269 lines
8.1 KiB
Plaintext
269 lines
8.1 KiB
Plaintext
(This quick reference list was contributed by anton@genua.de. Thanks, --Sampo)
|
|
|
|
Net::SSLeay - useful function prototypes
|
|
|
|
|
|
#----------------------------------
|
|
# Import frequently used functions
|
|
#----------------------------------
|
|
|
|
use Net::SSLeay qw(die_now die_if_ssl_error);
|
|
|
|
$errs = die_if_ssl_error($msg);
|
|
Program dies with $msg if print_errs() was able to find and print
|
|
some errors.
|
|
$errs is 0 if no error occurred.
|
|
|
|
die_now($msg);
|
|
Program dies unconditionally! print_errs($msg) is used to print out
|
|
errors before dying.
|
|
|
|
|
|
#--------------------------
|
|
# Unsorted prototypes
|
|
#--------------------------
|
|
|
|
$count = Net::SSLeay::print_errs($msg);
|
|
Prints SSLeay-error stack with included $msg via 'warn'. Number of
|
|
printed errors is returned (->$count).
|
|
|
|
void Net::SSLeay::randomize($seed_file,$seed_string);
|
|
void Net::SSLeay::randomize();
|
|
Load random bytes from $seed_file and from string $seed_string.
|
|
Also uses $Net::SSLeay::random_device and $Net::SSLeay::how_random
|
|
(Bits!) if used without parameters.
|
|
|
|
void Net::SSLeay::RAND_seed($seed_string);
|
|
Seeds randomgenerator with $seed_string.
|
|
|
|
$bytes_read = Net::SSLeay::RAND_load_file($file_name, $how_much);
|
|
Loads $how_much bytes randomness from file $file_name.
|
|
|
|
$bytes_written = Net::SSLeay::RAND_write_file($file_name);
|
|
Writes randomness to $file_name.
|
|
|
|
void Net::SSLeay::load_error_strings();
|
|
Load SSL error messages to make error output more informative.
|
|
|
|
void Net::SSLeay::ERR_load_crypto_strings();
|
|
Load crypto-API related error messages.
|
|
|
|
void Net::SSLeay::SSLeay_add_ssl_algorithms();
|
|
Add support for supported ciphers.
|
|
|
|
$ctx = Net::SSLeay::CTX_new();
|
|
Creates SSL-context.
|
|
|
|
int Net::SSLeay::CTX_set_default_verify_paths($ctx);
|
|
Load default location where to find certificates to verify
|
|
remote certificates. This value is precompiled in SSLeay-Toolkit.
|
|
|
|
int Net::SSLeay::CTX_load_verify_locations($ctx, $cert_file, $cert_dir);
|
|
Set verify location. File with certificates or hashed directory.
|
|
|
|
void Net::SSLeay::CTX_set_verify($ctx, $mode , \&verify_cb);
|
|
Set mode and callback what to do with remote certificates.
|
|
$mode:
|
|
&Net::SSLeay::VERIFY_NONE
|
|
&Net::SSLeay::VERIFY_PEER
|
|
&Net::SSLeay::VERIFY_FAIL_IF_NO_PEER_CERT
|
|
&Net::SSLeay::VERIFY_CLIENT_ONCE
|
|
\&verify_cb:
|
|
$ok = verify_cb($ok,$x509_store_ctx);
|
|
Callback gets info if SSL-toolkit verified certificate ($ok)
|
|
and certificate store location.
|
|
|
|
void Net::SSLeay::CTX_set_default_passwd_cb($ctx,\&passwd_cb);
|
|
If our RSA private key is passphrase protected and this callback is
|
|
defined, then do not ask on the terminal but call the function.
|
|
\&passwd_cb:
|
|
$passwd = verify_cb($verify);
|
|
If $verify is true, then the callback is supposed to make sure
|
|
the returned password has been verified.
