2 Following are some common errors to watch out for:
5 It doesn't work together with Storable::fd_retrieve|fd_store, see
6 https://rt.cpan.org/Ticket/Display.html?id=23419.
7 You need to use freeze/nfreeze/thaw and syswrite/sysread the data
8 yourself. See the bug for examples how to do it.
12 If you get an SSL connection but not certificate you might check
13 the cipher with Net::SSLeay::get_cipher( $socket->_get_ssl_object ).
14 If it is something like 'ADH-AES256-SHA' you should try to disable
15 ADH in your cipherlist, e.g. set SSL_cipherlist to 'ALL:!ADH'
16 or just leave it empty so that it uses the openssl default
17 which does not include ADH.
21 There is a problem with openssl versions 0.9.8a and 0.9.8b, see
22 http://marc.theaimsgroup.com/?l=openssl-dev&m=113550694922967&w=2
23 The bug was fixed in newer releases, but if you are forced to use
24 these buggy versions you should apply a patch to Net::SSLeay 1.30,
25 see http://rt.cpan.org/Public/Bug/Display.html?id=22910.
29 IO::Socket::SSL does not currently support using both IPv4 and IPv6 in
30 the same program. For a quick workaround, copy the module 'SSL.pm' to
31 another named 'SSL6.pm' and adjust the package declaration
32 accordingly. Support for this feature is planned in the next release.
36 If you plan on having IO::Socket::SSL sockets auto-close themselves
37 when they go out of scope (like LWP::UserAgent expects), you will
38 need to get Scalar::Util or WeakRef from CPAN (Scalar::Util comes
39 standard with Perl 5.8.0 and above). This is because the self-tying
40 mechanism that IO::Socket::SSL uses to appear simultaneously as an
41 object and a glob reference only works if a circular reference is
46 Note that a random number generator is required for the proper
47 operation of this module. Systems that have /dev/random or
48 /dev/urandom are fine, but those that do not, like most versions
49 of Solaris, will need to fetch one before installing IO::Socket::SSL.
50 If you don't already have a favorite, try EGD (egd.sourceforge.net).
54 Versions of perl-ldap below v0.26 do not work with this version
55 of IO::Socket::SSL because they contain a workaround for old
56 versions of IO::Socket::SSL that breaks new versions.
60 Note that when writing a preforking server (a server that accepts a
61 connection and then hands it off to a child for processing), it is
62 best to handle SSL negotiation after the socket has been passed to
63 the child (using socket_to_SSL()). If implemented so that the server
64 handles negotiation, a failed negotiation may tie up the server until
65 the connection times out.
69 One user mentioned that the following did not work as it should in
70 IO::Socket::SSL, but worked in IO::Socket::INET:
72 chomp($var = <$socket>);
73 print ord(chop($var)); # Prints "10" for people using ASCII
75 This is due to a bug in Perl that is fixed in 5.8.1. If you need
76 a workaround, try one of the following:
78 chomp($var = $socket->getline());
79 chomp($var = scalar <$socket>);
80 chomp($var = $var = <$socket>);
82 Any function that returns the value of <$socket> (in scalar context)
87 If you have 384-bit RSA keys you need to use Diffie Hellman Key Exchange.
88 See the parameter SSL_dh_file or SSL_dh for how to use it and
89 http://groups.google.de/group/mailing.openssl.users/msg/d60330cfa7a6034b
90 for an explanation why you need it.
93 Peter Behroozi (behrooz at fas.harvard.edu)
94 Steffen Ullrich (Steffen_Ullrich at genua.de)