Component::Client::TCP

Wed Jun 11 10:50:03 2008 ASCENT [...] cpan.org - Ticket created

Subject:

SSL support in POE::Component::Client::TCP

That would be nice to have SSL support in POE::Component::Client::TCP. I have attached example patch.

Subject:

pocotcp-ssl.patch

--- /usr/local/share/perl/5.8.8/POE/Component/Client/TCP.pm 2007-01-01 09:38:55.000000000 +0100 +++ TCPSSL.pm 2008-06-11 16:41:35.000000000 +0200 @@ -46,6 +46,9 @@ my $domain = delete $param{Domain}; my $bind_address = delete $param{BindAddress}; my $bind_port = delete $param{BindPort}; + my $ssl_enable = delete $param{SSL}; + my $ssl_private = delete $param{SSLPrivate}; + my $ssl_certificate = delete $param{SSLCertificate}; my $ctimeout = delete $param{ConnectTimeout}; my $args = delete $param{Args}; my $session_type = delete $param{SessionType}; @@ -194,6 +197,20 @@ got_connect_success => sub { my ($kernel, $heap, $socket) = @_[KERNEL, HEAP, ARG0]; + if ($ssl_enable) { + eval { + require POE::Component::SSLify; + import POE::Component::SSLify qw/SSLify_ContextCreate Client_SSLify/; + my $ctx = undef; + $ctx = SSLify_ContextCreate($ssl_private, $ssl_certificate) if (defined $ssl_private && defined $ssl_certificate); + $socket = Client_SSLify($socket, undef, undef, $ctx); + }; + if ($@) { + $kernel->yield('got_connect_error', 'SSLify', 0, $@); + return; + } + } + $kernel->alarm_remove( delete $heap->{ctimeout_id} ) if exists $heap->{ctimeout_id}; @@ -372,6 +389,10 @@ Alias => $session_alias # Optional. ConnectTimeout => 5, # Seconds; optional. + SSL => 1, # Optional. + SSLPrivate => '/path/to/file.pem', # Optional. + SSLCertificate => '/path/to/file.pem', # Optional. + SessionType => "POE::Session::Abc", # Optional. SessionParams => [ options => { debug => 1 } ], # Optional. @@ -661,6 +682,24 @@ The ServerInput function will stop being called when $heap->{shutdown} is true. +=item SSL + +Positive value will enable SSL connection. + +=item SSLCertificate + +Filename which contains a PEM encoded x509 certificate. + +This option is ONLY needed if server request and verify the client's +x509 certificate. + +=item SSLPrivate + +Filename which contains a PEM encoded private key. + +This option is ONLY needed if server request and verify the client's +x509 certificate. + =item Started Started is an optional callback. It is called after Client::TCP is

Fri Jul 04 18:41:17 2008 RCAPUTO [...] cpan.org - Severity Normal changed to Wishlist

Sun Feb 22 00:51:33 2009 RCAPUTO [...] cpan.org - Correspondence added

I think we spoke about this in IRC. The issue was isolated to something POE::Wheel::ReadWrite does to the socket. SSLify was noted as failing once the wheel was created. One option is a pre-Connected callback that allows the application to condition the filehandle before POE::Wheel::ReadWrite starts. I think it's important to know what POE::Wheel::ReadWrite is doing to break POE::Component::SSLify, though. Maybe we can make the existing POE::Component::Client::TCP do the right thing with the current API. Also, I'd like for POE::Component::SSLify to work after POE::Wheel::ReadWrite is created anyway. Otherwise how would people do TLS negotiation?

Sun Feb 22 00:51:35 2009 The RT System itself - Status changed from 'new' to 'open'

Sat Mar 07 13:50:04 2009 RCAPUTO [...] cpan.org - Status changed from 'open' to 'stalled'

Sat Sep 05 23:31:55 2009 RCAPUTO [...] cpan.org - Correspondence added

Revision 2674 adds a PreConnect callback to POE::Component::Client::TCP, where you may use POE::Component::SSLify to convert the socket to SSL. Revision 2674 also adds a ClientPreConnect callback to POE::Component::Server::TCP, allowing the same thing for servers.

Sat Sep 05 23:31:56 2009 The RT System itself - Status changed from 'stalled' to 'open'

Sat Sep 05 23:31:57 2009 RCAPUTO [...] cpan.org - Status changed from 'open' to 'resolved'