Hello, Le 30.08.2013 22:58, Marc Lehmann a écrit : > On Fri, Aug 30, 2013 at 04:36:07PM +0200, Maxime Soulé > <[email protected]> wrote: >> With the attached patch, it is now possible to handle specifically >> TLSv1.1 and TLSv1.2 protocols. > Looks good, except that these options require specific versions of > Net::SSLeay. Could you find out which version is required and add it to > the docs similar to e.g.t he check_crl option? I also wonder what could > be done if these protocols are requested but the underlying Net::SSLeay > or openssl don't support it - normally I'd do best effort, but with TLS, > that's not a good approach :)
OK, I will do it and propose you that change. Net::SSLeay implements TLSv1_1 and TLSv1_2 from 1.55 and needs openssl 1.0.1 at least. If Net::SSLeay version is 1.55 and openssl version is less than 1.0.1, a runtime error occurs telling that Net::SSLeay can not autoload Net::SSLeay::CTX_tlsv1_1_new (for example). > Probably better, the code should be modified to die with an explanatory > message about Net::SSLeay or openssl being too old, depending on what > error message is currently generated. I will try to do something like this that will not obfuscate the existing code :) > >> To avoid modifying AnyEvent::TLS each time a new protocol or option >> is available in Net::SSLeay, perhaps it could be a good thing to put >> the CTX creation and $op initialisation in a special class method, so >> we can inherit from AnyEvent::TLS and just redefine this method to >> add new options or new protocols? > You can already create and request the underlying ctx object so the first > is certainly possible until the underlying implementation changes, and I > don't know what "$op" is. Sorry, $op is the options passed to Net::SSLeay::CTX_set_options in new(). I didn't see new_from_ssleay(), thanks. But it could be a good thing to initialize the CTX *and* to benefit from the CTX configuration you did in new() with various constructor options, to avoid to reinvent the wheel just to pass a "special" CTX. Perhaps doing the reverse I proposed above, creating a new (private) _init_instance() method that will be called in new() and new_from_ssleay() with their %args arguments? In this case new_from_ssleay() should accept additional arguments, in the same form as new(), but after the $ctx arg... Best regards, Max. _______________________________________________ anyevent mailing list [email protected] http://lists.schmorp.de/mailman/listinfo/anyevent
