Net-SSLGlue-1.04/0000755000175100017520000000000012176546334012204 5ustar workworkNet-SSLGlue-1.04/Makefile.PL0000644000175100017520000000063411126702455014151 0ustar workworkuse ExtUtils::MakeMaker; require 5.008; my $xt = prompt( "Should I do external tests?\n". "These tests will fail if there is no internet connection or if a firewall\n". "blocks some traffic.\n". "[y/N]", 'n' ); WriteMakefile( NAME => 'Net::SSLGlue', VERSION_FROM => 'lib/Net/SSLGlue.pm', PREREQ_PM => { 'IO::Socket::SSL' => 1.19, }, $xt =~m{^y}i ? ( test => { TESTS => 't/*.t t/external/*.t' }):(), ); Net-SSLGlue-1.04/META.yml0000664000175100017520000000075712176546334013470 0ustar workwork--- #YAML:1.0 name: Net-SSLGlue version: 1.04 abstract: ~ author: [] license: unknown distribution_type: module configure_requires: ExtUtils::MakeMaker: 0 build_requires: ExtUtils::MakeMaker: 0 requires: IO::Socket::SSL: 1.19 no_index: directory: - t - inc generated_by: ExtUtils::MakeMaker version 6.57_05 meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: 1.4 Net-SSLGlue-1.04/examples/0000755000175100017520000000000012176546334014022 5ustar workworkNet-SSLGlue-1.04/examples/send-starttls-mail.pl0000644000175100017520000000061611405231030020063 0ustar workworkuse strict; use warnings; use Net::SSLGlue::SMTP; my $smtp = Net::SMTP->new( 'mail.gmx.net', Debug => 1 ) or die $@; $smtp->starttls( SSL_ca_path => "/etc/ssl/certs" ) or die $@; $smtp->auth( '123456','password' ); $smtp->mail( 'me@example.org' ); $smtp->to( 'you@example.org' ); $smtp->data; $smtp->datasend( <dataend; $smtp->quit; Net-SSLGlue-1.04/examples/send-ssl-mail.pl0000644000175100017520000000065211405230772017020 0ustar workworkuse strict; use warnings; use Net::SSLGlue::SMTP; my $smtp = Net::SMTP->new( 'mail.gmx.net', SSL => 1, SSL_ca_path => "/etc/ssl/certs", Debug => 1 ) or die $@; die $smtp->peerhost.':'.$smtp->peerport; $smtp->auth( '123456','password' ); $smtp->mail( 'me@example.org' ); $smtp->to( 'you@example.org' ); $smtp->data; $smtp->datasend( <dataend; $smtp->quit; Net-SSLGlue-1.04/examples/lwp.pl0000644000175100017520000000033111127506117015144 0ustar workworkuse strict; use LWP::UserAgent; use Net::SSLGlue::LWP SSL_ca_path => '/etc/ssl/certs'; my $ua = LWP::UserAgent->new; $ua->env_proxy; my $resp = $ua->get( 'https://www.comdirect.de' ) || die $@; print $resp->content; Net-SSLGlue-1.04/examples/lwp_post.pl0000644000175100017520000000056111372331671016221 0ustar workworkuse strict; use LWP::UserAgent; use Net::SSLGlue::LWP SSL_ca_path => '/etc/ssl/certs', SSL_verify_mode => 0; my $ua = LWP::UserAgent->new; $ua->env_proxy; my $resp = $ua->post( 'https://service.gmx.net/de/cgi/login', { AREA => 1, EXT => 'redirect', EXT2 => '', uinguserid => '__uuid__', dlevel => 'c', id => 'a', p => 'b', }) || die $@; print $resp->as_string; Net-SSLGlue-1.04/TODO0000644000175100017520000000001311126707026012655 0ustar workworkldap tests Net-SSLGlue-1.04/COPYRIGHT0000644000175100017520000000030311126703227013461 0ustar workworkThese modules are copyright (c) 2008, Steffen Ullrich. All Rights Reserved. These modules are free software. They may be used, redistributed and/or modified under the same terms as Perl itself. Net-SSLGlue-1.04/lib/0000755000175100017520000000000012176546334012752 5ustar workworkNet-SSLGlue-1.04/lib/Net/0000755000175100017520000000000012176546334013500 5ustar workworkNet-SSLGlue-1.04/lib/Net/SSLGlue/0000755000175100017520000000000012176546334014756 5ustar workworkNet-SSLGlue-1.04/lib/Net/SSLGlue/SMTP.pm0000644000175100017520000001317111711476107016074 0ustar workworkuse strict; use warnings; package Net::SSLGlue::SMTP; use IO::Socket::SSL 1.19; use Net::SMTP; our $VERSION = 1.0; ############################################################################## # mix starttls method into Net::SMTP which on SSL handshake success # upgrades the class to Net::SMTP::_SSLified ############################################################################## sub Net::SMTP::starttls { my $self = shift; $self->_STARTTLS or return; my $host = $self->host; # for name verification strip port from