[Home]POPFile/IncomingSSL

Amatubu_Wiki | POPFile | RecentChanges | Preferences

SSL 接続の受け入れ

POPFile の POP3 プロキシと UI に対して SSL 接続を受け入れる

とりあえずパッチ

cvs diff: Diffing UI
Index: UI/HTML.pm
===================================================================
RCS file: /cvsroot/popfile/engine/UI/HTML.pm,v
retrieving revision 1.391
diff -u -r1.391 HTML.pm
--- UI/HTML.pm  18 Apr 2008 12:41:49 -0000      1.391
+++ UI/HTML.pm  22 Apr 2008 12:41:02 -0000
@@ -167,6 +167,10 @@
 
     $self->config_( 'allow_javascript', 1 );
 
+    # Use incomming SSL connections
+
+    $self->config_( 'incoming_ssl', 0 );
+
     # Load skins
 
     $self->load_skins__();
Index: UI/HTTP.pm
===================================================================
RCS file: /cvsroot/popfile/engine/UI/HTTP.pm,v
retrieving revision 1.40
diff -u -r1.40 HTTP.pm
--- UI/HTTP.pm  17 Apr 2008 15:13:05 -0000      1.40
+++ UI/HTTP.pm  22 Apr 2008 12:41:02 -0000
@@ -72,11 +72,20 @@
 {
     my ( $self ) = @_;
 
-    $self->{server_} = IO::Socket::INET->new( Proto     => 'tcp',             # PROFILE BLOCK START
-                                    $self->config_( 'local' )  == 1 ? (LocalAddr => 'localhost') : (),
-                                     LocalPort => $self->config_( 'port' ),
-                                     Listen    => SOMAXCONN,
-                                     Reuse     => 1 );                        # PROFILE BLOCK STOP
+    if ( $self->config_( 'incoming_ssl' ) ) {
+        require IO::Socket::SSL;
+        $self->{server_} = IO::Socket::SSL->new( Proto     => 'tcp',             # PROFILE BLOCK START
+                                        $self->config_( 'local' )  == 1 ? (LocalAddr => 'localhost') : (),
+                                         LocalPort => $self->config_( 'port' ),
+                                         Listen    => SOMAXCONN,
+                                         Reuse     => 1 );                        # PROFILE BLOCK STOP
+    } else {
+        $self->{server_} = IO::Socket::INET->new( Proto     => 'tcp',             # PROFILE BLOCK START
+                                        $self->config_( 'local' )  == 1 ? (LocalAddr => 'localhost') : (),
+                                         LocalPort => $self->config_( 'port' ),
+                                         Listen    => SOMAXCONN,
+                                         Reuse     => 1 );                        # PROFILE BLOCK STOP
+    }
 
     if ( !defined( $self->{server_} ) ) {
         my $port = $self->config_( 'port' );

cvs diff: Diffing Proxy
Index: Proxy/POP3.pm
===================================================================
RCS file: /cvsroot/popfile/engine/Proxy/POP3.pm,v
retrieving revision 1.122
diff -u -r1.122 POP3.pm
--- Proxy/POP3.pm       18 Apr 2008 12:48:52 -0000      1.122
+++ Proxy/POP3.pm       22 Apr 2008 12:41:55 -0000
@@ -108,6 +108,9 @@
     $self->config_( 'welcome_string',
         "POP3 POPFile ($self->{version_}) server ready" );
 
+    # Use incoming SSL connections
+    $self->config_( 'incoming_ssl', 0 );
+
     return $self->SUPER::initialize();
 }
 
Index: Proxy/Proxy.pm
===================================================================
RCS file: /cvsroot/popfile/engine/Proxy/Proxy.pm,v
retrieving revision 1.65
diff -u -r1.65 Proxy.pm
--- Proxy/Proxy.pm      16 Nov 2006 19:12:51 -0000      1.65
+++ Proxy/Proxy.pm      22 Apr 2008 12:41:55 -0000
@@ -122,11 +122,22 @@
 
     # Open the socket used to receive request for proxy service
 
-    $self->{server__} = IO::Socket::INET->new( Proto     => 'tcp', # PROFILE BLOCK START
+    if ( $self->config_( 'incoming_ssl' ) ) {
+        require IO::Socket::SSL;
+        $IO::Socket::SSL::DEBUG = 4;
+        $Net::SSLeay::trace = 3;
+        $self->{server__} = IO::Socket::SSL->new( Proto     => 'tcp', # PROFILE BLOCK START
                                     ($self->config_( 'local' ) || 0) == 1 ? (LocalAddr => 'localhost') : (),
                                     LocalPort => $self->config_( 'port' ),
                                     Listen    => SOMAXCONN,
                                     Reuse     => 1 ); # PROFILE BLOCK STOP
+    } else {
+        $self->{server__} = IO::Socket::INET->new( Proto     => 'tcp', # PROFILE BLOCK START
+                                    ($self->config_( 'local' ) || 0) == 1 ? (LocalAddr => 'localhost') : (),
+                                    LocalPort => $self->config_( 'port' ),
+                                    Listen    => SOMAXCONN,
+                                    Reuse     => 1 ); # PROFILE BLOCK STOP
+    }
 
     my $name = $self->name();
 
