Bug#881711: libio-socket-ssl-perl: Segfault using malformed client certificates
Dmitry Belyavsky
beldmit at gmail.com
Tue Nov 14 13:41:00 UTC 2017
Package: libio-socket-ssl-perl
Version: 2.002-2+deb8u2
Severity: normal
Dear Maintainer,
* What led up to the situation?
Minimal example:
=========
#!/usr/bin/perl
use strict;
use warnings;
use utf8;
use LWP::UserAgent;
use IO::Socket::SSL qw(debug3);
my $ua = LWP::UserAgent->new(
ssl_opts => {
SSL_cert_file => '/srv/vr/experiment/cert.pem',
SSL_key_file => '/srv/vr/experiment/key.pem',
}
);
my $response = $ua->get("https://my.cool.url");
=========
* What exactly did you do (or not do) that was effective (or
ineffective)?
perl myscript.pl
* What was the outcome of this action?
The debug output is
=========
SSL error: 38061: 1 - error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
DEBUG: .../IO/Socket/SSL.pm:1774: Failed to use certificate file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:1769: SSL structure creation failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL structure creation failed error:140BA0C3:SSL routines:SSL_new:null ssl ctx
DEBUG: .../IO/Socket/SSL.pm:640: set socket to non-blocking to enforce timeout=180
Segmentation fault (core dumped)
==========
* What outcome did you expect instead?
When I try to reproduce it with the same certificate and key on the other machine, I get a normal shutdown with different debug output:
==========
DEBUG: .../IO/Socket/SSL.pm:1769: Failed to use certificate file
SSL error: 45289: 1 - error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
DEBUG: .../IO/Socket/SSL.pm:1774: Failed to use certificate file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
DEBUG: .../IO/Socket/SSL.pm:529: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:531: socket connected
DEBUG: .../IO/Socket/SSL.pm:553: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:1769: SSL structure creation failed
DEBUG: .../IO/Socket/SSL.pm:1774: SSL structure creation failed error:140BA0C3:SSL routines:SSL_new:null ssl ctx
DEBUG: .../IO/Socket/SSL.pm:1758: IO::Socket::IP configuration failed
==========
-- System Information:
Debian Release: 8.9
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libio-socket-ssl-perl depends on:
ii libnet-ssleay-perl 1.65-1+deb8u1
ii netbase 5.3
ii perl 5.20.2-3+deb8u9
Versions of packages libio-socket-ssl-perl recommends:
ii libio-socket-inet6-perl 2.72-1
ii libnet-idn-encode-perl 2.201-1
ii libnet-libidn-perl 0.12.ds-2+b1
ii libsocket6-perl 0.25-1+b1
ii liburi-perl 1.64-1
ii perl 5.20.2-3+deb8u9
ii perl-base [libsocket-perl] 5.20.2-3+deb8u9
Versions of packages libio-socket-ssl-perl suggests:
ii ca-certificates 20141019+deb8u3
-- no debconf information
More information about the pkg-perl-maintainers
mailing list