Skip Menu |

This queue is for tickets about the Net-Proxy CPAN distribution.

Report information
The Basics
Id: 100007
Status: open
Priority: 0/
Queue: Net-Proxy
People
Owner: Nobody in particular
Requestors: CHORNY [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 0.13
Fixed in: (no value)

History Show all quoted text
  Mon Nov 03 17:06:51 2014 CHORNY [...] cpan.org - Ticket created
Subject: 36ssl_tcp.t hangs on Windows
1..5 # Random seed 1209204735 # ports: 1142 1143 2014-11-03 23:44:24 SSL connect accept failed because of handshake problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca at C:\strawberry182\cpan\build\Net-Proxy-0.13-lGr41T\blib\lib/Net/Proxy/Connector/ssl.pm line 73. ok 1 # skip Couldn't start the client: Bad file descriptor ok 2 # skip Couldn't start the client: Bad file descriptor ok 3 # skip Couldn't start the client: Bad file descriptor ok 4 # skip Couldn't start the client: Bad file descriptor ok 5 # skip Couldn't start the client: Bad file descriptor (hangs) possibly hangs only on 5.18.x and not earlier. -- Alexandr Ciornii, http://chorny.net
  Mon Nov 03 18:48:34 2014 book [...] cpan.org - Correspondence added
On Mon Nov 03 17:06:51 2014, CHORNY wrote: Show quoted text
> 1..5 > # Random seed 1209204735 > # ports: 1142 1143 > 2014-11-03 23:44:24 SSL connect accept failed because of handshake > problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca at C:\strawberry182\cpan\build\Net-Proxy-0.13- > lGr41T\blib\lib/Net/Proxy/Connector/ssl.pm line 73. > > ok 1 # skip Couldn't start the client: Bad file descriptor > ok 2 # skip Couldn't start the client: Bad file descriptor > ok 3 # skip Couldn't start the client: Bad file descriptor > ok 4 # skip Couldn't start the client: Bad file descriptor > ok 5 # skip Couldn't start the client: Bad file descriptor > (hangs) > > possibly hangs only on 5.18.x and not earlier.
Which version of the SSL libraries (Net::SSLeay and IO::Socket::SSL) are installed? The error (unknown CA) seems legitimate, given the tests are done with a self-signed certificate. I guess I can probably get rid of the error with the appropriate environment variable. However the hanging after failure is probably specific to Windows. I'm wondering if closing all the sockets wouldn't help. Could you try the attached patch and tell me what happens? Thanks, -- BooK
Subject: ssl.patch
diff --git a/t/36ssl_tcp.t b/t/36ssl_tcp.t index e4ea7c3..6bb0733 100644 --- a/t/36ssl_tcp.t +++ b/t/36ssl_tcp.t @@ -60,10 +60,16 @@ SKIP: { my $client = IO::Socket::SSL->new( PeerAddr => 'localhost', PeerPort => $proxy_port - ) or skip "Couldn't start the client: $!", $tests; + ) or do { + $listener->close(); + skip "Couldn't start the client: $!", $tests; + }; - my $server = $listener->accept() - or skip "Proxy didn't connect: $!", $tests; + my $server = $listener->accept() or do { + $listener->close(); + $client->close(); + skip "Proxy didn't connect: $!", $tests; + }; for my $line (@lines) { ( $client, $server ) = random_swap( $client, $server );
  Mon Nov 03 18:48:35 2014 The RT System itself - Status changed from 'new' to 'open'
  Mon Nov 03 19:06:29 2014 book [...] cpan.org - Correspondence added
On Mon Nov 03 18:48:34 2014, BOOK wrote: Show quoted text
> The error (unknown CA) seems legitimate, given the > tests are done with a self-signed certificate. I guess I can probably > get rid of the error with the appropriate environment variable.
