Bug#830152: libnet-ssleay-perl: Under mod_perl, first client connection fails in CTX_new, but subsequent connections work
Ivan Kohler
ivan-debian at 420.am
Wed Jul 6 18:05:03 UTC 2016
Package: libnet-ssleay-perl
Version: 1.74-1
Severity: important
Running in a (preforking) mod_perl context, the first client conneciton
attempted (during each process lifetime) fails. Subsequent connections work.
Example script:
#!/usr/bin/perl
use Net::SSLeay qw(post_https make_form);
$Net::SSLeay::trace = 0;
my $host = 'secure.authorize.net';
my ($page, $response, %reply_headers) = post_https($host, 443, '/', '', make_form(var1 => 'one', var2 => 'two' ));
print "response $response\n";
#again, it'll work...
($page, $response, %reply_headers) = post_https($host, 443, '/', '', make_form(var1 => 'one', var2 => 'two' ));
print "response $response\n";
Example Apache config:
AddHandler perl-script .cgi
PerlHandler ModPerl::Registry
Options +ExecCGI
In a non-mod_perl context, this returns (e.g., depending on $host):
ivan at fleetpaw:/var/www/html$ perl testssl.cgi
response HTTP/1.1 303 See Other
response HTTP/1.1 303 See Other
In a mod_perl context, the first time this is called in a process (i.e. after a
restart), this returns:
response HTTP/1.0 900 NET OR SSL ERROR
CTX_new 30723: 1 - error:0906D06C:PEM routines:PEM_read_bio:no start line
CTX_new 30723: 2 - error:0906D06C:PEM routines:PEM_read_bio:no start line
response HTTP/1.1 303 See Other
Full trace of failing connection:
do_httpx3(POST,1,secure.authorize.net:443) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/do_httpx3.al) line 1318. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/do_httpx3.al):1318)
httpx_cat: usessl=1 (secure.authorize:443) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/httpx_cat.al) line 1227. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/httpx_cat.al):1227)
Opening connection to secure.authorize.net:443 (64.94.118.32) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 486. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al):486)
next connect at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 491. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al):491)
connected to secure.authorize.net, 443 at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 494. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al):494)
Creating SSL 0 context... (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/https_cat.al):1126)
CTX_new 30717: 1 - error:0906D06C:PEM routines:PEM_read_bio:no start line (/usr/lib/x86_64-linux-gnu/perl5/5.22/Net/SSLeay.pm:422)
CTX_new 30717: 2 - error:0906D06C:PEM routines:PEM_read_bio:no start line (/usr/lib/x86_64-linux-gnu/perl5/5.22/Net/SSLeay.pm:422)
Changing $host between connections has no effect, so it isn't a per-host
failure/cache. Changing $ssl_version has no effect. This does not appear to
be specific to ModPerl::Registry (originally observed in an HTML::Mason app).
I believe this behavior is present back to jessie. Not sure about wheezy.
As a workaround, I'm using the following code per-process to trigger the
one-time context creation error so all subsequent real connections work:
{
use Net::SSLeay;
package Net::SSLeay;
initialize();
my $bad_ctx = new_x_ctx();
while ( ERR_get_error() ) {}; #print_errs('CTX_new');
CTX_free($bad_ctx);
}
Oddly, retreiving the errors is necessary to make this work.
--
Ivan Kohler
President and Head Geek, Freeside Internet Services, Inc. http://freeside.biz/
Debian GNU/Linux developer | CPAN author | cat person | ski addict
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libnet-ssleay-perl depends on:
ii libc6 2.22-13
ii libssl1.0.2 1.0.2h-1
ii perl 5.22.2-1
ii perl-base [perlapi-5.22.1] 5.22.2-1
libnet-ssleay-perl recommends no packages.
Versions of packages libnet-ssleay-perl suggests:
ii libperl5.22 [libmime-base64-perl] 5.22.2-1
-- no debconf information
More information about the pkg-perl-maintainers
mailing list