++ed by:
VSESPB CRUX JETEVE DAGOLDEN MICHIELB

20 PAUSE user(s)
3 non-PAUSE user(s).

Marko Asplund

NAME

IO::Socket::SSL - a SSL socket interface class

SYNOPSIS

use IO::Socket::SSL;

DESCRIPTION

IO::Socket::SSL is a class implementing an object oriented interface to SSL sockets. The class is a descendent of IO::Socket::INET and provides a subset of the base class's interface methods as well as SSL specific methods.

SUPPORTED INTERFACE

The following methods from the IO::Socket::INET interface are supported, unimplemented and unsupported respectively:

supported methods

IO::Socket::INET interface: new, close, fileno, opened, flush, socket, socketpair, bind, listen, peername, sockname, timeout, sockopt, sockdomain, socktype, protocol, sockaddr, sockport, sockhost, peeraddr, peerport, peerhost, sysread, syswrite, read, write, DESTROY, accept, connect, print, printf;

others: context_init, get_cipher, get_peer_certificate;

unimplemented methods

getline, getlines, fdopen, untaint, error, clearerr, send, recv;

unsupported methods

getc, eof, truncate, stat, ungetc, setbuf, setvbuf, <$fh>.

CLASS VARIABLES

IO::Socket::SSL::DEBUG

METHODS

context_init ( [ARGS] )

This class method is used for initializing and setting the global SSL settings. The following following arguments are supported:

SSL_server

This option must be used when a SSL_Context is explicitly created for server contexts.

SSL_use_cert

With server sockets a server certificate is always used. For client sockets certificate use is optional. This attribute is set to true if a certificate is to be used.

SSL_verify_mode

Type of verification process which is to be performed upon a peer certificate. This can be a combination of 0x00 (don't verify), 0x01 (verify peer), 0x02 (fail verification if there's no peer certificate), and 0x04 (verify client once). Default: verify peer.

SSL_key_file

Filename of the PEM encoded private key file. Default: "certs/server-key.pem" or "certs/client-key.pem".

SSL_cert_file

Filename of the PEM encoded certificate file. Default: "certs/server-cert.pem" or "certs/client-cert.pem".

SSL_ca_path

Pathname to the Certicate Authority certificate directory. If server or client certificates are to be verified the trusted CA certificates have to reside in this directory. The CA certificate filename that is used for finding the certificate is a hash value generated from the certificate with a .<serial number> suffix appended to it. The hash value can be obtained with the command line: ssleay x509 -hash < ca-cert.pem.

SSL_ca_file

Filename of the CA certificate.

new ( [ARGS] )

See IO::Socket::INET constructor's documentation for details. The following additional per connection SSL options are supported:

SSL_verify_mode

See above.

SSL_cipher_list

A list of allowed ciphers. The list is in string form. See http://www.modssl.org/docs/2.3/ssl_reference.html#ToC9.

get_cipher

Get a string representation of the used cipher.

get_peer_certificate

Obtain a reference to the X509_Certificate object representing peer's certificate.

RELATED CLASSES

These are internal classes with which the IO::Socket::SSL API user usually doesn't have to be concerned with.

SSL_Context

Encapsulates global SSL options.

METHODS

new ( [ARGS] )

See context_init arguments.

DESTROY

SSL_SSL

Encapsulates per connection SSL options.

METHODS

new ( [ARGS] )
DESTROY

X509_Certificate

Encapsulates X509 certificate information.

METHODS

subject_name

Returns a stringified representation of subject's name.

issuer_name

Returns a stringified representation of issuer's name.

EXAMPLES

See demo and t directories.

RESTRICTIONS

Currently, the IO::Socket::INET interface as implemented by this package is not quite complete. There can be only one SSL context at a given time.

SEE ALSO

IO::Socket::INET.

ACKNOWLEDGEMENTS

This package has benefited from the work and help of Gisle Aas and Sampo Kellomäki.

COPYRIGHT

Copyright 1999, Marko Asplund

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 1093:

Non-ASCII character seen before =encoding in 'Kellomäki.'. Assuming ISO8859-1