domain:port, ipv4:port, [ipv6]:port $host =~s{(?start_SSL( $self, SSL_verify_mode => 1, SSL_verifycn_scheme => 'smtp', SSL_verifycn_name => $host, @_ ) or return; # another hello after starttls to read new ESMTP capabilities return $self->hello(${*$self}{net_smtp_hello_domain}); } sub Net::SMTP::_STARTTLS { shift->command("STARTTLS")->response() == Net::SMTP::CMD_OK } no warnings 'redefine'; my $old_new = \&Net::SMTP::new; *Net::SMTP::new = sub { my $class = shift; my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ ); if ( delete $arg{SSL} ) { $arg{Port} ||= 465; return Net::SMTP::_SSLified->new(%arg); } else { return $old_new->($class,%arg); } }; my $old_hello = \&Net::SMTP::hello; *Net::SMTP::hello = sub { my ($self,$domain) = @_; ${*$self}{net_smtp_hello_domain} = $domain if $domain; goto &$old_hello; }; ############################################################################## # Socket class derived from IO::Socket::SSL # strict certificate verification per default ############################################################################## our %SSLopts; { package Net::SMTP::_SSL_Socket; our @ISA = 'IO::Socket::SSL'; sub configure_SSL { my ($self,$arg_hash) = @_; # set per default strict certificate verification $arg_hash->{SSL_verify_mode} = 1 if ! exists $arg_hash->{SSL_verify_mode}; $arg_hash->{SSL_verifycn_scheme} = 'smtp' if ! exists $arg_hash->{SSL_verifycn_scheme}; $arg_hash->{SSL_verifycn_name} = $self->host if ! exists $arg_hash->{SSL_verifycn_name}; # force keys from %SSLopts while ( my ($k,$v) = each %SSLopts ) { $arg_hash->{$k} = $v; } return $self->SUPER::configure_SSL($arg_hash) } } ############################################################################## # Net::SMTP derived from Net::SMTP::_SSL_Socket instead of IO::Socket::INET # this talks SSL to the peer ############################################################################## { package Net::SMTP::_SSLified; use Carp 'croak'; # deriving does not work because we need to replace a superclass # from Net::SMTP, so just copy the class into the new one and then # change it # copy subs for ( keys %{Net::SMTP::} ) { no strict 'refs'; *{$_} = \&{ "Net::SMTP::$_" } if *{$Net::SMTP::{$_}}{CODE}; } # copy + fix @ISA our @ISA = @Net::SMTP::ISA; grep { s{^IO::Socket::INET$}{Net::SMTP::_SSL_Socket} } @ISA or die "cannot find and replace IO::Socket::INET superclass"; # we are already sslified no warnings 'redefine'; sub starttls { croak "have already TLS\n" } my $old_new = \&new; *Net::SMTP::_SSLified::new = sub { my $class = shift; my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ ); local %SSLopts; $SSLopts{$_} = delete $arg{$_} for ( grep { /^SSL_/ } keys %arg ); return $old_new->($class,%arg); }; } 1; =head1 NAME Net::SSLGlue::SMTP - make Net::SMTP able to use SSL =head1 SYNOPSIS use Net::SSLGlue::SMTP; my $smtp_ssl = Net::SMTP->new( $host, SSL => 1, SSL_ca_path => ... ); my $smtp_plain = Net::SMTP->new( $host ); $smtp_plain->starttls( SSL_ca_path => ... ); =head1 DESCRIPTION L extends L so one can either start directly with SSL or switch later to SSL using the STARTTLS command. By default it will take care to verify the certificate according to the rules for SMTP implemented in L. =head1 METHODS =over 4 =item new The method C of L is now able to start directly with SSL when the argument C< 1>> is given. In this case it will not create an L object but an L object. One can give the usual C parameter of L to C. =item starttls If the connection is not yet SSLified it will issue the STARTTLS command and change the object, so that SSL will now be used. The usual C parameter of L will be given. =item peer_certificate ... Once the SSL connection is established the object is derived from L so that you can use this method to get information about the certificate. See the L documentation. =back All of these methods can take the C parameter from L to change the behavior of the SSL connection. The following parameters are especially useful: =over 4 =item SSL_ca_path, SSL_ca_file Specifies the path or a file where the CAs used for checking the