source: main/trunk/greenstone2/perllib/cpan/LWP/Protocol/https10.pm@ 27183

package LWP::Protocol::https10;

use strict;

# Figure out which SSL implementation to use
use vars qw($SSL_CLASS);
if ($Net::SSL::VERSION) {
    $SSL_CLASS = "Net::SSL";
}
elsif ($IO::Socket::SSL::VERSION) {
    $SSL_CLASS = "IO::Socket::SSL"; # it was already loaded
}
else {
    eval { require Net::SSL; };     # from Crypt-SSLeay
    if ($@) {
    require IO::Socket::SSL;
    $SSL_CLASS = "IO::Socket::SSL";
    }
    else {
    $SSL_CLASS = "Net::SSL";
    }
}


use vars qw(@ISA);

require LWP::Protocol::http10;
@ISA=qw(LWP::Protocol::http10);

sub _new_socket
{
    my($self, $host, $port, $timeout) = @_;
    local($^W) = 0;  # IO::Socket::INET can be noisy
    my $sock = $SSL_CLASS->new(PeerAddr => $host,
                   PeerPort => $port,
                   Proto    => 'tcp',
                   Timeout  => $timeout,
                  );
    unless ($sock) {
    # IO::Socket::INET leaves additional error messages in $@
    $@ =~ s/^.*?: //;
    die "Can't connect to $host:$port ($@)";
    }
    $sock;
}

sub _check_sock
{
    my($self, $req, $sock) = @_;
    my $check = $req->header("If-SSL-Cert-Subject");
    if (defined $check) {
    my $cert = $sock->get_peer_certificate ||
        die "Missing SSL certificate";
    my $subject = $cert->subject_name;
    die "Bad SSL certificate subject: '$subject' !~ /$check/"
        unless $subject =~ /$check/;
    $req->remove_header("If-SSL-Cert-Subject");  # don't pass it on
    }
}

sub _get_sock_info
{
    my $self = shift;
    $self->SUPER::_get_sock_info(@_);
    my($res, $sock) = @_;
    $res->header("Client-SSL-Cipher" => $sock->get_cipher);
    my $cert = $sock->get_peer_certificate;
    if ($cert) {
    $res->header("Client-SSL-Cert-Subject" => $cert->subject_name);
    $res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name);
    }
    $res->header("Client-SSL-Warning" => "Peer certificate not verified");
}

1;