Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: HTTP::Daemon and SSL

by rjray (Chaplain)
on Jul 07, 2002 at 07:34 UTC ( [id://179946]=note: print w/replies, xml ) Need Help??


in reply to HTTP::Daemon and SSL

According to the manual page for HTTP::Daemon it uses a IO::Socket::INET object that gets blessed into the daemon class. I looked at the code, and aside from force-setting Listen and Proto arguments before handing off to the parent class' constructor, this is the case.

According to the manual page for IO::Socket::SSL, it too is an almost straight sub-class of IO::Socket::INET. Thus, it should in theory be possible to create an object of the IO::Socket::SSL class, bless it into HTTP::Daemon manually, and use it as an ordinary daemon object. I say in theory because the SSL class manpage warns that it doesn't have the full set of methods provided for just yet, so if the HTTP::Daemon class happens to try to use one of the few that aren't available, chaos may well ensue. But it is certainly worth a try.

I myself would be interested to hear about your results, as I've been meaning to try my RPC::XML::Server class out with SSL underneath.

--rjray

Replies are listed 'Best First'.
Re: Re: HTTP::Daemon and SSL
by steves (Curate) on Jul 08, 2002 at 08:39 UTC

    Well I made some progress based on these suggestions. What I did so far is this:

    • Copied HTTP::Daemon and modified it as rob_au suggested to make an SSL version;
    • Used that base to create an SSL proxy in addition to the existing HTTP proxy I already had. This was done by subclassing the proxy class I already had and overriding the creation of the daemon with the SSL version;
    • Created a server certificate. This is where most of the time went. Creation of server certificates was a bit new to me and not really clearly documented in the OpenSSL docs.

    At this point I had two proxy server classes: one for HTTP and one for SSL. I built two stub servers using those and fired them up. The results so far are that I can connect to the SSL proxy fine and it's able to see the HTTP traffic going back and forth if I send it the requests explicitly. But I can't get the server to be used as a true proxy by setting it in the browser. When I do that, OpenSSL complains when it sees the clear text CONNECT request, spitting out this proxy error with DEBUG on: 

    error message: 'SSL_accept: 'error:1407609B:SSL routines:SSL23_GET_CLI
+ENT_HELLO:https proxy request

    [download]
    So it looks like OpenSSL wants some special set up for proxies I'm not seeing just yet ... either that or it explicitly prohibits them.
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://179946]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (10)
As of 2024-04-16 08:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found