certificates are located. This is typically L on UNIX systems. =item SSL_verify_mode If set to 0, verification of the certificate will be disabled. By default it is set to 1 which means that the peer certificate is checked. =item SSL_verifycn_name Usually the name given as the hostname in the constructor is used to verify the identity of the certificate. If you want to check the certificate against another name you can specify it with this parameter. =back =head1 SEE ALSO IO::Socket::SSL, Net::SMTP =head1 COPYRIGHT This module is copyright (c) 2008, Steffen Ullrich. All Rights Reserved. This module is free software. It may be used, redistributed and/or modified under the same terms as Perl itself. Net-SSLGlue-1.04/lib/Net/SSLGlue/POP3.pm0000644000175100017520000001320312176545617016037 0ustar workworkuse strict; use warnings; package Net::SSLGlue::POP3; use IO::Socket::SSL 1.19; use Net::POP3; our $VERSION = 0.91; ############################################################################## # mix starttls method into Net::POP3 which on SSL handshake success # upgrades the class to Net::POP3::_SSLified ############################################################################## sub Net::POP3::starttls { my $self = shift; $self->_STLS or return; my $host = $self->host; # for name verification strip port from domain:port, ipv4:port, [ipv6]:port $host =~s{(?start_SSL( $self, SSL_verify_mode => 1, SSL_verifycn_scheme => 'pop3', SSL_verifycn_name => $host, @_ ) or return; } sub Net::POP3::_STLS { shift->command("STLS")->response() == Net::POP3::CMD_OK } no warnings 'redefine'; my $old_new = \&Net::POP3::new; *Net::POP3::new = sub { my $class = shift; my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ ); if ( delete $arg{SSL} ) { $arg{Port} ||= 995; return Net::POP3::_SSLified->new(%arg); } else { return $old_new->($class,%arg); } }; ############################################################################## # Socket class derived from IO::Socket::SSL # strict certificate verification per default ############################################################################## our %SSLopts; { package Net::POP3::_SSL_Socket; our @ISA = 'IO::Socket::SSL'; sub configure_SSL { my ($self,$arg_hash) = @_; # set per default strict certificate verification $arg_hash->{SSL_verify_mode} = 1 if ! exists $arg_hash->{SSL_verify_mode}; $arg_hash->{SSL_verifycn_scheme} = 'pop3' if ! exists $arg_hash->{SSL_verifycn_scheme}; $arg_hash->{SSL_verifycn_name} = $self->host if ! exists $arg_hash->{SSL_verifycn_name}; # force keys from %SSLopts while ( my ($k,$v) = each %SSLopts ) { $arg_hash->{$k} = $v; } return $self->SUPER::configure_SSL($arg_hash) } } ############################################################################## # Net::POP3 derived from Net::POP3::_SSL_Socket instead of IO::Socket::INET # this talks SSL to the peer ############################################################################## { package Net::POP3::_SSLified; use Carp 'croak'; # deriving does not work because we need to replace a superclass # from Net::POP3, so just copy the class into the new one and then # change it # copy subs for ( keys %{Net::POP3::} ) { no strict 'refs'; eval { *{$Net::POP3::{$_}} && *{$Net::POP3::{$_}}{CODE} } or next; *{$_} = \&{ "Net::POP3::$_" }; } # copy + fix @ISA our @ISA = @Net::POP3::ISA; grep { s{^IO::Socket::INET$}{Net::POP3::_SSL_Socket} } @ISA or die "cannot find and replace IO::Socket::INET superclass"; # we are already sslified no warnings 'redefine'; sub starttls { croak "have already TLS\n" } my $old_new = \&new; *Net::POP3::_SSLified::new = sub { my $class = shift; my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ ); local %SSLopts; $SSLopts{$_} = delete $arg{$_} for ( grep { /^SSL_/ } keys %arg ); return $old_new->($class,%arg); }; # Net::Cmd getline uses select, but this is not sufficient with SSL # note that this does no EBCDIC etc conversions *Net::POP3::_SSLified::getline = sub { my $self = shift; # skip Net::POP3 getline and go directly to IO::Socket::SSL return $self->IO::Socket::SSL::getline(@_); }; } 1; =head1 