File Coverage

blib/lib/Net/SSLeay/OO.pm

Criterion	Covered	Total	%
statement	7	9	77.7
branch			n/a
condition			n/a
subroutine	3	3	100.0
pod			n/a
total	10	12	83.3

line	stmt	sub	time	code
1
2				package Net::SSLeay::OO;
3
4	3	3	53319	use Net::SSLeay;
	3		58655
	3		272
5	3	3	2272	use Net::SSLeay::OO::Functions;
	3		11
	3		38
6	3	3	2416	use Net::SSLeay::OO::Error;
	0
	0
7				use Net::SSLeay::OO::Context;
8				use Net::SSLeay::OO::SSL;
9
10				our $VERSION = "0.02";
11
12				1;
13
14				__END__
15
16				=head1 NAME
17
18				Net::SSLeay::OO - OO Calling Method for Net::SSLeay
19
20				=head1 SYNOPSIS
21
22				use Net::SSLeay::OO;
23
24				use Net::SSLeay::OO::Constants qw(OP_ALL OP_NO_TLSv2);
25
26				my $ctx = Net::SSLeay::OO::Context->new;
27				$ctx->set_options(OP_ALL & OP_NO_TLSv2);
28				$ctx->load_verify_locations("", "/etc/ssl/certs");
29
30				# get a socket/stream somehow
31				my $socket = IO::Socket::INET->new(...);
32
33				# create a new SSL object, and attach it to the socket
34				my $ssl = Net::SSLeay::OO::SSL->new(ctx => $ctx);
35				$ssl->set_fd($socket);
36
37				# initiate the SSL connection
38				$ssl->connect;
39
40				# exchange data ... be sure to read the man page
41				my $wrote = $ssl->write($data, $size);
42				my $bytes_read = $ssl->read(\$buf, $size);
43
44				# close...
45				$ssl->shutdown;
46				$socket->shutdown(1);
47
48				=head1 DESCRIPTION
49
50				This set of modules adds an OO calling convention to the
51				L<Net::SSLeay> module. It steers away from overly abstracting things,
52				or adding new behaviour, instead just making the existing
53				functionality easier to use.
54
55				What does this approach win you over L<Net::SSLeay>?
56
57				=over
58
59				=item B<Object Orientation>
60
61				For a start, you get a blessed object rather than an integer to work
62				with, so you know what you are dealing with. All of the functions
63				which were callable with C<Net::SSLeay::foo($ssl, @args)> will then be
64				callable as plain C<$ssl-E<gt>foo(@args)>.
65
66				=item B<Namespaces>
67
68				The OpenSSL functions use a C-style namespace convention, where
69				functions are prefixed by the type of the object that they operate on.
70				OpenSSL has several types of objects, such as a "Context" (this is a
71				bit like a bunch of pre-defined connection settings), and various
72				classes relating to X509, sessions, etc.
73
74				This module splits up the functions which L<Net::SSLeay> binds into
75				Perl based on the naming convention, then sets up wrappers for them so
76				that you can just call methods on objects.
77
78				=item B<Exceptions>
79
80				If an error is raised by the OpenSSL library, an exception is
81				immediately raised (trappable via C<eval>) which pretty-prints into
82				something presented a little less cryptic than OpenSSL's
83				C<:>-delimited error string format.
84
85				=item B<fewer segfaults>
86
87				This is currently more of a promise than a reality; but eventually
88				each of the access methods for the various objects will be able to
89				know their lifetime in a robust fashion, so you should get less
90				segfaults. Eg, some SSL functions don't return object references
91				which are guaranteed to last very long, so if you wait too long before
92				getting properties from them you will get a segfault.
93
94				=back
95
96				On the flip side, what does this approach win you over other simpler
97				APIs such as L<IO::Socket::SSL>? Well, I guess it comes down to "Make
98				things as simple as possible, but no simpler".
99
100				Most SSL socket libraries tend to try to hide complexity from you, but
101				there really are things that you should consider; such as, shouldn't
102				you be validating the other end of your SSL connection has a valid
103				certificate? Which SSL versions do you wish to allow?
