Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
IO::Socket::SSL 2.0 is much more secure
  • Loading branch information
kraih committed Feb 12, 2015
1 parent 12a8239 commit 7035c8c
Show file tree
Hide file tree
Showing 15 changed files with 20 additions and 18 deletions.
2 changes: 2 additions & 0 deletions Changes
Expand Up @@ -2,6 +2,8 @@
5.78 2015-02-12
- Replaced expires method in Mojo::Cookie::Response with an attribute.
- Added split_cookie_header function to Mojo::Util.
- Updated IO::Socket::SSL requirement to 2.0 for some important security
improvements.
- Relaxed RFC 822/1123 and RFC 850/1036 handling in Mojo::Date.
- Improved Mojo::Reactor::Poll performance significantly.
- Improved text method in Mojo::Message to use default_charset as well.
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojo/IOLoop.pm
Expand Up @@ -328,7 +328,7 @@ is loaded.
For better scalability (epoll, kqueue) and to provide non-blocking name
resolution, SOCKS5 as well as TLS support, the optional modules L<EV> (4.0+),
L<Net::DNS::Native> (0.15+), L<IO::Socket::Socks> (0.64+) and
L<IO::Socket::SSL> (1.84+) will be used automatically if possible. Individual
L<IO::Socket::SSL> (2.0+) will be used automatically if possible. Individual
features can also be disabled with the C<MOJO_NO_NDN>, C<MOJO_NO_SOCKS> and
C<MOJO_NO_TLS> environment variables.
Expand Down
6 changes: 3 additions & 3 deletions lib/Mojo/IOLoop/Client.pm
Expand Up @@ -16,7 +16,7 @@ my $NDN = NDN ? Net::DNS::Native->new(pool => 5, extra_thread => 1) : undef;
# TLS support requires IO::Socket::SSL
use constant TLS => $ENV{MOJO_NO_TLS}
? 0
: eval 'use IO::Socket::SSL 1.84 (); 1';
: eval 'use IO::Socket::SSL 2.0 (); 1';
use constant TLS_READ => TLS ? IO::Socket::SSL::SSL_WANT_READ() : 0;
use constant TLS_WRITE => TLS ? IO::Socket::SSL::SSL_WANT_WRITE() : 0;

Expand Down Expand Up @@ -164,7 +164,7 @@ sub _try_tls {
my $handle = $self->{handle};
return $self->_cleanup->emit(connect => $handle)
if !$args->{tls} || $handle->isa('IO::Socket::SSL');
return $self->emit(error => 'IO::Socket::SSL 1.84 required for TLS support')
return $self->emit(error => 'IO::Socket::SSL 2.0 required for TLS support')
unless TLS;

# Upgrade
Expand Down Expand Up @@ -265,7 +265,7 @@ implements the following new ones.
Open a socket connection to a remote host. Note that non-blocking name
resolution depends on L<Net::DNS::Native> (0.15+), SOCKS5 support on
L<IO::Socket::Socks> (0.64), and TLS support on L<IO::Socket::SSL> (1.84+).
L<IO::Socket::Socks> (0.64), and TLS support on L<IO::Socket::SSL> (2.0+).
These options are currently available:
Expand Down
6 changes: 3 additions & 3 deletions lib/Mojo/IOLoop/Server.pm
Expand Up @@ -12,7 +12,7 @@ use Socket qw(IPPROTO_TCP TCP_NODELAY);
# TLS support requires IO::Socket::SSL
use constant TLS => $ENV{MOJO_NO_TLS}
? 0
: eval 'use IO::Socket::SSL 1.84 (); 1';
: eval 'use IO::Socket::SSL 2.0 (); 1';
use constant TLS_READ => TLS ? IO::Socket::SSL::SSL_WANT_READ() : 0;
use constant TLS_WRITE => TLS ? IO::Socket::SSL::SSL_WANT_WRITE() : 0;

Expand Down Expand Up @@ -79,7 +79,7 @@ sub listen {
$self->{handle} = $handle;

return unless $args->{tls};
croak "IO::Socket::SSL 1.84 required for TLS support" unless TLS;
croak "IO::Socket::SSL 2.0 required for TLS support" unless TLS;