NAME Net::SSLGlue::POP3 - make Net::POP3 able to use SSL =head1 SYNOPSIS use Net::SSLGlue::POP3; my $pop3s = Net::POP3->new( $host, SSL => 1, SSL_ca_path => ... ); my $pop3 = Net::POP3->new( $host ); $pop3->starttls( SSL_ca_path => ... ); =head1 DESCRIPTION L extends L so one can either start directly with SSL or switch later to SSL using the STLS command. By default it will take care to verify the certificate according to the rules for POP3 implemented in L. =head1 METHODS =over 4 =item new The method C of L is now able to start directly with SSL when the argument C< 1>> is given. In this case it will not create an L object but an L object. One can give the usual C parameter of L to C. =item starttls If the connection is not yet SSLified it will issue the STLS command and change the object, so that SSL will now be used. The usual C parameter of L will be given. =item peer_certificate ... Once the SSL connection is established the object is derived from L so that you can use this method to get information about the certificate. See the L documentation. =back All of these methods can take the C parameter from L to change the behavior of the SSL connection. The following parameters are especially useful: =over 4 =item SSL_ca_path, SSL_ca_file Specifies the path or a file where the CAs used for checking the certificates are located. This is typically L on UNIX systems. =item SSL_verify_mode If set to 0, verification of the certificate will be disabled. By default it is set to 1 which means that the peer certificate is checked. =item SSL_verifycn_name Usually the name given as the hostname in the constructor is used to verify the identity of the certificate. If you want to check the certificate against another name you can specify it with this parameter. =back =head1 SEE ALSO IO::Socket::SSL, Net::POP3 =head1 COPYRIGHT This module is copyright (c) 2013, Steffen Ullrich. All Rights Reserved. This module is free software. It may be used, redistributed and/or modified under the same terms as Perl itself. Net-SSLGlue-1.04/lib/Net/SSLGlue/LDAP.pm0000644000175100017520000000430711711707522016030 0ustar workworkuse strict; use warnings; package Net::SSLGlue::LDAP; our $VERSION = '1.01'; use Net::LDAP; use IO::Socket::SSL 1.19; # can be reset with local our %SSLopts; # add SSL_verifycn_scheme to the SSL CTX args returned by # Net::LDAP::_SSL_context_init_args my $old = defined &Net::LDAP::_SSL_context_init_args && \&Net::LDAP::_SSL_context_init_args || die "cannot find Net::LDAP::_SSL_context_init_args"; no warnings 'redefine'; *Net::LDAP::_SSL_context_init_args = sub { my %arg = $old->(@_); $arg{SSL_verifycn_scheme} ||= 'ldap' if $arg{SSL_verify_mode}; while ( my ($k,$v) = each %SSLopts ) { $arg{$k} = $v; } return %arg; }; 1; =head1 NAME Net::SSLGlue::LDAP - proper certificate checking for ldaps in Net::LDAP =head1 SYNOPSIS use Net::SSLGlue::LDAP; local %Net::SSLGlue::LDAP = ( SSL_verifycn_name => $hostname_in_cert ); my $ldap = Net::LDAP->new( $hostname, capath => ... ); $ldap->start_tls; =head1 DESCRIPTION L modifies L so that it does proper certificate checking using the C SSL_verify_scheme from L. Because L does not have a mechanism to forward arbitrary parameters for the construction of the underlying socket these parameters can be set globally when including the package, or with local settings of the C<%Net::SSLGlue::LDAP::SSLopts> variable. All of the C parameters from L can be used; the following parameter is especially useful: =over 4 =item SSL_verifycn_name Usually the name given as the hostname in the constructor is used to verify the identity of the certificate. If you want to check the certificate against another name you can specify it with this parameter. =back C, C for L can be set with the C and C parameters of L and C can be set with C, but the meaning of the values differs (C is 0, e.g. disable certificate verification). =head1 SEE ALSO IO::Socket::SSL, LWP, Net::LDAP =head1 COPYRIGHT This module is copyright (c) 2008, Steffen Ullrich. All Rights Reserved. This module is free software. It may be used, redistributed and/or modified under the same terms as Perl itself. Net-SSLGlue-1.04/lib/Net/SSLGlue/LWP.pm0000644000175100017520000001276211707457324015765 0ustar workworkuse strict; use warnings; package Net::SSLGlue::LWP; our $VERSION = 0.4; use LWP::UserAgent '5.822'; use IO::Socket::SSL 1.19; use URI; # force Net::SSLGlue::LWP::Socket as superclass of Net::HTTPS, because # only it can verify certificates BEGIN { my $oc = $Net::HTTPS::SSL_SOCKET_CLASS; $Net::HTTPS::SSL_SOCKET_CLASS = my $need = 'Net::SSLGlue::LWP::Socket'; require Net::HTTPS; require LWP::Protocol::https; if ( ( my $oc = $Net::HTTPS::SSL_SOCKET_CLASS ) ne $need ) { # was probably loaded before, change ISA grep { s{^\Q$oc\E$}{$need} } @Net::HTTPS::ISA } die "cannot force $need into Net::HTTPS" if $Net::HTTPS::SSL_SOCKET_CLASS ne $need; } our %SSLopts; # set by local and import sub import { shift; %SSLopts = @_; } { # add SSL options my $old_eso = UNIVERSAL::can( 'LWP::Protocol::https','_extra_sock_opts' ); no warnings 'redefine'; *LWP::Protocol::https::_extra_sock_opts = sub { return ( $old_eso ? ( $old_eso->(@_) ):(), SSL_verify_mode => 1, SSL_verifycn_scheme => 'http', HTTPS_proxy => $_[0]->{ua}{https_proxy}, %SSLopts, ); }; } { # fix https_proxy handling - forward it to a variable handled by me my $old_proxy = defined &LWP::UserAgent::proxy && \&LWP::UserAgent::proxy or die "cannot find LWP::UserAgent::proxy"; no warnings 'redefine'; *LWP::UserAgent::proxy = sub { my ($self,$key,$val) = @_; goto &$old_proxy if ref($key) || $key ne 'https'; if (@_>2) { my $rv = &$old_proxy; $self->{https_proxy} = delete $self->{proxy}{https} || die "https proxy not set?"; } return $self->{https_proxy}; } } { package Net::SSLGlue::LWP::Socket; use IO::Socket::SSL; use base 'IO::Socket::SSL'; my $sockclass = 'IO::Socket::INET'; use URI::Escape 'uri_unescape'; use MIME::Base64 'encode_base64'; $sockclass .= '6' if eval "require IO::Socket::INET6"; sub configure { my ($self,$args) = @_; my $phost = delete $args->{HTTPS_proxy} or return $self->SUPER::configure($args); $phost = URI->new($phost) if ! ref $phost; my $port = $args->{PeerPort}; my $host = $args->{PeerHost} || $args->{PeerAddr}; if ( ! $port ) { $host =~s{:(\w+)$}{}; $port = $args->{PeerPort} = $1; $args->{PeerHost} = $host; } if ( $phost->scheme ne 'http' ) { $@ = "scheme ".$phost->scheme." not supported for https_proxy"; return; } my $auth = ''; if ( my ($user,$pass) = split( ':', $phost->userinfo || '' ) ) { $auth = "Proxy-authorization: Basic ". encode_base64( uri_unescape($user).':'.uri_unescape($pass),'' ). "\r\n"; } my $pport = $phost->port; $phost = $phost->host; # temporally downgrade $self so that the right connect chain # gets called w/o doing SSL stuff. If we don't do it it will # try to call IO::Socket::SSL::connect my $ssl_class = ref($self); bless $self,$sockclass; $self->configure({ %$args, PeerAddr => $phost, PeerPort => $pport }) or do { $@ = "connect to proxy $phost port $pport failed"; return; }; print $self "CONNECT $host:$port HTTP/1.0\r\n$auth\r\n"; my $hdr = ''; while (<$self>) { $hdr .= $_; last if $_ eq "\n" or $_ eq "\r\n"; } if ( $hdr !~m{\AHTTP/1.\d 2\d\d} ) { # error $@ = "non 2xx response to CONNECT: $hdr"; return; } # and upgrade self by calling start_SSL $ssl_class->start_SSL( $self, SSL_verifycn_name => $host, %$args ) or do { $@ = "start SSL failed: $SSL_ERROR"; return; }; return $self; }; } 1; =head1 NAME Net::SSLGlue::LWP - proper certificate checking for https in LWP =head1 SYNOPSIS use Net::SSLGlue::LWP SSL_ca_path => ...; use LWP::Simple; get( 'https://www....' ); { local %Net::SSLGlue::LWP::SSLopts = %Net::SSLGlue::LWP::SSLopts; # switch off verification $Net::SSLGlue::LWP::SSLopts{SSL_verify_mode} = 0; # or: set different verification policy, because cert does # not conform to RFC (wildcards in CN are not allowed for https, # but some servers do it anyway) $Net::SSLGlue::LWP::SSLopts{SSL_verifycn_scheme} = { wildcards_in_cn => 'anywhere', check_cn => 'always', }; } =head1 DESCRIPTION L modifies L and L so that L is forced to use L instead of L, and that L does proper certificate