104
105				L<IO::Socket::SSL> lets you specify a lot of this stuff, but it's not
106				a very earnest implementation; it's just treated as a few extra
107				options passed to the constructor, a bit of magic at socket setup
108				time, and then hope that this will be enough. The support for
109				verifying client certificates didn't even work when I tested it.
110
111				On the other hand, using the OpenSSL API fully means you are taken
112				through the stages of setup piece by piece. You can easily do things
113				like check that your SSL configuration (eg server certificate) is
114				valid I<before> you start daemonize or start accepting real sockets.
115
116				I'll try to keep the documentation as complete as possible - there's
117				nothing more annoying than thin wrapper libraries which don't help
118				much people trying to use them. But in general, most functions
119				available in the OpenSSL manual will be available.
120
121				=head1 DISTRIBUTION OVERVIEW / PACKAGES
122
123				This is a brief overview of the packages in this module, so that you
124				know where to start.
125
126				=over
127
128				=item L<Net::SSLeay::OO::Context> (C: C<SSL_CTX*>)
129
130				The context object represents an individual configuration of the
131				OpenSSL library. Normally, you'll create one of these as you verify
132				the configuration of your program - eg for a server, setting the CA
133				certificates directory, and setting various other bits and bobs.
134
135				=item L<Net::SSLeay::OO::SSL> (C: C<SSL*>)
136
137				You have one of these per connection, and when you create one it is
138				tied to a Context object, taking defaults from the Context object.
139				Many settings can be made either on the Context object or the SSL
140				object. Once you have created this object, you attach it to a
141				filehandle/socket and then call either C<accept> or C<connect>,
142				depending on which SSL role you are playing in the connection.
143
144				=item L<Net::SSLeay::OO::Constants>
145
146				This module allows you to explicitly import SSLeay/OpenSSL constants
147				for passing to various API methods, so that you don't have to
148				specify the complete namespace to them.
149
150				=item L<Net::SSLeay::OO::Error> (C: <unsigned long>)
151
152				This class represents an error from OpenSSL, actually a stack of
153				errors. These are raised and printed pretty transparently, but if you
154				want to pick apart the details of the error you can do so. There is
155				no corresponding C struct, but the C<ERR_*> man pages (try C<man -k
156				ERR_>) handle the integers that OpenSSL passes around internally as
157				error codes.
158
159				=item L<Net::SSLeay::OO::X509> (C: C<X509*>)
160
161				This class represents a certificate. You can't create these with this
162				module, because of a lack of bindings in L<Net::SSLeay>, but various
163				things will return them.
164
165				=item L<Net::SSLeay::OO::X509::Name> (C: C<X509_NAME*>)
166
167				Retrieving things like the "issuer name" from X509 certificates
168				returns one of these objects; you can then call C<-E<gt>oneline> on
169				it, or print it to your requirements, to get a usable string.
170
171				=item L<Net::SSLeay::OO::X509::Store> (C: C<X509_STORE*>)
172
173				This class represents a certificate store. This would normally
174				represent a local directory with certificates in it. Currently the
175				only way to get one of these is with
176				L<Net::SSLeay::OO::Context/get_cert_store>.
177
178				=item L<Net::SSLeay::OO::X509::Context> (C: C<X509_STORE_CTX*>)
179
180				This is a type of object that you get back during certificate
181				verification. You probably don't need to use this class unless you
182				want certificate verification to fail based on custom rules during the
183				actual handshake.
184
185				=item L<Net::SSLeay::OO::Session> (C: C<SSL_SESSION*>)
186
187				This seems to represent an actual SSL session; ie, after C<accept> or
188				C<connect> has succeeded. This is a pretty uninteresting class.
189				About all you can do with it is pull out or alter the time the SSL
190				session was established, and session timeouts.