weaken $self;
my $tls = $self->{tls} = {
Expand Down Expand Up @@ -234,7 +234,7 @@ Get handle for server.
$server->listen(port => 3000);
Create a new listen socket. Note that TLS support depends on
L<IO::Socket::SSL> (1.84+).
L<IO::Socket::SSL> (2.0+).
These options are currently available:
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojo/Server/Daemon.pm
Expand Up @@ -270,7 +270,7 @@ and multiple event loop support.
For better scalability (epoll, kqueue) and to provide non-blocking name
resolution, SOCKS5 as well as TLS support, the optional modules L<EV> (4.0+),
L<Net::DNS::Native> (0.15+), L<IO::Socket::Socks> (0.64+) and
L<IO::Socket::SSL> (1.84+) will be used automatically if possible. Individual
L<IO::Socket::SSL> (2.0+) will be used automatically if possible. Individual
features can also be disabled with the C<MOJO_NO_NDN>, C<MOJO_NO_SOCKS> and
C<MOJO_NO_TLS> environment variables.
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojo/Server/Hypnotoad.pm
Expand Up @@ -177,7 +177,7 @@ file with it, and send a L</"USR2"> signal to the already running server.
For better scalability (epoll, kqueue) and to provide non-blocking name
resolution, SOCKS5 as well as TLS support, the optional modules L<EV> (4.0+),
L<Net::DNS::Native> (0.15+), L<IO::Socket::Socks> (0.64+) and
L<IO::Socket::SSL> (1.84+) will be used automatically if possible. Individual
L<IO::Socket::SSL> (2.0+) will be used automatically if possible. Individual
features can also be disabled with the C<MOJO_NO_NDN>, C<MOJO_NO_SOCKS> and
C<MOJO_NO_TLS> environment variables.
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojo/Server/Morbo.pm
Expand Up @@ -132,7 +132,7 @@ To start applications with it you can use the L<morbo> script.
For better scalability (epoll, kqueue) and to provide non-blocking name
resolution, SOCKS5 as well as TLS support, the optional modules L<EV> (4.0+),
L<Net::DNS::Native> (0.15+), L<IO::Socket::Socks> (0.64+) and
L<IO::Socket::SSL> (1.84+) will be used automatically if possible. Individual
L<IO::Socket::SSL> (2.0+) will be used automatically if possible. Individual
features can also be disabled with the C<MOJO_NO_NDN>, C<MOJO_NO_SOCKS> and
C<MOJO_NO_TLS> environment variables.
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojo/UserAgent.pm
Expand Up @@ -445,7 +445,7 @@ safely.
For better scalability (epoll, kqueue) and to provide non-blocking name
resolution, SOCKS5 as well as TLS support, the optional modules L<EV> (4.0+),
L<Net::DNS::Native> (0.15+), L<IO::Socket::Socks> (0.64+) and
L<IO::Socket::SSL> (1.84+) will be used automatically if possible. Individual
L<IO::Socket::SSL> (2.0+) will be used automatically if possible. Individual
features can also be disabled with the C<MOJO_NO_NDN>, C<MOJO_NO_SOCKS> and
C<MOJO_NO_TLS> environment variables.
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojolicious/Command/version.pm
Expand Up @@ -25,7 +25,7 @@ CORE
OPTIONAL
EV 4.0+ ($ev)
IO::Socket::Socks 0.64+ ($socks)
IO::Socket::SSL 1.84+ ($tls)
IO::Socket::SSL 2.0+ ($tls)
Net::DNS::Native 0.15+ ($ndn)
EOF
Expand Down
2 changes: 1 addition & 1 deletion t/mojo/ioloop_tls.t
Expand Up @@ -7,7 +7,7 @@ use Mojo::IOLoop::Server;

plan skip_all => 'set TEST_TLS to enable this test (developer only!)'
unless $ENV{TEST_TLS};
plan skip_all => 'IO::Socket::SSL 1.84 required for this test!'
plan skip_all => 'IO::Socket::SSL 2.0 required for this test!'
unless Mojo::IOLoop::Server::TLS;

# To regenerate all required certificates run these commands (12.12.2014)
Expand Down
2 changes: 1 addition & 1 deletion t/mojo/user_agent_online.t
Expand Up @@ -10,7 +10,7 @@ use Mojo::IOLoop::Server;

plan skip_all => 'set TEST_ONLINE to enable this test (developer only!)'
unless $ENV{TEST_ONLINE};
plan skip_all => 'IO::Socket::SSL 1.84 required for this test!'
plan skip_all => 'IO::Socket::SSL 2.0 required for this test!'
unless Mojo::IOLoop::Server::TLS;

use IO::Socket::INET;
Expand Down
2 changes: 1 addition & 1 deletion t/mojo/user_agent_socks.t
Expand Up @@ -9,7 +9,7 @@ plan skip_all => 'set TEST_SOCKS to enable this test (developer only!)'
unless $ENV{TEST_SOCKS};
plan skip_all => 'IO::Socket::Socks 0.64 required for this test!'
unless Mojo::IOLoop::Client::SOCKS;
plan skip_all => 'IO::Socket::SSL 1.84 required for this test!'
plan skip_all => 'IO::Socket::SSL 2.0 required for this test!'
unless Mojo::IOLoop::Server::TLS;

use Mojo::IOLoop;
Expand Down
2 changes: 1 addition & 1 deletion t/mojo/user_agent_tls.t
Expand Up @@ -7,7 +7,7 @@ use Mojo::IOLoop::Server;

plan skip_all => 'set TEST_TLS to enable this test (developer only!)'
unless $ENV{TEST_TLS};
plan skip_all => 'IO::Socket::SSL 1.84 required for this test!'
plan skip_all => 'IO::Socket::SSL 2.0 required for this test!'
unless Mojo::IOLoop::Server::TLS;

use Mojo::IOLoop;
Expand Down
2 changes: 1 addition & 1 deletion t/mojo/websocket_proxy_tls.t
Expand Up @@ -7,7 +7,7 @@ use Mojo::IOLoop::Server;

plan skip_all => 'set TEST_TLS to enable this test (developer only!)'
unless $ENV{TEST_TLS};
plan skip_all => 'IO::Socket::SSL 1.84 required for this test!'
plan skip_all => 'IO::Socket::SSL 2.0 required for this test!'
unless Mojo::IOLoop::Server::TLS;

use Mojo::IOLoop;
Expand Down
2 changes: 1 addition & 1 deletion t/mojolicious/tls_lite_app.t
Expand Up @@ -7,7 +7,7 @@ use Mojo::IOLoop::Server;

plan skip_all => 'set TEST_TLS to enable this test (developer only!)'
unless $ENV{TEST_TLS};
plan skip_all => 'IO::Socket::SSL 1.84 required for this test!'
plan skip_all => 'IO::Socket::SSL 2.0 required for this test!'
unless Mojo::IOLoop::Server::TLS;

use Mojo::IOLoop;
Expand Down

0 comments on commit 7035c8c

Please sign in to comment.