Return to lonssl.pm CVS log

Up to [LON-CAPA] / loncom

- style police

    1: #
    2: # $Id: lonssl.pm,v 1.3 2004/05/26 21:45:46 albertel Exp $
    3: #
    4: # Copyright Michigan State University Board of Trustees
    5: #
    6: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    7: #
    8: # LON-CAPA is free software; you can redistribute it and/or modify
    9: # it under the terms of the GNU General Public License as published by
   10: # the Free Software Foundation; either version 2 of the License, or
   11: # (at your option) any later version.
   12: #
   13: # LON-CAPA is distributed in the hope that it will be useful,
   14: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   15: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16: # GNU General Public License for more details.
   17: #
   18: # You should have received a copy of the GNU General Public License
   19: # along with LON-CAPA; if not, write to the Free Software
   20: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   21: #
   22: # /home/httpd/html/adm/gpl.txt
   23: #
   24: # http://www.lon-capa.org/
   25: #
   26: 
   27: #  lonssl.pm
   28: #    This file contains common functions used by lond and lonc when 
   29: #    negotiating the exchange of the session encryption key via an 
   30: #    SSL tunnel.
   31: #     See the POD sections and function documentation for more information.
   32: #
   33: 
   34: use strict;
   35: use IO::Socket::INET;
   36: use IO::Socket::SSL;
   37: 
   38: 
   39: #--------------------------------------------------------------------------
   40: #
   41: # Name	PromoteClientSocket
   42: # Description	Given an ordinary IO::Socket::INET Creates an SSL socket 
   43: #               for a client that is connected to the same server.
   44: # Parameters	Name	Type	           Description
   45: #               Socket	IO::Socket::INET   Original ordinary socket.
   46: #               CACert	string	           Full path name to the certificate 
   47: #                                          authority certificate file.
   48: #                MyCert	string	           Full path name to the certificate 
   49: #                                          issued to this host.
   50: #                KeyFile string    	   Full pathname to the host's private 
   51: #                                          key file for the certificate.
   52: # Returns
   53: #	-	Reference to an SSL socket on success
   54: #       -	undef on failure.  Reason for failure can be interrogated from 
   55: #               IO::Socket::SSL
   56: 
   57: sub PromoteClientSocket {
   58:     my $PlaintextSocket    = shift;
   59:     my $CACert             = shift;
   60:     my $MyCert             = shift;
   61:     my $KeyFile            = shift;
   62: 
   63:     # To create the ssl socket we need to duplicate the existing
   64:     # socket.  Otherwise closing the ssl socket will close the plaintext socket
   65:     # too:
   66: 
   67:     open (DUPLICATE, "+>$PlaintextSocket");
   68: 
   69:     my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
   70: 					      SSL_user_cert => 1,
   71: 					      SSL_key_file  => $KeyFile,
   72: 					      SSL_cert_file => $MyCert,
   73: 					      SSL_ca_fie    => $$CACert);
   74: 
   75:     return $client;		# Undef if the client negotiation fails.
   76: }
   77: 
   78: #----------------------------------------------------------------------
   79: # Name	PromoteServerSocket
   80: # Description	Given an ordinary IO::Socket::INET Creates an SSL socket 
   81: #               for a server that is connected to the same client.l
   82: # Parameters	Name	Type	           Description
   83: #               Socket	IO::Socket::INET   Original ordinary socket.
   84: #               CACert	string	           Full path name to the certificate 
   85: #                                          authority certificate file.
   86: #                MyCert	string	           Full path name to the certificate 
   87: #                                          issued to this host.
   88: #                KeyFile string    	   Full pathname to the host's private 
   89: #                                          key file for the certificate.
   90: # Returns
   91: #	-	Reference to an SSL socket on success
   92: #       -	undef on failure.  Reason for failure can be interrogated from 
   93: #               IO::Socket::SSL
   94: sub PromoteServerSocket {
   95:     my $PlaintextSocket    = shift;
   96:     my $CACert             = shift;
   97:     my $MyCert             = shift;
   98:     my $KeyFile            = shift;
   99: 
  100: 
  101:     # To create the ssl socket we need to duplicate the existing
  102:     # socket.  Otherwise closing the ssl socket will close the plaintext socket
  103:     # too:
  104: 
  105:     open (DUPLICATE, "+>$PlaintextSocket");
  106: 
  107:     my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
  108: 					      SSL_server    => 1, # Server role.
  109: 					      SSL_user_cert => 1,
  110: 					      SSL_key_file  => $KeyFile,
  111: 					      SSL_cert_file => $MyCert,
  112: 					      SSL_ca_fie    => $$CACert);
  113:     return $client;
  114: }
  115: 
  116: #-------------------------------------------------------------------------
  117: #
  118: # Name: Close
  119: # Description: Properly closes an ssl client or ssl server socket in
  120: #              a way that keeps the parent socket open.
  121: # Parameters:  Name      Type            Description
  122: #              Socket   IO::Socket::SSL  SSL Socket gotten from either
  123: #                                        PromoteClientSocket or 
  124: #                                        PromoteServerSocket
  125: # Returns:
  126: #   NONE
  127: #
  128: sub Close {
  129:     my $Socket = shift;
  130: 
  131:     $Socket->close(SSL_no_shutdown =>1); # Otherwise the parent socket 
  132:                                          # gets torn down.
  133: }
  134: