www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

Manpages

Manpage of IO::Socket::SSL

IO::Socket::SSL

Section: User Contributed Perl Documentation (3)
Updated: 2001-08-19
Index
Return to Main Contents
 

NAME

IO::Socket::SSL - a SSL socket interface class  

SYNOPSIS

use IO::Socket::SSL;  

DESCRIPTION

IO::Socket::SSL is a class implementing an object oriented interface to SSL sockets. The class is a descendent of IO::Socket::INET and provides a subset of the base class's interface methods as well as SSL specific methods.  

SUPPORTED INTERFACE

The following methods from the IO::Socket::INET interface are supported, unimplemented and unsupported respectively:
supported methods
IO::Socket::INET interface: new, close, fileno, opened, flush, socket, socketpair, bind, listen, peername, sockname, timeout, sockopt, sockdomain, socktype, protocol, sockaddr, sockport, sockhost, peeraddr, peerport, peerhost, sysread, syswrite, read, write, DESTROY, accept, connect, print, printf;

others: context_init, get_cipher, get_peer_certificate;

unimplemented methods
getline, getlines, fdopen, untaint, error, clearerr, send, recv;
unsupported methods
getc, eof, truncate, stat, ungetc, setbuf, setvbuf, <$fh>.
 

CLASS VARIABLES

IO::Socket::SSL::DEBUG
 

METHODS

 

context_init ( [ARGS] )

This class method is used for initializing and setting the global SSL settings. The following following arguments are supported:
SSL_server
This option must be used when a SSL_Context is explicitly created for server contexts.
SSL_use_cert
With server sockets a server certificate is always used. For client sockets certificate use is optional. This attribute is set to true if a certificate is to be used.
SSL_verify_mode
Type of verification process which is to be performed upon a peer certificate. This can be a combination of 0x00 (don't verify), 0x01 (verify peer), 0x02 (fail verification if there's no peer certificate), and 0x04 (verify client once). Default: verify peer.
SSL_key_file
Filename of the PEM encoded private key file. Default: ``certs/server-key.pem'' or ``certs/client-key.pem''.
SSL_cert_file
Filename of the PEM encoded certificate file. Default: ``certs/server-cert.pem'' or ``certs/client-cert.pem''.
SSL_ca_path
Pathname to the Certicate Authority certificate directory. If server or client certificates are to be verified the trusted CA certificates have to reside in this directory. The CA certificate filename that is used for finding the certificate is a hash value generated from the certificate with a .<serial number> suffix appended to it. The hash value can be obtained with the command line: ssleay x509 -hash < ca-cert.pem.
SSL_ca_file
Filename of the CA certificate.
 

new ( [ARGS] )

See IO::Socket::INET constructor's documentation for details. The following additional per connection SSL options are supported:
SSL_verify_mode
See above.
SSL_cipher_list
A list of allowed ciphers. The list is in string form. See http://www.modssl.org/docs/2.3/ssl_reference.html#ToC9.
 

get_cipher

Get a string representation of the used cipher.  

get_peer_certificate

Obtain a reference to the X509_Certificate object representing peer's certificate.  

RELATED CLASSES

These are internal classes with which the IO::Socket::SSL API user usually doesn't have to be concerned with.  

SSL_Context

Encapsulates global SSL options.  

METHODS

new ( [ARGS] )
See context_init arguments.
DESTROY
 

SSL_SSL

Encapsulates per connection SSL options.  

METHODS

new ( [ARGS] )
DESTROY
 

X509_Certificate

Encapsulates X509 certificate information.  

METHODS

subject_name
Returns a stringified representation of subject's name.
issuer_name
Returns a stringified representation of issuer's name.
 

EXAMPLES

See demo and t directories.  

RESTRICTIONS

Currently, the IO::Socket::INET interface as implemented by this package is not quite complete. There can be only one SSL context at a given time.  

SEE ALSO

IO::Socket::INET.  

ACKNOWLEDGEMENTS

This package has benefited from the work and help of Gisle Aas and Sampo Kellomäki.  

COPYRIGHT

Copyright 1999, Marko Asplund

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

 

Index

NAME
SYNOPSIS
DESCRIPTION
SUPPORTED INTERFACE
CLASS VARIABLES
METHODS
context_init ( [ARGS] )
new ( [ARGS] )
get_cipher
get_peer_certificate
RELATED CLASSES
SSL_Context
METHODS
SSL_SSL
METHODS
X509_Certificate
METHODS
EXAMPLES
RESTRICTIONS
SEE ALSO
ACKNOWLEDGEMENTS
COPYRIGHT
This document was created by man2html, using the manual pages.
Time: 18:25:01 GMT, April 18, 2024