You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Mike Cardwell <mo...@lists.grepular.com> on 2008/04/02 11:59:38 UTC

APR::Socket SSL

Hi,

I'm writing a PerlProcessConnectionHandler. It starts:

sub handler {
    my $c = shift;
    my $sock = $c->client_socket;

$sock is an instance of APR::Socket. The problem is that the connection 
is using SSL and I need to be able to read/write the unencrypted socket 
stream. If $sock was an instance of IO::Socket I could just do a 
IO::Socket::SSL->start_SSL( $sock ) to handle SSL negotiation and to get 
access to the unencrypted stream, but how do I do it with APR::Socket?

Also, and I'm guessing this is a big no. Is it possible to have a 
PerlProcessConnectionHandler that reads the first few bytes from the 
socket then decides that it doesn't want to continue so puts them back 
on the stack and then hands off to the next phase for "normal" processing?

Regards,
Mike

Re: APR::Socket SSL

Posted by "Philippe M. Chiasson" <go...@ectoplasm.org>.

Mike Cardwell wrote:
> Hi,
> 
> I'm writing a PerlProcessConnectionHandler. It starts:
> 
> sub handler {
>     my $c = shift;
>     my $sock = $c->client_socket;
> 
> $sock is an instance of APR::Socket. The problem is that the connection 
> is using SSL and I need to be able to read/write the unencrypted socket 
> stream. If $sock was an instance of IO::Socket I could just do a 
> IO::Socket::SSL->start_SSL( $sock ) to handle SSL negotiation and to get 
> access to the unencrypted stream, but how do I do it with APR::Socket?

You can't, not that way. If there was a way to get at the underlying
native socket, you could break all filtering. What you need to do here instead,
is to leave the SSL processing to mod_ssl, and stack yourself on top of it somehow.

I don't see any other way around this.

> Also, and I'm guessing this is a big no. Is it possible to have a 
> PerlProcessConnectionHandler that reads the first few bytes from the 
> socket then decides that it doesn't want to continue so puts them back 
> on the stack and then hands off to the next phase for "normal" processing?

That, you can do with ease. You'd write an input filter, pop enough data
out of the input brigade until you can figure out what you want to do, and if
you want to pass it all thru, you reinsert what you read back in the brigade,
remove yourself completely from the filter chain, and pass it up.

That's should be fairly easy.

-- 
Philippe M. Chiasson     GPG: F9BFE0C2480E7680 1AE53631CB32A107 88C3A5A5
http://gozer.ectoplasm.org/       m/gozer\@(apache|cpan|ectoplasm)\.org/