I guess the defaults have changed since 2007... Actually, it seems the simple way to disable CA verification on the client side is to add the following parameters to the call `my $client = IO::Socket::SSL->new( ... );` SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE() (Fully qualified name because IO::Socket::SSL is require'd and not use'd...) Again, could you try this and tell me what happens? Thanks, -- BooK
  Mon Nov 03 20:31:01 2014 book [...] cpan.org - Correspondence added
On Mon Nov 03 19:06:29 2014, BOOK wrote: Show quoted text
> On Mon Nov 03 18:48:34 2014, BOOK wrote:
> > The error (unknown CA) seems legitimate, given the > > tests are done with a self-signed certificate. I guess I can probably > > get rid of the error with the appropriate environment variable.
> > I guess the defaults have changed since 2007... > > Actually, it seems the simple way to disable CA verification on the > client side is to add the following parameters to the call `my $client > = IO::Socket::SSL->new( ... );` > > SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE()
Regarding this problem, see also https://rt.cpan.org/Ticket/Display.html?id=89044 -- BooK
  Tue Nov 04 18:36:31 2014 CHORNY [...] cpan.org - Correspondence added
On Mon Nov 03 18:48:34 2014, BOOK wrote: Show quoted text
> On Mon Nov 03 17:06:51 2014, CHORNY wrote:
> > 1..5 > > # Random seed 1209204735 > > # ports: 1142 1143 > > 2014-11-03 23:44:24 SSL connect accept failed because of handshake > > problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > > unknown ca at C:\strawberry182\cpan\build\Net-Proxy-0.13- > > lGr41T\blib\lib/Net/Proxy/Connector/ssl.pm line 73. > > > > ok 1 # skip Couldn't start the client: Bad file descriptor > > ok 2 # skip Couldn't start the client: Bad file descriptor > > ok 3 # skip Couldn't start the client: Bad file descriptor > > ok 4 # skip Couldn't start the client: Bad file descriptor > > ok 5 # skip Couldn't start the client: Bad file descriptor > > (hangs) > > > > possibly hangs only on 5.18.x and not earlier.
> > Which version of the SSL libraries (Net::SSLeay and IO::Socket::SSL) > are installed?
Net::SSLeay 1.55, IO::Socket::SSL 1.967 Show quoted text
> The error (unknown CA) seems legitimate, given the > tests are done with a self-signed certificate. I guess I can probably > get rid of the error with the appropriate environment variable.
error is "alert unknown" and SSL_verify_mode does not prevent this error Show quoted text
> > However the hanging after failure is probably specific to Windows. > I'm wondering if closing all the sockets wouldn't help. > > Could you try the attached patch and tell me what happens?
Same hanging. -- Alexandr Ciornii, http://chorny.net
  Wed Nov 05 18:50:35 2014 book [...] cpan.org - Correspondence added
On Tue Nov 04 18:36:31 2014, CHORNY wrote: Show quoted text
> On Mon Nov 03 18:48:34 2014, BOOK wrote:
> > > > However the hanging after failure is probably specific to Windows. > > I'm wondering if closing all the sockets wouldn't help. > > > > Could you try the attached patch and tell me what happens?
> > Same hanging. >
Thanks for the quick feedback. I don't know what to do next, though. -- BooK
  Fri Dec 05 12:41:54 2014 CHORNY [...] cpan.org - Correspondence added
Also hangs on Linux, perl 5.18.1, threaded, but only when run as `make test`. `perl -Mblib t/36ssl_tcp.t` does not hang. $LANG=C make test TEST_FILES=t/36ssl_tcp.t TEST_VERBOSE=1 PERL_DL_NONLAZY=1 /home/c/perl5/perlbrew/perls/18.1i/bin/perl "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" t/36ssl_tcp.t t/36ssl_tcp.t .. 1..5 # Random seed 1136073612 # ports: 43784 47148 2014-12-05 19:41:24 SSL connect accept failed because of handshake problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca at /home/c/.cpan/build/Net-Proxy-0.13-kmj0ZO/blib/lib/Net/Proxy/Connector/ssl.pm line 73. ok 1 # skip Couldn't start the client: Connection refused ok 2 # skip Couldn't start the client: Connection refused ok 3 # skip Couldn't start the client: Connection refused ok 4 # skip Couldn't start the client: Connection refused ok 5 # skip Couldn't start the client: Connection refused (hangs) -- Alexandr Ciornii, http://chorny.net
