Bug#839576: libio-socket-ssl-perl: Cannot use SSL_key_file with ACL permissions
Michael Braun
michael-dev at fami-braun.de
Sun Oct 2 10:05:23 UTC 2016
Package: libio-socket-ssl-perl
Version: 2.002-2+deb8u1
Severity: normal
Dear Maintainer,
I upgraded from wheezy to jessie. The issue did not occur before.
I am running a perl daemon as some non-root user that uses SSL_key_file with IO::Socket::SSL->start_SSL($client, SSL_server => 1, SSL_key_file => ..., ...).
The key file given is owned by root:root, but getfacl reports user:$daemonuser:r-- and using "sudo -u $daemonuser cat $SSL_key_file" works fine.
Though, the daemon does not longer accept clients writing to STDERR "SSL_key_file ... is not accessible at /usr/share/perl5/IO/Socket/SSL.pm line 2010".
That source line reads like it is supposed to check readiblity of the key file given. I expect it to pass as the file is actually readable and start SSL communication with the client.
Regards,
M. Braun
-- System Information:
Debian Release: 8.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.2.1-040201-generic (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libio-socket-ssl-perl depends on:
ii libnet-ssleay-perl 1.65-1+deb8u1
ii netbase 5.3
ii perl 5.20.2-3+deb8u6
Versions of packages libio-socket-ssl-perl recommends:
ii libio-socket-inet6-perl 2.72-1
ii libsocket6-perl 0.25-1+b1
ii liburi-perl 1.64-1
ii perl 5.20.2-3+deb8u6
ii perl-base [libsocket-perl] 5.20.2-3+deb8u6
Versions of packages libio-socket-ssl-perl suggests:
ii ca-certificates 20141019+deb8u1
-- no debconf information
More information about the pkg-perl-maintainers
mailing list