- SUPPORTED INTERFACE
- CLASS VARIABLES
- RELATED CLASSES
- SEE ALSO
IO::Socket::SSL - a SSL socket interface class
IO::Socket::SSL is a class implementing an object oriented interface to SSL sockets. The class is a descendent of IO::Socket::INET and provides a subset of the base class's interface methods as well as SSL specific methods.
The following methods from the IO::Socket::INET interface are supported, unimplemented and unsupported respectively:
- supported methods
IO::Socket::INET interface: new, close, fileno, opened, flush, socket, socketpair, bind, listen, peername, sockname, timeout, sockopt, sockdomain, socktype, protocol, sockaddr, sockport, sockhost, peeraddr, peerport, peerhost, sysread, syswrite, read, write, DESTROY, accept, connect, print, printf;
others: context_init, get_cipher, get_peer_certificate;
- unimplemented methods
getline, getlines, fdopen, untaint, error, clearerr, send, recv;
- unsupported methods
getc, eof, truncate, stat, ungetc, setbuf, setvbuf, <$fh>.
This class method is used for initializing and setting the global SSL settings. The following following arguments are supported:
This option must be used when a SSL_Context is explicitly created for server contexts.
With server sockets a server certificate is always used. For client sockets certificate use is optional. This attribute is set to true if a certificate is to be used.
Type of verification process which is to be performed upon a peer certificate. This can be a combination of 0x00 (don't verify), 0x01 (verify peer), 0x02 (fail verification if there's no peer certificate), and 0x04 (verify client once). Default: verify peer.
Filename of the PEM encoded private key file. Default: "certs/server-key.pem" or "certs/client-key.pem".
Filename of the PEM encoded certificate file. Default: "certs/server-cert.pem" or "certs/client-cert.pem".
Pathname to the Certicate Authority certificate directory. If server or client certificates are to be verified the trusted CA certificates have to reside in this directory. The CA certificate filename that is used for finding the certificate is a hash value generated from the certificate with a .<serial number> suffix appended to it. The hash value can be obtained with the command line: ssleay x509 -hash < ca-cert.pem.
Filename of the CA certificate.
See IO::Socket::INET constructor's documentation for details. The following additional per connection SSL options are supported:
A list of allowed ciphers. The list is in string form. See http://www.modssl.org/docs/2.3/ssl_reference.html#ToC9.
Get a string representation of the used cipher.
Obtain a reference to the X509_Certificate object representing peer's certificate.
These are internal classes with which the IO::Socket::SSL API user usually doesn't have to be concerned with.
Encapsulates global SSL options.
Encapsulates per connection SSL options.
Encapsulates X509 certificate information.
Returns a stringified representation of subject's name.
Returns a stringified representation of issuer's name.
See demo and t directories.
Currently, the IO::Socket::INET interface as implemented by this package is not quite complete. There can be only one SSL context at a given time.
This package has benefited from the work and help of Gisle Aas and Sampo Kellomäki.
Copyright 1999, Marko Asplund
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
1 POD Error
The following errors were encountered while parsing the POD:
- Around line 1093:
Non-ASCII character seen before =encoding in 'Kellomäki.'. Assuming ISO8859-1