  Fri Oct 30 06:01:35 2015 SREZIC [...] cpan.org - Correspondence added
On 2014-12-05 12:41:54, CHORNY wrote: Show quoted text
> Also hangs on Linux, perl 5.18.1, threaded, but only when run as `make > test`. `perl -Mblib t/36ssl_tcp.t` does not hang. > > > $LANG=C make test TEST_FILES=t/36ssl_tcp.t TEST_VERBOSE=1 > PERL_DL_NONLAZY=1 /home/c/perl5/perlbrew/perls/18.1i/bin/perl "- > MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef > *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" > t/36ssl_tcp.t > t/36ssl_tcp.t .. > 1..5 > # Random seed 1136073612 > # ports: 43784 47148 > 2014-12-05 19:41:24 SSL connect accept failed because of handshake > problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca at /home/c/.cpan/build/Net-Proxy-0.13- > kmj0ZO/blib/lib/Net/Proxy/Connector/ssl.pm line 73. > > ok 1 # skip Couldn't start the client: Connection refused > ok 2 # skip Couldn't start the client: Connection refused > ok 3 # skip Couldn't start the client: Connection refused > ok 4 # skip Couldn't start the client: Connection refused > ok 5 # skip Couldn't start the client: Connection refused > (hangs)
I see the same problem on various Linux (Debian wheezy, Debian jessie) and FreeBSD (9.2) systems, regardless of perl version. Here's my output on wheezy with NET_PROXY_VERBOSITY set: NET_PROXY_VERBOSITY=2 LANG=C make test TEST_FILES=t/36ssl_tcp.t TEST_VERBOSE=1 PERL_DL_NONLAZY=1 "/opt/perl-5.23.3/bin/perl5.23.3" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" t/36ssl_tcp.t t/36ssl_tcp.t .. 1..5 # Random seed 570578040 # ports: 49654 49483 2015-10-30 09:58:21 Started SSL listener 127.0.0.1:49654 as SSL 2015-10-30 09:58:21 Add SSL listener 127.0.0.1:49654 DEBUG: .../IO/Socket/SSL.pm:605: socket not yet connected 2015-10-30 09:58:22 New connection on SSL listener 127.0.0.1:49654 DEBUG: .../IO/Socket/SSL.pm:871: no socket yet DEBUG: .../IO/Socket/SSL.pm:873: accept created normal socket IO::Socket::SSL=GLOB(0x2145400) DEBUG: .../IO/Socket/SSL.pm:901: starting sslifying DEBUG: .../IO/Socket/SSL.pm:607: socket connected DEBUG: .../IO/Socket/SSL.pm:629: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:662: using SNI with hostname localhost DEBUG: .../IO/Socket/SSL.pm:697: request OCSP stapling DEBUG: .../IO/Socket/SSL.pm:989: SSL accept attempt failed because of handshake problems DEBUG: .../IO/Socket/SSL.pm:989: local error: SSL accept attempt failed because of handshake problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 2015-10-30 09:58:22 SSL accept attempt failed because of handshake problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca at /tmpfs/.cpan-build/2015103006/Net-Proxy-0.13-qRINxp/blib/lib/Net/Proxy/Connector/ssl.pm line 73. DEBUG: .../IO/Socket/SSL.pm:735: SSL connect attempt failed DEBUG: .../IO/Socket/SSL.pm:735: local error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed DEBUG: .../IO/Socket/SSL.pm:738: fatal SSL error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed DEBUG: ...inux/IO/Socket.pm:49: ignoring less severe local error 'IO::Socket::IP configuration failed', keep 'SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' ok 1 # skip Couldn't start the client: ok 2 # skip Couldn't start the client: ok 3 # skip Couldn't start the client: ok 4 # skip Couldn't start the client: ok 5 # skip Couldn't start the client:
  Fri Mar 03 02:03:19 2017 SREZIC [...] cpan.org - Correspondence added
