APR::Socket SSL

APR::Socket SSL

am 02.04.2008 11:59:38 von Mike Cardwell

Hi,

I'm writing a PerlProcessConnectionHandler. It starts:

sub handler {
my $c = shift;
my $sock = $c->client_socket;

$sock is an instance of APR::Socket. The problem is that the connection
is using SSL and I need to be able to read/write the unencrypted socket
stream. If $sock was an instance of IO::Socket I could just do a
IO::Socket::SSL->start_SSL( $sock ) to handle SSL negotiation and to get
access to the unencrypted stream, but how do I do it with APR::Socket?

Also, and I'm guessing this is a big no. Is it possible to have a
PerlProcessConnectionHandler that reads the first few bytes from the
socket then decides that it doesn't want to continue so puts them back
on the stack and then hands off to the next phase for "normal" processing?

Regards,
Mike

Re: APR::Socket SSL

am 04.04.2008 08:57:01 von gozer

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB1629013ABF819A9F62B61E9
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable



Mike Cardwell wrote:
> Hi,
>=20
> I'm writing a PerlProcessConnectionHandler. It starts:
>=20
> sub handler {
> my $c =3D shift;
> my $sock =3D $c->client_socket;
>=20
> $sock is an instance of APR::Socket. The problem is that the connection=
=20
> is using SSL and I need to be able to read/write the unencrypted socket=
=20
> stream. If $sock was an instance of IO::Socket I could just do a=20
> IO::Socket::SSL->start_SSL( $sock ) to handle SSL negotiation and to ge=
t=20
> access to the unencrypted stream, but how do I do it with APR::Socket?

You can't, not that way. If there was a way to get at the underlying
native socket, you could break all filtering. What you need to do here in=
stead,
is to leave the SSL processing to mod_ssl, and stack yourself on top of i=
t somehow.

I don't see any other way around this.

> Also, and I'm guessing this is a big no. Is it possible to have a=20
> PerlProcessConnectionHandler that reads the first few bytes from the=20
> socket then decides that it doesn't want to continue so puts them back =

> on the stack and then hands off to the next phase for "normal" processi=
ng?

That, you can do with ease. You'd write an input filter, pop enough data
out of the input brigade until you can figure out what you want to do, an=
d if
you want to pass it all thru, you reinsert what you read back in the brig=
ade,
remove yourself completely from the filter chain, and pass it up.

That's should be fairly easy.

--=20
Philippe M. Chiasson GPG: F9BFE0C2480E7680 1AE53631CB32A107 88C3A5A5
http://gozer.ectoplasm.org/ m/gozer\@(apache|cpan|ectoplasm)\.org/


--------------enigB1629013ABF819A9F62B61E9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH9dE9yzKhB4jDpaURApIYAJ9PPqqvwYnMc7MJtKP7NGwfazS91QCf fUk6
pl6fzE5FFAFg2w/VeDTfgAg=
=eihl
-----END PGP SIGNATURE-----

--------------enigB1629013ABF819A9F62B61E9--