Bug#881711: libio-socket-ssl-perl: Segfault using malformed client certificates

Dmitry Belyavsky beldmit at gmail.com
Tue Nov 14 13:41:00 UTC 2017 

Package: libio-socket-ssl-perl
Version: 2.002-2+deb8u2
Severity: normal

Dear Maintainer,

   * What led up to the situation?
Minimal example:
=========
#!/usr/bin/perl
use strict;
use warnings;
use utf8;

use LWP::UserAgent;
use IO::Socket::SSL qw(debug3);

my $ua = LWP::UserAgent->new(
                ssl_opts => {
                SSL_cert_file   => '/srv/vr/experiment/cert.pem',
                SSL_key_file    => '/srv/vr/experiment/key.pem',
                }
                );
my $response = $ua->get("https://my.cool.url");
=========


   * What exactly did you do (or not do) that was effective (or
     ineffective)?
perl myscript.pl
   * What was the outcome of this action?
The debug output is
=========
SSL error:  38061: 1 - error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

DEBUG: .../IO/Socket/SSL.pm:1774: Failed to use certificate file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:1769: SSL structure creation failed

DEBUG: .../IO/Socket/SSL.pm:1774: SSL structure creation failed error:140BA0C3:SSL routines:SSL_new:null ssl ctx
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
Segmentation fault (core dumped)
==========

   * What outcome did you expect instead?

When I try to reproduce it with the same certificate and key on the other machine, I get a normal shutdown with different debug output:

==========
DEBUG: .../IO/Socket/SSL.pm:1769: Failed to use certificate file
SSL error:  45289: 1 - error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

DEBUG: .../IO/Socket/SSL.pm:1774: Failed to use certificate file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:1769: SSL structure creation failed

DEBUG: .../IO/Socket/SSL.pm:1774: SSL structure creation failed error:140BA0C3:SSL routines:SSL_new:null ssl ctx
DEBUG: .../IO/Socket/SSL.pm:1758: IO::Socket::IP configuration failed
==========



-- System Information:
Debian Release: 8.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libio-socket-ssl-perl depends on:
ii  libnet-ssleay-perl  1.65-1+deb8u1
ii  netbase             5.3
ii  perl                5.20.2-3+deb8u9

Versions of packages libio-socket-ssl-perl recommends:
ii  libio-socket-inet6-perl     2.72-1
ii  libnet-idn-encode-perl      2.201-1
ii  libnet-libidn-perl          0.12.ds-2+b1
ii  libsocket6-perl             0.25-1+b1
ii  liburi-perl                 1.64-1
ii  perl                        5.20.2-3+deb8u9
ii  perl-base [libsocket-perl]  5.20.2-3+deb8u9

Versions of packages libio-socket-ssl-perl suggests:
ii  ca-certificates  20141019+deb8u3

-- no debconf information

More information about the pkg-perl-maintainers mailing list