|
|
|
|
$bool = Net::SSLeay::CTX_use_certificate_file($ctx,$cert,$type);
|
|
$bool = Net::SSLeay::CTX_use_PrivateKey_file($ctx,$key,$type);
|
|
Functions to load cert/key from filename ($cert/$key) with filetype
|
|
$type into SSL-context.
|
|
Filetypes are:
|
|
&Net::SSLeay::FILETYPE_PEM
|
|
|
|
$ssl = Net::SSLeay::new($ctx)
|
|
Creates a SSL-session in context $ctx. Returns 0 on failure.
|
|
|
|
$bool = Net::SSLeay::use_certificate_file($ssl,$cert,$type);
|
|
$bool = Net::SSLeay::use_RSAPrivateKey_file($ssl,$key,$type);
|
|
Functions to load cert/key from filename ($cert/$key) with filetype
|
|
$type into SSL-session.
|
|
Filetypes are:
|
|
&Net::SSLeay::FILETYPE_PEM
|
|
|
|
$bool = Net::SSLeay::set_fd($ssl, fileno(S));
|
|
Connect SSL-Toolkit with TCP-connection.
|
|
$ssl SSL-Session
|
|
S open socket
|
|
$bool 0-failure 1-success
|
|
|
|
$bool = Net::SSLeay::accept($ssl);
|
|
Make SSL-handshake on hot connection. I am server!
|
|
$ssl SSL-session
|
|
$bool 0-failure 1-success
|
|
|
|
$bool = Net::SSLeay::connect($ssl);
|
|
Make SSL-handshake on hot connection. I am client!
|
|
$ssl SSL-session
|
|
$bool 0-failure 1-success
|
|
|
|
$x509 = Net::SSLeay::get_peer_certificate($ssl);
|
|
Get X509 certificate from SSL_session.
|
|
|
|
$x509 = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx)
|
|
Extract current certificate from cert-store. Cert-store is
|
|
used in callbacks!
|
|
|
|
$asn1_utctime = Net::SSLeay::X509_get_notBefore($x509);
|
|
$asn1_utctime = Net::SSLeay::X509_get_notAfter($x509);
|
|
$x509_name = Net::SSLeay::X509_get_subject_name($x509);
|
|
$x509_name = Net::SSLeay::X509_get_issuer_name($x509);
|
|
Return information from a certificate.
|
|
|
|
$string = Net::SSLeay::P_ASN1_UTCTIME_put2string($asn1_utctime);
|
|
Convert a asn1_utctime structure to a printable string.
|
|
|
|
$string = Net::SSLeay::X509_NAME_oneline($x509_name);
|
|
Convert a x509_name structure to a printable string.
|
|
|
|
$string = Net::SSLeay::get_cipher($ssl)
|
|
Return the active cipher from SSL-session $ssl.
|
|
|
|
$string = Net::SSLeay::dump_peer_certificate($ssl)
|
|
Return Subject/Issuer from peer-certificate in printable string.
|
|
|
|
$string = Net::SSLeay::PEM_get_string_X509($x509);
|
|
Returns a printable string containing the X509 certificate PEM encoded
|
|
from $x509.
|
|
|
|
$mode = Net::SSLeay::CTX_get_verify_mode($ctx)
|
|
Return verify-mode previously set with CTX_set_verify in SSL-context.
|
|
|
|
$mode = Net::SSLeay::get_verify_mode($ssl)
|
|
Return verify-mode in SSL-session.
|
|
|
|
$written_bytes = Net::SSLeay::ssl_write_all($ssl,$string);
|
|
Write $string to SSL-session. This call returns undef if write failed.
|
|
The whole string gets written!
|
|
|
|
$written_bytes = $Net::SSLeay::write($ssl,$string);
|
|
Write $string to SSL-session. This call returns immediately. SSL maybe
|
|
wrote the string not completely - check yourself or use ssl_write_all!
|
|
|
|
$string = Net::SSLeay::ssl_read_all($ssl,$how_much);
|
|
Read everything available from the SSL-session and return it. Read a
|
|
maximum of $how_much Bytes (default: 2000000000).