checking using the C SSL_verify_scheme from L. Because L does not have a mechanism to forward arbitrary parameters for the construction of the underlying socket these parameters can be set globally when including the package, or with local settings of the C<%Net::SSLGlue::LWP::SSLopts> variable. All of the C parameter from L can be used; the following parameters are especially useful: =over 4 =item SSL_ca_path, SSL_ca_file Specifies the path or a file where the CAs used for checking the certificates are located. This is typically L on UNIX systems. =item SSL_verify_mode If set to 0, verification of the certificate will be disabled. By default it is set to 1 which means that the peer certificate is checked. =item SSL_verifycn_name Usually the name given as the hostname in the constructor is used to verify the identity of the certificate. If you want to check the certificate against another name you can specify it with this parameter. =back =head1 SEE ALSO IO::Socket::SSL, LWP, Net::HTTPS, LWP::Protocol::https =head1 COPYRIGHT This module is copyright (c) 2008, Steffen Ullrich. All Rights Reserved. This module is free software. It may be used, redistributed and/or modified under the same terms as Perl itself. Net-SSLGlue-1.04/lib/Net/SSLGlue.pm0000644000175100017520000000200112176546122015300 0ustar workworkpackage Net::SSLGlue; our $VERSION = '1.04'; =head1 NAME Net::SSLGlue - add/extend SSL support for common perl modules =head1 DESCRIPTION Some commonly used perl modules don't have SSL support at all, even if the protocol supports it. Others have SSL support, but most of them don't do proper checking of the server's certificate. The C modules try to add SSL support or proper certificate checking to these modules. Currently support for the following modules is available: =over 4 =item Net::SMTP - add SSL from beginning or using STARTTLS =item Net::POP3 - add SSL from beginning or using STLS =item Net::LDAP - add proper certificate checking =item LWP - add proper certificate checking =back =head1 COPYRIGHT This module and the modules in the Net::SSLGlue Hierarchy distributed together with this module are copyright (c) 2008-2013, Steffen Ullrich. All Rights Reserved. These modules are free software. They may be used, redistributed and/or modified under the same terms as Perl itself. Net-SSLGlue-1.04/README0000644000175100017520000000017611405230305013046 0ustar workworkThis Module helps LWP, Net::SMTP and Net::LDAP to be either SSL aware at all or to offer way for proper certificate checking. Net-SSLGlue-1.04/Changes0000644000175100017520000000423612176546154013504 0ustar workwork1.04 2013/08/01 replace Net::Cmd::getline via Net::SSLGlue::POP3 because it assumed, that it just needs to wait for read events on the sockets - which is not the case for SSL (e.g. SSL_WANT_READ, SSL_WANT_WRITE). Fixes https://rt.cpan.org/Ticket/Display.html?id=87507. Thanks to MICHIELB for reporting 1.03 2013/05/15 fixed documentation for Net::SSLGlue::POP3 1.02 2013/05/14 added Net::SSLGlue::POP3 1.01 2012/01/31 Net::SSLGlue::LDAP as wrongly named Net::DNSGlue::LDAP 1.0 2012/01/30 Net::SSLGlue::SMTP: save hello domain from last hello call, so that the hello after the starttls uses the same domain argument. Thanks to zaucker[AT]oetiker[DOT]ch for reporting problem. 0.9 2012/01/24 Net::SSLGlue::SMTP: fixed stripping of port from host/ip for name verification. Added hello after successful starttls. Extented tests to check, if we can actually talk after starttls. Thanks to zaucker[AT]oetiker[DOT]ch for reporting problem. 