Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re: HTTP::Daemon and SSL

by rjray (Chaplain)
on Jul 07, 2002 at 07:34 UTC ( #179946=note: print w/replies, xml ) Need Help??

in reply to HTTP::Daemon and SSL

According to the manual page for HTTP::Daemon it uses a IO::Socket::INET object that gets blessed into the daemon class. I looked at the code, and aside from force-setting Listen and Proto arguments before handing off to the parent class' constructor, this is the case.

According to the manual page for IO::Socket::SSL, it too is an almost straight sub-class of IO::Socket::INET. Thus, it should in theory be possible to create an object of the IO::Socket::SSL class, bless it into HTTP::Daemon manually, and use it as an ordinary daemon object. I say in theory because the SSL class manpage warns that it doesn't have the full set of methods provided for just yet, so if the HTTP::Daemon class happens to try to use one of the few that aren't available, chaos may well ensue. But it is certainly worth a try.

I myself would be interested to hear about your results, as I've been meaning to try my RPC::XML::Server class out with SSL underneath.


Replies are listed 'Best First'.
Re: Re: HTTP::Daemon and SSL
by steves (Curate) on Jul 08, 2002 at 08:39 UTC

    Well I made some progress based on these suggestions. What I did so far is this:

    • Copied HTTP::Daemon and modified it as rob_au suggested to make an SSL version;
    • Used that base to create an SSL proxy in addition to the existing HTTP proxy I already had. This was done by subclassing the proxy class I already had and overriding the creation of the daemon with the SSL version;
    • Created a server certificate. This is where most of the time went. Creation of server certificates was a bit new to me and not really clearly documented in the OpenSSL docs.

    At this point I had two proxy server classes: one for HTTP and one for SSL. I built two stub servers using those and fired them up. The results so far are that I can connect to the SSL proxy fine and it's able to see the HTTP traffic going back and forth if I send it the requests explicitly. But I can't get the server to be used as a true proxy by setting it in the browser. When I do that, OpenSSL complains when it sees the clear text CONNECT request, spitting out this proxy error with DEBUG on:

    error message: 'SSL_accept: 'error:1407609B:SSL routines:SSL23_GET_CLI +ENT_HELLO:https proxy request
    So it looks like OpenSSL wants some special set up for proxies I'm not seeing just yet ... either that or it explicitly prohibits them.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://179946]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2022-05-25 01:28 GMT
Find Nodes?
    Voting Booth?
    Do you prefer to work remotely?

    Results (84 votes). Check out past polls.