[Pkg-openssl-devel] Bug#813189: Bug#813189: libio-socket-ssl-perl: FTBFS with current libssl1.0.2: t/startssl-failed.t hangs
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 1 19:10:13 UTC 2016
Hi Kurt,
On Mon, Feb 01, 2016 at 06:44:32PM +0100, Kurt Roeckx wrote:
> On Mon, Feb 01, 2016 at 04:16:52PM +0100, Salvatore Bonaccorso wrote:
> > On Sun, Jan 31, 2016 at 08:34:44PM +0100, Kurt Roeckx wrote:
> > > On Sat, Jan 30, 2016 at 10:51:06PM +0100, Salvatore Bonaccorso wrote:
> > > >
> > > > FTR, Upstream has released a new version (I have imported in our git
> > > > repo already):
> > > >
> > > > 2.023 2016/01/30
> > > > - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
> > > > was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
> > > > This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
> > > > which caused an endless loop. It will now ignore this result in case the TLS
> > > > connection was not yet established and consider the TLS connection closed
> > > > instead.
> > > >
> > > > But this does not seem to fully resolve the issue yet. When I try to
> > > > build the testsuite still get stuck.
> > >
> > > So as I understand it, the problem is that the client just sends
> > > crap, the server tells the client it sends crap, but then waits
> > > for the client to properly terminate the question which it never
> > > does?
> > >
> > > It's at least not behaviour I can reproducing using s_server, the
> > > server actually closes the connection for me.
> >
> > JFTR, the additional problem is unrelated to the OpenSSL change. I
> > (and as well Gregor) was able to reproduce it in the pbuilder setup
> > when using the default USENETWORK=no (but not if switching to
> > USENETWORK=yes). So #813189 on its own can be considered resolved.
>
> I'd like to understand what change was needed in
> libio-socket-ssl-perl. Can you point me to it?
>
> I'm wondering if we should change something on the OpenSSL side or
> not.
Ack. Here is the change which was applied to IO::Socket::SSL to
workaround the changes in OpenSSL:
https://github.com/noxxi/p5-io-socket-ssl/commit/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd
Thank you for your help and looking into it!
Regards,
Salvatore
More information about the Pkg-openssl-devel
mailing list