0.8 2011/07/17 fixed wrong position for include encode_base64 and uri_unescape in *::LWP. Thanks to mtelle[AT]kamp-dsl[DOT]de for reporting 0.7 2011/05/27 strip port from host/ip for name verification in Net::SSLGlue::SMTP 0.6 2011/05/02 fixed english, thanks to dom, https://rt.cpan.org/Ticket/Display.html?id=46284 0.5 2011/02/03 documentation fixes: http://rt.cpan.org/Ticket/Display.html?id=65258 0.4 2010/06/13 added Changes, put examples into examples/ dir 0.3 2010/05/13 rewrite parts of Net::SSLGlue::LWP so that it sends the correct request to the peer even if https_proxy is used. In former version it ommitted the HTTP version number in the request (thus the request was invalid). Bug report by PMOONEY https://rt.cpan.org/Ticket/Display.html?id=57365 0.2_1 2010/05/11 document way to set different verification scheme for LWP requested by PMOONEY https://rt.cpan.org/Ticket/Display.html?57367 0.2 2009/01/02 https_proxy support for LWP, HTTPS_PROXY from Crypt::SSLeay did not work and the https_proxy from LWP was broken with both Crypt::SSLeay and IO::Socket::SSL (it did unencrypted https:// requests to the proxy). Fix it so that it now does CONNECT (this is the meaning of https_proxy for all other programs) 0.1 2008/12/31 initial release Net-SSLGlue-1.04/t/0000755000175100017520000000000012176546334012447 5ustar workworkNet-SSLGlue-1.04/t/01_load.t0000644000175100017520000000052611126676765014064 0ustar workworkuse strict; use warnings; print "1..3\n"; for ( [ 'Net::SMTP','SMTP' ], [ 'LWP', 'LWP' ], [ 'Net::LDAP','LDAP' ], ) { my ($pkg,$glue) = @$_; eval "use $pkg"; if ( ! $@ ) { eval "use Net::SSLGlue::$glue"; print $@ ? "not ok # load $glue glue failed\n": "ok # load $glue glue\n" } else { print "ok # skip $glue glue\n" } } Net-SSLGlue-1.04/t/external/0000755000175100017520000000000012176546334014271 5ustar workworkNet-SSLGlue-1.04/t/external/04_pop3.t0000644000175100017520000000423712144355714015643 0ustar workwork use strict; use warnings; BEGIN { eval "use Net::POP3"; if ( $@ ) { print "1..0 # no Net::POP3\n"; exit } } use Net::SSLGlue::POP3; my $capath = '/etc/ssl/certs/'; # unix? -d $capath or do { print "1..0 # cannot find system CA-path\n"; exit }; # first try to connect w/o smtp # plain diag( "connect inet to pop.gmx.net:110" ); IO::Socket::INET->new( 'pop.gmx.net:110' ) or do { print "1..0 # pop.gmx.net:110 not reachable\n"; exit }; # ssl to the right host diag( "connect ssl to pop.gmx.net:995" ); IO::Socket::SSL->new( PeerAddr => 'pop.gmx.net:995', SSL_ca_path => $capath, SSL_verify_mode => 1, SSL_verifycn_scheme => 'smtp' ) or do { print "1..0 # pop.gmx.net:995 not reachable with SSL\n"; exit }; # ssl to the wrong host # the certificate pop.gmx.de returns is for pop.gmx.net diag( "connect ssl to pop.gmx.de:995" ); IO::Socket::SSL->new( PeerAddr => 'pop.gmx.de:995', SSL_ca_path => $capath, SSL_verify_mode => 1, SSL_verifycn_scheme => 'smtp' ) and do { print "1..0 # pop.gmx.de:995 reachable with SSL\n"; exit }; print "1..6\n"; # first direct SSL my $smtp = Net::POP3->new( 'pop.gmx.net', SSL => 1, SSL_ca_path => $capath, ); print $smtp ? "ok\n" : "not ok # smtp connect pop.gmx.net\n"; # then starttls $smtp = Net::POP3->new( 'pop.gmx.net' ); my $ok = $smtp->starttls( SSL_ca_path => $capath ); print $ok ? "ok\n" : "not ok # smtp starttls pop.gmx.net\n"; # check that we can talk on connection print $smtp->quit ? "ok\n": "not ok # quit failed\n"; # against wrong host should fail $smtp = Net::POP3->new( 'pop.gmx.de' ); # should succeed $ok = $smtp->starttls( SSL_ca_path => $capath ); print $ok ? "not ok # smtp starttls pop.gmx.de did not fail\n": "ok\n"; # but not if we specify the right SSL_verifycn_name $smtp = Net::POP3->new( 'pop.gmx.de' ); # should succeed $ok = $smtp->starttls( SSL_ca_path => $capath, SSL_verifycn_name => 'pop.gmx.net' ); print $ok ? "ok\n" : "not ok # smtp starttls pop.gmx.de/net\n"; # or disable verification $smtp = Net::POP3->new( 'pop.gmx.de' ); # should succeed $ok = $smtp->starttls( SSL_verify_mode => 0 ); print $ok ? "ok\n" : "not ok # smtp starttls pop.gmx.de\n"; sub diag { #print STDERR "@_\n" } Net-SSLGlue-1.04/t/external/03_lwp.t0000644000175100017520000000340011126706704015550 0ustar workwork use strict; use warnings; BEGIN { eval "use LWP"; if ( $@ ) { print "1..0 # no LWP\n"; exit } } use Net::SSLGlue::LWP; use LWP::Simple; my $capath = '/etc/ssl/certs/'; # unix? -d $capath or do { print "1..0 # cannot find system CA-path\n"; exit }; Net::SSLGlue::LWP->import( SSL_ca_path => $capath ); # # first check everything directly with IO::Socket::SSL # # signin.ebay.de has a certificate, which is for signin.ebay.com # but where signin.ebay.de is a subjectAltName IO::Socket::SSL->new( PeerAddr => 'signin.ebay.de:443', SSL_ca_path => $capath, SSL_verify_mode => 1, SSL_verifycn_scheme => 'http' ) or do { print "1..0 # ssl connect signin.ebay.de failed\n"; exit }; # www.fedora.org has a certificate which has nothing in common # with the hostname my $sock = IO::Socket::INET->new( 'www.fedora.org:443' ) or do { print "1..0 # connect to www.fedora.org failed\n"; exit }; IO::Socket::SSL->start_SSL( $sock, SSL_ca_path => $capath, SSL_verify_mode => 1, SSL_verifycn_scheme => 'http' ) and do { print "1..0 # certificate for www.fedora.org unexpectly correct\n"; exit }; # # and than check, that LWP uses the same checks # print "1..3\n"; # signin.ebay.de -> should succeed my $content = get( 'https://signin.ebay.de' ); print $content ? "ok\n": "not ok # lwp connect signin.ebay.de: $@\n"; # www.fedora.org -> should fail $content = get( 'https://www.fedora.org' ); print $content ? "not ok # lwp ssl connect www.fedora.org should fail\n": "ok\n"; # www.fedora.org -> should succeed if verify mode is 0 { local %Net::SSLGlue::LWP::SSLopts = %Net::SSLGlue::LWP::SSLopts; $Net::SSLGlue::LWP::SSLopts{SSL_verify_mode} = 0; $content = get( 'https://www.fedora.org' ); print $content ? "ok\n": "not ok # lwp ssl www.fedora.org w/o ssl verify\n"; } Net-SSLGlue-1.04/t/external/02_smtp.t0000644000175100017520000000426211707457011015736 0ustar workwork use strict; use warnings; BEGIN { eval "use Net::SMTP"; if ( $@ ) { print "1..0 # no Net::SMTP\n"; exit } } use Net::SSLGlue::SMTP; my $capath = '/etc/ssl/certs/'; # unix? -d $capath or do { print "1..0 # cannot find system CA-path\n"; exit }; # first try to connect w/o smtp # plain diag( "connect inet to mail.gmx.net:25" ); IO::Socket::INET->new( 'mail.gmx.net:25' ) or do { print "1..0 # mail.gmx.net:25 not reachable\n"; exit }; # ssl to the right host diag( "connect ssl to mail.gmx.net:465" ); IO::Socket::SSL->new( PeerAddr => 'mail.gmx.net:465', SSL_ca_path => $capath, SSL_verify_mode => 1, SSL_verifycn_scheme => 'smtp' ) or do { print "1..0 # mail.gmx.net:465 not reachable with SSL\n"; exit }; # ssl to the wrong host # the certificate mail.gmx.de returns is for mail.gmx.net diag( "connect ssl to mail.gmx.de:465" ); IO::Socket::SSL->new( PeerAddr => 'mail.gmx.de:465', SSL_ca_path => $capath, SSL_verify_mode => 1, SSL_verifycn_scheme => 'smtp' ) and do { print "1..0 # mail.gmx.de:465 reachable with SSL\n"; exit }; print "1..6\n"; # first direct SSL my $smtp = Net::SMTP->new( 'mail.gmx.net', SSL => 1, SSL_ca_path => $capath, ); print $smtp ? "ok\n" : "not ok # smtp connect mail.gmx.net\n"; # then starttls $smtp = Net::SMTP->new( 'mail.gmx.net' ); my $ok = $smtp->starttls( SSL_ca_path => $capath ); print $ok ? "ok\n" : "not ok # smtp starttls mail.gmx.net\n"; # check that we can talk on connection print $smtp->quit ? "ok\n": "not ok # quit failed\n"; # against wrong host should fail $smtp = Net::SMTP->new( 'mail.gmx.de' ); # should succeed $ok = $smtp->starttls( SSL_ca_path => $capath ); print $ok ? "not ok # smtp starttls mail.gmx.de did not fail\n": "ok\n"; # but not if we specify the right SSL_verifycn_name $smtp = Net::SMTP->new( 'mail.gmx.de' ); # should succeed $ok = $smtp->starttls( SSL_ca_path => $capath, SSL_verifycn_name => 'mail.gmx.net' ); print $ok ? "ok\n" : "not ok # smtp starttls mail.gmx.de/net\n"; # or disable verification $smtp = Net::SMTP->new( 'mail.gmx.de' ); # should succeed $ok = $smtp->starttls( SSL_verify_mode => 0 ); print $ok ? "ok\n" : "not ok # smtp starttls mail.gmx.de\n"; sub diag { #print STDERR "@_\n" } Net-SSLGlue-1.04/MANIFEST0000644000175100017520000000066112176546334013340 0ustar workworklib/Net/SSLGlue.pm lib/Net/SSLGlue/LDAP.pm lib/Net/SSLGlue/LWP.pm lib/Net/SSLGlue/SMTP.pm lib/Net/SSLGlue/POP3.pm Makefile.PL MANIFEST This list of files t/01_load.t t/external/02_smtp.t t/external/03_lwp.t t/external/04_pop3.t TODO COPYRIGHT examples/lwp.pl examples/lwp_post.pl examples/send-ssl-mail.pl examples/send-starttls-mail.pl Changes README META.yml Module meta-data (added by MakeMaker)