191
192				=item L<Net::SSLeay::OO::Functions>
193
194				This is the internal class which splits up the functions in
195				L<Net::SSLeay> into class-specific packages.
196
197				=item C<Net::SSLeay::OO::BIO>
198
199				=item C<Net::SSLeay::OO::Cipher>
200
201				=item C<Net::SSLeay::OO::Compression>
202
203				=item C<Net::SSLeay::OO::PRNG>
204
205				=item C<Net::SSLeay::OO::Engine>
206
207				=item C<Net::SSLeay::OO::PrivateKey>
208
209				=item C<Net::SSLeay::OO::PEM>
210
211				=item C<Net::SSLeay::OO::KeyType::DH>
212
213				=item C<Net::SSLeay::OO::KeyType::RSA>
214
215				These classes are currently all TO-DO. All I've done is earmarked
216				these packages in L<Net::SSLeay::OO::Functions> as recipients for the
217				corresponding L<Net::SSLeay> functions. There's not a lot of
218				boilerplate that has to be implemented to make them work, take a look
219				at some of the implementations of some of the X509 classes to see how
220				short it can be. If you make them work, with a test suite, send them
221				to me and I'll include them in this distribution.
222
223				=back
224
225				=head1 SOURCE, SUBMISSIONS, SUPPORT
226
227				Source code is available from Catalyst:
228
229				git://git.catalyst.net.nz/Net-SSLeay-OO.git
230
231				And Github:
232
233				git://github.com/catalyst/Net-SSLeay-OO.git
234
235				Please see the file F<SubmittingPatches> for information on preferred
236				submission format.
237
238				Suggested avenues for support:
239
240				=over
241
242				=item *
243
244				Net::SSLeay developer's mailing list
245				L<http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel>
246
247				=item *
248
249				Contact the author and ask either politely or commercially for help.
250
251				=item *
252
253				Log a ticket on L<http://rt.cpan.org/>
254
255				=back
256
257				=head1 AUTHOR AND LICENCE
258
259				All code in the L<Net::SSLeay::OO> distribution is written by Sam
260				Vilain, L<sam.vilain@catalyst.net.nz>. Development commissioned by NZ
261				Registry Services.
262
263				Copyright 2009, NZ Registry Services. This module is licensed under
264				the Artistic License v2.0, which permits relicensing under other Free
265				Software licenses.
266
267				=head2 IMPORTANT LICENSE CONDITIONS
268
269				This software is not free; it is encumbered by various restrictions
270				stemming from OpenSSL and Net::SSLeay. The bizarre copyright of
271				Net::SSLeay states to be "under the same terms as OpenSSL", which is
272				something of a GPL/Artistic/Perl license idiom. What it means is, if
273				you make software based on Net::SSLeay, you have to acknowledge the
274				OpenSSL team as below, even if you use it with a free rewrite of
275				OpenSSL, or something. If you did that, the Net::SSLeay license will
276				effectively compel you to lie. But that's pretty unlikely so let's
277				just cut straight to the clauses.
278
279				=over
280
281				=item B<obnoxious renaming clause>
282
283				This module and sub-classes which abstract the interface is almost
284				certainly covered by these clauses:
285
286				* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
287				* endorse or promote products derived from this software without
288				* prior written permission. For written permission, please contact
289				* openssl-core@openssl.org.
290
291				* 5. Products derived from this software may not be called "OpenSSL"
292				* nor may "OpenSSL" appear in their names without prior written
293				* permission of the OpenSSL Project.
294
295				=item B<obnoxious advertising clause>
296
297				If you write a program which uses SSL sockets, and then you advertise
298				it, even if SSL is like a small tick-box item and hardly relevant to
299				the message you are putting across, heed the following license term:
300
301				OpenSSL:
302
303				* 3. All advertising materials mentioning features or use of this
304				* software must display the following acknowledgment:
305				* "This product includes software developed by the OpenSSL Project
306				* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
307
308				=back
309
310				L<Net::SSLeay::OO::Context>, L<Net::SSLeay::SSL>, L<Net::SSLeay::Error>
311
312				=cut
313