On Sat, Aug 21, 2004 at 07:07:51PM -0400, Dylan William Hardison wrote:
> Some changes to SslClient.pm in sslpoe:
>
> Remove reference to $socket from %Filenum_Object.
> Reason: It was keeping the tied filehandle from being DESTROYed.
>
> In the READ method: Change "die ("handshake failed");"
> to $! = 104; return undef.
> Reason: This makes POE handle it like a normal
> error. Dying allowed someone to send garbage via netcat
> and crash the program, thus adding a DoS to any server that
> uses SSL. That's not good.
>
> However, errno 104 is "Connection reset by peer", and this is a lie.
> Really the handshake failed... Perhaps some other value should be used
> for $!.
>
> Added a DESTROY method that calls CLOSE,
> as CLOSE is not called otherwise.
>
> The patch is attached.
KTHXAPPLIED!
> These changes are pretty trivial, and further
> work needs to be done on SslClient.pm to make it more robust. Also
> perhaps it should properly be named "SSLSocketWraper" or somesuch?
> The name is most confusing.
I wouldn't mind that, but I don't do enough SSL work (as in ANY) to
have a good idea what to do here. If you'd like, I'm ok with someone
adopting and developing the project a bit. Preferably someone who
uses it.
--
Rocco Caputo - http://poe.perl.org/
