Skip Menu |

This queue is for tickets about the libnet CPAN distribution.

Report information
The Basics
Id: 100529
Status: resolved
Priority: 0/
Queue: libnet
People
Owner: Nobody in particular
Requestors: zefram [...] fysh.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Nov 24 10:22:31 2014 zefram [...] fysh.org - Ticket created
Subject: SSL capability breaks use of data connection
Date: Mon, 24 Nov 2014 15:22:11 +0000
To: bug-libnet [...] rt.cpan.org
From: Zefram <zefram [...] fysh.org>
I have some code that uses $ftp->retr($file) to acquire a data connection handle and then calls $conn->getline repeatedly to read directly from it. This used to work. But when using libnet-3.02, the getline call returns undef (indicating end-of-file) without the process ever actually attempting at the syscall level to read from the data socket or even checking whether the socket is readable. It looks like this is a result of using IO::Socket::SSL to manage the data socket. This is not an SSL-using session, and patching Net::FTP to use IO::Socket::INET instead of IO::Socket::SSL makes the code work again. I suggest that IO::Socket::SSL shouldn't be used unless the particular connection requires SSL. -zefram
  Wed Nov 26 17:08:37 2014 Steffen_Ullrich [...] genua.de - Correspondence added
On Mon Nov 24 10:22:31 2014, zefram@fysh.org wrote: Show quoted text
> I have some code that uses $ftp->retr($file) to acquire a data connection > handle and then calls $conn->getline repeatedly to read directly > from it. This used to work. But when using libnet-3.02, the getline > call returns undef (indicating end-of-file) without the process ever > actually attempting at the syscall level to read from the data socket > or even checking whether the socket is readable. It looks like this is > a result of using IO::Socket::SSL to manage the data socket. This is > not an SSL-using session, and patching Net::FTP to use IO::Socket::INET > instead of IO::Socket::SSL makes the code work again. > > I suggest that IO::Socket::SSL shouldn't be used unless the particular > connection requires SSL.
Thanks for reporting the problem. The reason for this problem was, that IO::Socket::SSL did not implement getline properly when used in plain mode. This is fixed in IO::Socket::SSL version 2.007. Some Background: Since version 1.994 IO::Socket::SSL can be used in SSL-mode (as before) and also in plain mode and can switch between these modes with start_SSL and stop_SSL. This was explicitly done to support modules like Net::FTP. While it would be nice to make Net::FTP use IO::Socket::SSL only if SSL is actually used, the current design of Net::FTP would mean that Net::FTP::dataconn might need to change the super class for each connection, depending on the required protection mode. This would be a very bad hack and would definitely cause problem when used together with threads. Regards, Steffen Ullrich (Maintainer IO::Socket::SSL)
  Wed Nov 26 17:08:38 2014 The RT System itself - Status changed from 'new' to 'open'
  Wed Nov 26 18:06:03 2014 shay [...] cpan.org - Correspondence added
On Wed Nov 26 17:08:37 2014, SULLR wrote: Show quoted text
> On Mon Nov 24 10:22:31 2014, zefram@fysh.org wrote:
> > I have some code that uses $ftp->retr($file) to acquire a data > > connection > > handle and then calls $conn->getline repeatedly to read directly > > from it. This used to work. But when using libnet-3.02, the getline > > call returns undef (indicating end-of-file) without the process ever > > actually attempting at the syscall level to read from the data socket > > or even checking whether the socket is readable. It looks like this > > is > > a result of using IO::Socket::SSL to manage the data socket. This is > > not an SSL-using session, and patching Net::FTP to use > > IO::Socket::INET > > instead of IO::Socket::SSL makes the code work again. > > > > I suggest that IO::Socket::SSL shouldn't be used unless the > > particular > > connection requires SSL.
> > Thanks for reporting the problem. > The reason for this problem was, that IO::Socket::SSL did not > implement getline > properly when used in plain mode. This is fixed in IO::Socket::SSL > version 2.007. > > > Some Background: > Since version 1.994 IO::Socket::SSL can be used in SSL-mode (as > before) and > also in plain mode and can switch between these modes with start_SSL > and > stop_SSL. This was explicitly done to support modules like Net::FTP. > While it would be nice to make Net::FTP use IO::Socket::SSL only if > SSL > is actually used, the current design of Net::FTP would mean that > Net::FTP::dataconn might need to change the super class for each > connection, > depending on the required protection mode. > This would be a very bad hack and would definitely cause problem when > used > together with threads. >
Many thanks for looking at this, Steffen. I agree that dynamically changing superclass would be a bad idea, so I would propose simply having libnet require IO::Socket::SSL v2.007 or higher if it uses IO::Socket::SSL at all to avoid this problem. Zefram: Would that be acceptable to you, or would you still prefer finding some (other!) way to have it not use IO::Socket::SSL at all when no SSL is involved, if that's possible?
  Thu Nov 27 03:47:12 2014 shay [...] cpan.org - Correspondence added
On Wed Nov 26 18:06:03 2014, SHAY wrote: Show quoted text
> I agree that dynamically changing superclass would be a bad idea, so I > would propose simply having libnet require IO::Socket::SSL v2.007 or > higher if it uses IO::Socket::SSL at all to avoid this problem.
This is now done in the GitHub repo: https://github.com/steve-m-hay/perl-libnet/commit/4dadbf4eb332a886023b2451ab3ef08d9af31423
  Thu Nov 27 08:49:22 2014 zefram [...] fysh.org - Correspondence added
Subject: Re: [rt.cpan.org #100529] SSL capability breaks use of data connection
Date: Thu, 27 Nov 2014 13:49:07 +0000
To: Steve Hay via RT <bug-libnet [...] rt.cpan.org>
From: Zefram <zefram [...] fysh.org>
Steve Hay via RT wrote: Show quoted text
>I would propose simply having libnet require IO::Socket::SSL v2.007 or >higher if it uses IO::Socket::SSL at all to avoid this problem.
Sounds good to me. I have no great objection to IO::Socket::SSL being involved if it successfully passes plain traffic through. -zefram
  Thu Nov 27 09:14:53 2014 shay [...] cpan.org - Correspondence added
On Thu Nov 27 08:49:22 2014, zefram@fysh.org wrote: Show quoted text
> Steve Hay via RT wrote:
> >I would propose simply having libnet require IO::Socket::SSL v2.007 or > >higher if it uses IO::Socket::SSL at all to avoid this problem.
> > Sounds good to me. I have no great objection to IO::Socket::SSL being > involved if it successfully passes plain traffic through. >
Thanks. I will close this ticket then since the change is already in GitHub. It will appear in libnet version 3.03 in the not too distant future.
  Thu Nov 27 09:14:56 2014 shay [...] cpan.org - Status changed from 'open' to 'resolved'