On 2015-10-30 06:01:35, SREZIC wrote: Show quoted text
> On 2014-12-05 12:41:54, CHORNY wrote:
> > Also hangs on Linux, perl 5.18.1, threaded, but only when run as > > `make > > test`. `perl -Mblib t/36ssl_tcp.t` does not hang. > > > > > > $LANG=C make test TEST_FILES=t/36ssl_tcp.t TEST_VERBOSE=1 > > PERL_DL_NONLAZY=1 /home/c/perl5/perlbrew/perls/18.1i/bin/perl "- > > MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef > > *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" > > t/36ssl_tcp.t > > t/36ssl_tcp.t .. > > 1..5 > > # Random seed 1136073612 > > # ports: 43784 47148 > > 2014-12-05 19:41:24 SSL connect accept failed because of handshake > > problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > > unknown ca at /home/c/.cpan/build/Net-Proxy-0.13- > > kmj0ZO/blib/lib/Net/Proxy/Connector/ssl.pm line 73. > > > > ok 1 # skip Couldn't start the client: Connection refused > > ok 2 # skip Couldn't start the client: Connection refused > > ok 3 # skip Couldn't start the client: Connection refused > > ok 4 # skip Couldn't start the client: Connection refused > > ok 5 # skip Couldn't start the client: Connection refused > > (hangs)
> > I see the same problem on various Linux (Debian wheezy, Debian jessie) > and FreeBSD (9.2) systems, regardless of perl version. Here's my > output on wheezy with NET_PROXY_VERBOSITY set: > > NET_PROXY_VERBOSITY=2 LANG=C make test TEST_FILES=t/36ssl_tcp.t > TEST_VERBOSE=1 > PERL_DL_NONLAZY=1 "/opt/perl-5.23.3/bin/perl5.23.3" "- > MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef > *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" > t/36ssl_tcp.t > t/36ssl_tcp.t .. > 1..5 > # Random seed 570578040 > # ports: 49654 49483 > 2015-10-30 09:58:21 Started SSL listener 127.0.0.1:49654 as SSL > 2015-10-30 09:58:21 Add SSL listener 127.0.0.1:49654 > DEBUG: .../IO/Socket/SSL.pm:605: socket not yet connected > 2015-10-30 09:58:22 New connection on SSL listener 127.0.0.1:49654 > DEBUG: .../IO/Socket/SSL.pm:871: no socket yet > DEBUG: .../IO/Socket/SSL.pm:873: accept created normal socket > IO::Socket::SSL=GLOB(0x2145400) > DEBUG: .../IO/Socket/SSL.pm:901: starting sslifying > DEBUG: .../IO/Socket/SSL.pm:607: socket connected > DEBUG: .../IO/Socket/SSL.pm:629: ssl handshake not started > DEBUG: .../IO/Socket/SSL.pm:662: using SNI with hostname localhost > DEBUG: .../IO/Socket/SSL.pm:697: request OCSP stapling > DEBUG: .../IO/Socket/SSL.pm:989: SSL accept attempt failed because of > handshake problems > > DEBUG: .../IO/Socket/SSL.pm:989: local error: SSL accept attempt > failed because of handshake problems error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > 2015-10-30 09:58:22 SSL accept attempt failed because of handshake > problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca at /tmpfs/.cpan-build/2015103006/Net-Proxy-0.13- > qRINxp/blib/lib/Net/Proxy/Connector/ssl.pm line 73. > > DEBUG: .../IO/Socket/SSL.pm:735: SSL connect attempt failed > > DEBUG: .../IO/Socket/SSL.pm:735: local error: SSL connect attempt > failed error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > DEBUG: .../IO/Socket/SSL.pm:738: fatal SSL error: SSL connect attempt > failed error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > DEBUG: ...inux/IO/Socket.pm:49: ignoring less severe local error > 'IO::Socket::IP configuration failed', keep 'SSL connect attempt > failed error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' > ok 1 # skip Couldn't start the client: > ok 2 # skip Couldn't start the client: > ok 3 # skip Couldn't start the client: > ok 4 # skip Couldn't start the client: > ok 5 # skip Couldn't start the client:
It seems that tests started to fail with IO::Socket::SSL 1.966: <http://analysis.cpantesters.org/solved?distv=Net-Proxy-0.13#mod%3AIO%3A%3ASocket%3A%3ASSL>