@@ -282,7 +293,9 @@
 
     $self->SUPER::forked( $writer );
 
-    close $self->{server__};
+    if ( $self->{server__} !~ /ssl/i ) {
+        close $self->{server__};
+    }
 }
 
 # ----------------------------------------------------------------------------

課題

UI

POP3

サーバ側ログ
        Level 4DEBUG: ../../_lib/IO/Socket/SSL.pm:1010: IO::Socket::SSL::SSL_Context HASH(0x197fc7c)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1128: new ctx 39774624
 pop3
DEBUG: ../../_lib/IO/Socket/SSL.pm:1010: IO::Socket::SSL::SSL_Context HASH(0x1a68834)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1128: new ctx 39821248
        Level 5 html

POPFile v2.0.0 Running
  write_all VM at entry=vm_unknown
  written so far 40:40 bytes (VM=vm_unknown)
SSL_peek 5020: 1 - error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
SSL read errorerror:00000000:lib(0):func(0):reason(0)
 at ../../_lib/IO/Socket/SSL.pm line 975
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 39821248 open=39821248 39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 39821248
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 39774624 open=39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 39774624
^C  
    Stopping... 
        Level 5 html
        Level 4 pop3
        Level 3 history bayes
        Level 2 database
        Level 1 logger wordmangle
        Level 0 mq config

POPFile v2.0.0 Terminated
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 39821248 open=39821248 39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 39821248
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 39774624 open=39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 39774624

クライアント側ログ
5019:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:424:

サーバ側正常時のログ
        Level 4DEBUG: ../../_lib/IO/Socket/SSL.pm:1010: IO::Socket::SSL::SSL_Context HASH(0x197fc7c)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1128: new ctx 39774624
 pop3
DEBUG: ../../_lib/IO/Socket/SSL.pm:1010: IO::Socket::SSL::SSL_Context HASH(0x1a68834)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1128: new ctx 39821248
        Level 5 html

POPFile v2.0.0 Running
  write_all VM at entry=vm_unknown
  written so far 40:40 bytes (VM=vm_unknown)
  got 30:0 bytes (VM=vm_unknown).
DEBUG: ../../_lib/IO/Socket/SSL.pm:1010: IO::Socket::SSL::SSL_Context HASH(0x1a67adc)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1128: new ctx 40953904
  write_all VM at entry=vm_unknown
  written so far 14:14 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 48:48 bytes (VM=vm_unknown)
  got 13:0 bytes (VM=vm_unknown).
  write_all VM at entry=vm_unknown
  written so far 14:14 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 20:20 bytes (VM=vm_unknown)
  got 5:0 bytes (VM=vm_unknown).
  write_all VM at entry=vm_unknown
  written so far 6:6 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 18:18 bytes (VM=vm_unknown)
  got 9:0 bytes (VM=vm_unknown).
  write_all VM at entry=vm_unknown
  written so far 10:10 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 17:17 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 960:960 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 399:399 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 343:343 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 3:3 bytes (VM=vm_unknown)
  got 5:0 bytes (VM=vm_unknown).
  write_all VM at entry=vm_unknown
  written so far 6:6 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 5:5 bytes (VM=vm_unknown)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 40953904 open=40953904 39821248 39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 40953904
  write_all VM at entry=vm_unknown
  written so far 40:40 bytes (VM=vm_unknown)
  got 30:0 bytes (VM=vm_unknown).
DEBUG: ../../_lib/IO/Socket/SSL.pm:1010: IO::Socket::SSL::SSL_Context HASH(0x93fa0)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1128: new ctx 40958672
  write_all VM at entry=vm_unknown
  written so far 14:14 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 48:48 bytes (VM=vm_unknown)
  got 13:0 bytes (VM=vm_unknown).
  write_all VM at entry=vm_unknown
  written so far 14:14 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 20:20 bytes (VM=vm_unknown)
  got 5:0 bytes (VM=vm_unknown).
  write_all VM at entry=vm_unknown
  written so far 6:6 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 18:18 bytes (VM=vm_unknown)
  got 5:0 bytes (VM=vm_unknown).
  write_all VM at entry=vm_unknown
  written so far 6:6 bytes (VM=vm_unknown)
  write_all VM at entry=vm_unknown
  written so far 5:5 bytes (VM=vm_unknown)
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 40958672 open=40958672 39821248 39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 40958672
^C
    Stopping... 
        Level 5 html
        Level 4 pop3
        Level 3 history bayes
        Level 2 database
        Level 1 logger wordmangle
        Level 0 mq config

POPFile v2.0.0 Terminated
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 39821248 open=39821248 39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 39821248
DEBUG: ../../_lib/IO/Socket/SSL.pm:1163: free ctx 39774624 open=39774624
DEBUG: ../../_lib/IO/Socket/SSL.pm:1166: OK free ctx 39774624

Amatubu_Wiki | POPFile | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited April 22, 2008 22:13 by Amatubu (diff)
Search:

Copyright (c) 1996-2006 naoki iimura e-mail