hostsentry has asked for the wisdom of the Perl Monks concerning the following question:

The Question:
How do I get IO::Socket::SSL to accept a socket connection without sending headers to the browser which prevent me from providing my own HTTP headers.

The Problem:
I have an incredibly basic HTTPS server setup at this point, but it seems like at some point in my code (the included modules) headers are being provided back which aren't allowing me to specify my own HTTP headers. The result from doing the HEAD command with linux on my domain with https pulling from the server made below: 
200 Assumed OK
Client-Date: Fri, 12 Jun 2009 16:16:46 GMT
Client-Peer: 174.120.41.194:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: ...
Client-SSL-Cert-Subject: ...
Client-SSL-Cipher: AES256-SHA
Client-SSL-Warning: Peer certificate not verified

[download]

My Setup:
v5.8.8 built for i686-linux
(CentOS) Linux 2.6.28.9 #5 SMP Mon Mar 30 04:51:09 CDT 2009 i686 i686 i386 GNU/Linux
IO::Socket::SSL version 1.24


The Code:
#!/usr/bin/perl

use strict;
use IO::Socket::SSL;

my ($sock, $s);
$sock = IO::Socket::SSL->new( Listen => 5,
    LocalPort => 443,
    RemoteAddr => 'myip',
    LocalAddr => 'myip',
    Proto     => 'tcp',
    SSL_verify_mode => 0x01,
    Reuse     => 1,
    SSL_key_file => 'certs/keyfile',
    SSL_cert_file => 'certs/certfile.crt',
    SSL_ca_file => 'certs/bundle.ca-bundle'
    );

while (1) {
  while(($s = $sock->accept())) {
  print $s "Content-type: text/html\n\n";
        $s->close(SSL_no_shutdown => 1);
  }
}


$sock->close();

[download]
What I think at this point:
I would expect either a broken page (browser rejecting the response), or a blank page with a mime type of text/html (since it apparently assumes 200 OK anyway). It really appears to me that at the point of accepting the connection this data is sent to the browser, and there really would be nothing I could do without modifying the modules used.

It would be great if anyone could help me figure out how to get the server to allow me to send my own HTTP response headers.

Sorry in advance if this post wasn't up to perlmonks.org standards.

Replies are listed 'Best First'.
Re: IO::Socket::SSL HTTPS Headers
by zwon (Abbot) on Jun 12, 2009 at 17:21 UTC

    The code you have provided, doesn't return any headers to client except for Content-Type. Actually IO::Socket::SSL have nothing with HTTP and doesn't send any HTTP headers to client. So you should search the source of the problem in other modules.

[reply]
      I wouldn't expect simply returning Content-Type to be sufficient for the browser as a header, and with the way things appear to be working it isn't being treated as a header.

      At some point during the accept command one of the modules is sending information which is being treated as the header by the browser. I want to get it to stop doing that so I can then provide proper HTTP response headers (not just content-type).

      I just can't figure out how to do that by looking through the modules.
[reply]
      Actually, when I provided the full response headers it worked properly. It added them into the headers already provided, rather than later in the document.
[reply]

Back to Seekers of Perl Wisdom