Bug #101485 for IO-Socket-SSL: t/protocol_version.t update for openssl 1.0.2+

Hi there, Thanks for the very rapid release on the ALPN support! This ticket is somewhat-related, fixes an issue I get with openssl1.0.2 installed and this patch applied to Net::SSLeay: https://rt.cpan.org/Ticket/Display.html?id=101484 The t/protocol_versions.t test can fail due to ->connect immediately returning false and setting $OPENSSL_ERROR. The test itself was fine apart from this. Tested with that Net::SSLeay patch+openssl 1.0.2, and on clean upstream version with 1.0.1. cheers, Tom

diff --git a/t/protocol_version.t b/t/protocol_version.t index 399521d..046b8be 100644 --- a/t/protocol_version.t +++ b/t/protocol_version.t @@ -31,12 +31,25 @@ if ($pid == 0) { my $check = sub { my ($ver,$expect) = @_; $XDEBUG && diag("try $ver, expect $expect"); + # Hoping that this isn't necessary, but just in case we get a TCP + # failure rather than SSL failure, wiping the previous value here + # seems like it might be a useful precaution: + $SSL_ERROR = ''; + my $cl = IO::Socket::SSL->new( PeerAddr => $saddr, SSL_startHandshake => 0, SSL_verify_mode => 0, SSL_version => $ver, - ) or die "TCP connection failed to server: $!"; + ) or do { + # Might bail out before the starttls if we provide a known-unsupported + # version, for example SSLv3 on openssl 1.0.2+ + if($SSL_ERROR =~ /$ver not supported/) { + $XDEBUG && diag("SSL connect failed with $ver: $SSL_ERROR"); + return; + } + die "TCP connection failed to server: $! (SSL error: $SSL_ERROR)"; + }; $XDEBUG && diag("TCP connected"); print $cl "starttls $ver $expect\n"; <$cl>;