Net::Server 2.0, released after a long hiatus, broke backwards compatibility with the `proto_object` method which this module overloads. Update to conform to the new API. Unfortunately, rt.cpan.org #31437 was improperly resolved, and thus the hotpatch to ->accept is still necessary.
If Net::SSLeay is not installed, attempting to use the SSL proto, or use ->start_ssl to negotiate an SSL handshake over an existing TCP connection will result in a runtime error. This allows installing Net::Server::Coro on a machine without the OpenSSL header files, for instance.
This class of attacks is possible when an existing connection is upgraded to use TLS after being established. A malicious attacker could craft a man-in-the-middle attack wherein the "STARTTLS" command sent by the client has additional malicious application-level commands appended in the same packet. The client and server are then left to complete the TLS handshake on their own. If the server does not clear the buffer during TLS authentication, it will assume that the remaining commands in the buffer (inserted by the attacker before TLS was established) were sent _after_ TLS was established, and possibly run them with elevated privileges. This attack is particularly dangerous if the protocol makes use of SSL client certificates to authenticate the client. To prevent this, explicitly clear the handle's buffer while TLS is being negotiated.
…xplicit * From perl5140delta.pod: =head2 Tie functions on scalars holding typeglobs Calling a tie function (C<tie>, C<tied>, C<untie>) with a scalar argument acts on a filehandle if the scalar happens to hold a typeglob. This is a long-standing bug that will be removed in Perl 5.16, as there is currently no way to tie the scalar itself when it holds a typeglob, and no way to untie a scalar that has had a typeglob assigned to it. Thus, make the typeglobs explicit, which is handily also backwards compatible.
This replaces the previous scheme of "create bind as what we asked for, then re-bless" with a cleaner and tighter "create as TCP, handle our own bind" method. This allows us to work around Net::Server 0.99's breakage of Net::Server::Proto::SSL, and also intercept the new Net::Server::Proto::SSLEAY class as well.
By saving certificate and key paths as part of the server and handle objects, both SSL and TLS can be used with specific certificate and key paths. Based on a patch by Dan Keder.
0.4 releng Missed the META.yml update
want if you have more than one client.