package DJabberd::Connection::OldSSLClientIn; use strict; use base 'DJabberd::Connection::ClientIn'; use DJabberd::Stanza::StartTLS; use Net::SSLeay; use constant SSL_MODE_ENABLE_PARTIAL_WRITE => 1; use constant SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER => 2; use constant SSL_MODE_AUTO_RETRY => 4; sub new { my ($class, $sock, $server) = @_; my $self = $class->SUPER::new($sock, $server); my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); # compared to the StartTLS, we specifically do not insist on TLS here. # let client do SSL 2/3/whatever. TODO: perhaps force SSL v3? # $Net::SSLeay::ssl_version = 10; # Insist on TLSv1 Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL) and Net::SSLeay::die_if_ssl_error("ssl ctx set options"); Net::SSLeay::CTX_set_mode($ctx, SSL_MODE_ENABLE_PARTIAL_WRITE) and Net::SSLeay::die_if_ssl_error("ssl ctx set options"); # Following will ask password unless private key is not encrypted Net::SSLeay::CTX_use_RSAPrivateKey_file ($ctx, $server->ssl_private_key_file, # server-key.pem', &Net::SSLeay::FILETYPE_PEM); Net::SSLeay::die_if_ssl_error("private key"); Net::SSLeay::CTX_use_certificate_file ($ctx, $server->ssl_cert_file, # 'server-cert.pem', &Net::SSLeay::FILETYPE_PEM); Net::SSLeay::die_if_ssl_error("certificate"); my $ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!"); $self->{ssl} = $ssl; # Net::SSLeay::set_verify($ssl, Net::SSLeay::VERIFY_PEER(), 0); my $fileno = $self->{sock}->fileno; warn "setting ssl ($ssl) fileno to $fileno\n"; Net::SSLeay::set_fd($ssl, $fileno); $Net::SSLeay::trace = 2; my $rv = Net::SSLeay::accept($ssl); if (!$rv) { warn "SSL accept error on $self\n"; $self->close; return; } warn "$self: Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n"; $self->set_writer_func(DJabberd::Stanza::StartTLS->danga_socket_writerfunc($self)); return $self; } 1;