Sloop::Other::Secure

Sloop Home Examples Guide TOC POD TOC

Sloop::Other::Secure

DESCRIPTION

This class can be used for Sloop::Other connections to ssl/tls servers. It does not require that the Sloop::Server instance be run in secure mode, but if it is not, then you must call Sloop::Socket::TLS::init() before you call $sloop->connectOther.

Currently there are some limitations:

- Only X509 based authentication is available.

- Use of client certificates is not supported.

- Certificate revocation lists (CRLs) are not checked; authenticating the server is done only on the basis of what is in your trust file.

SYNOPSIS

The API is described in Sloop::Other, with a few extra optional arguments to the constructor -- which returns undef if the initial connection fails; there should be a GnuTLS error logged in this case.

trustLevel

This is one of Sloop::Other::Secure::TRUST_CERTIFIED (the default) or ::TRUST_ALL. If the former, the remote server is authenticated using the 'trustFile' passed to Sloop::Socket::TLS::init(). If the latter, the certificate is not checked..

otherHostname

This is required to authenticate the other server's certificate, unless you use TRUST_ALL (see above). The default is 'localhost'.

priority

This is a string passed as the second argument to gnutls_priority_set_direct(), defining what ciphers are allowed in order of preference. The default is:

 NORMAL:%PARTIAL_RENEGOTIATION

The nature of the string is partially described in 'man gnutls_priority_init', and more thoroughly in the GnuTLS guide:

http://gnutls.org/manual/html_node/Priority-Strings.html