[PATCH] AnyEvent::TLS and TLSv1.[12]

Maxime Soulé btik-cpan at scoubidou.com
Sat Aug 31 10:00:48 CEST 2013


Hello,

Le 30.08.2013 22:58, Marc Lehmann a écrit :
> On Fri, Aug 30, 2013 at 04:36:07PM +0200, Maxime Soulé <btik-cpan at scoubidou.com> wrote:
>> With the attached patch, it is now possible to handle specifically
>> TLSv1.1 and TLSv1.2 protocols.
> Looks good, except that these options require specific versions of
> Net::SSLeay. Could you find out which version is required and add it to
> the docs similar to e.g.t he check_crl option? I also wonder what could
> be done if these protocols are requested but the underlying Net::SSLeay
> or openssl don't support it - normally I'd do best effort, but with TLS,
> that's not a good approach :)

OK, I will do it and propose you that change.

Net::SSLeay implements TLSv1_1 and TLSv1_2 from 1.55 and needs openssl
1.0.1 at least.

If Net::SSLeay version is 1.55 and openssl version is less than 1.0.1, a
runtime error occurs telling that Net::SSLeay can not autoload
Net::SSLeay::CTX_tlsv1_1_new (for example).

> Probably better, the code should be modified to die with an explanatory
> message about Net::SSLeay or openssl being too old, depending on what
> error message is currently generated.

I will try to do something like this that will not obfuscate the
existing code :)

>
>> To avoid modifying AnyEvent::TLS each time a new protocol or option
>> is available in Net::SSLeay, perhaps it could be a good thing to put
>> the CTX creation and $op initialisation in a special class method, so
>> we can inherit from AnyEvent::TLS and just redefine this method to
>> add new options or new protocols?
> You can already create and request the underlying ctx object so the first
> is certainly possible until the underlying implementation changes, and I
> don't know what "$op" is.

Sorry, $op is the options passed to Net::SSLeay::CTX_set_options in new().

I didn't see new_from_ssleay(), thanks. But it could be a good thing to
initialize the CTX *and* to benefit from the CTX configuration you did
in new() with various constructor options, to avoid to reinvent the
wheel just to pass a "special" CTX.

Perhaps doing the reverse I proposed above, creating a new (private)
_init_instance() method that will be called in new() and
new_from_ssleay() with their %args arguments? In this case
new_from_ssleay() should accept additional arguments, in the same form
as new(), but after the $ctx arg...

Best regards,

Max.



More information about the anyevent mailing list