|
|
|
|
$string = Net::SSLeay::read($ssl);
|
|
Read one bunch of data from the SSL-session and return.
|
|
|
|
void Net::SSLeay::free ($ssl);
|
|
Free ressources from the SSL-session.
|
|
|
|
void Net::SSLeay::CTX_free ($ctx);
|
|
Free ressources from the SSL-context.
|
|
|
|
|
|
#----------------------
|
|
# MD5 - hashfunction
|
|
#----------------------
|
|
|
|
$hash = Net::SSLeay:MD5($data);
|
|
Computes md5 hash over $data. $hash is a binary string! Convert it to
|
|
a printable with $string = unpack("H32",Net::SSLeay::MD5($data));
|
|
|
|
|
|
#----------------------
|
|
# TCP-Connection hints
|
|
#----------------------
|
|
|
|
# Make socket unbuffered after connect succeeded.
|
|
#
|
|
select(S); $| = 1; select(STDOUT);
|
|
|
|
# Close connection by half... from client to server. This signals EOF to
|
|
# server. (Clear some buffers, too...??)
|
|
# Use this if finished with sending data to remote side.
|
|
shutdown S, 1;
|
|
|
|
# Finally close connection. Do this after reading everything availlable!
|
|
#
|
|
close S;
|
|
|
|
|
|
#------------------
|
|
# TCP Client
|
|
#------------------
|
|
|
|
# #!/usr/bin/perl -w
|
|
use strict;
|
|
use Socket;
|
|
my ($remote,$port, $iaddr, $paddr, $proto, $line);
|
|
|
|
$remote = shift || 'localhost';
|
|
$port = shift || 3000; # random port
|
|
if ($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
|
|
die "No port" unless $port;
|
|
$iaddr = inet_aton($remote) || die "no host: $remote";
|
|
$paddr = sockaddr_in($port, $iaddr);
|
|
|
|
$proto = getprotobyname('tcp');
|
|
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "socket: $!";
|
|
connect(SOCK, $paddr) || die "connect: $!";
|
|
while (defined($line = <SOCK>)) {
|
|
print $line;
|
|
}
|
|
|
|
close (SOCK) || die "close: $!";
|
|
exit;
|
|
|
|
|
|
#--------------------
|
|
# TCP Server
|
|
#--------------------
|
|
|
|
# #!/usr/bin/perl -Tw
|
|
use strict;
|
|
BEGIN { $ENV{PATH} = '/usr/ucb:/bin' }
|
|
use Socket;
|
|
use Carp;
|
|
|
|
sub logmsg { print "$0 $$: @_ at ", scalar localtime, "\n" }
|
|
|
|
my $EOL = "\015\012";
|
|
|
|
my $port = shift || 3000;
|
|
my $proto = getprotobyname('tcp');
|
|
$port = $1 if $port =~ /(\d+)/; # untaint port number
|
|
|
|
socket(Server, PF_INET, SOCK_STREAM, $proto) || die "socket: $!";
|
|
setsockopt(Server, SOL_SOCKET, SO_REUSEADDR,
|
|
pack("l", 1)) || die "setsockopt: $!";
|
|
|
|
bind(Server, sockaddr_in($port, INADDR_ANY)) || die "bind: $!";
|
|
listen(Server,SOMAXCONN) || die "listen: $!";
|
|
|
|
logmsg "server started on port $port";
|
|
|
|
my $paddr;
|
|
|
|
for ( ; $paddr = accept(Client,Server); close Client) {
|
|
my($port,$iaddr) = sockaddr_in($paddr);
|
|
my $name = gethostbyaddr($iaddr,AF_INET);
|
|
|
|
logmsg "connection from $name [",
|
|
inet_ntoa($iaddr), "]
|
|
at port $port";
|
|
|
|
print Client "Hello there, $name, it's now ",
|
|
scalar localtime, $EOL;
|
|
}
|
|
|