[Pkg-openssl-devel] Bug#813189: Bug#813189: libio-socket-ssl-perl: FTBFS with current libssl1.0.2: t/startssl-failed.t hangs

Salvatore Bonaccorso carnil at debian.org
Mon Feb 1 19:10:13 UTC 2016


Hi Kurt,

On Mon, Feb 01, 2016 at 06:44:32PM +0100, Kurt Roeckx wrote:
> On Mon, Feb 01, 2016 at 04:16:52PM +0100, Salvatore Bonaccorso wrote:
> > On Sun, Jan 31, 2016 at 08:34:44PM +0100, Kurt Roeckx wrote:
> > > On Sat, Jan 30, 2016 at 10:51:06PM +0100, Salvatore Bonaccorso wrote:
> > > > 
> > > > FTR, Upstream has released a new version (I have imported in our git
> > > > repo already):
> > > > 
> > > > 2.023 2016/01/30
> > > > - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
> > > >   was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
> > > >   This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
> > > >   which caused an endless loop. It will now ignore this result in case the TLS
> > > >   connection was not yet established and consider the TLS connection closed
> > > >   instead.
> > > > 
> > > > But this does not seem to fully resolve the issue yet. When I try to
> > > > build the testsuite still get stuck.
> > > 
> > > So as I understand it, the problem is that the client just sends
> > > crap, the server tells the client it sends crap, but then waits
> > > for the client to properly terminate the question which it never
> > > does?
> > > 
> > > It's at least not behaviour I can reproducing using s_server, the
> > > server actually closes the connection for me.
> > 
> > JFTR, the additional problem is unrelated to the OpenSSL change. I
> > (and as well Gregor) was able to reproduce it in the pbuilder setup
> > when using the default USENETWORK=no (but not if switching to
> > USENETWORK=yes). So #813189 on its own can be considered resolved.
> 
> I'd like to understand what change was needed in
> libio-socket-ssl-perl.  Can you point me to it?
> 
> I'm wondering if we should change something on the OpenSSL side or
> not.

Ack. Here is the change which was applied to IO::Socket::SSL to
workaround the changes in OpenSSL:

https://github.com/noxxi/p5-io-socket-ssl/commit/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd

Thank you for your help and looking into it!

Regards,
Salvatore



More information about the Pkg-openssl-devel mailing list