Skip Menu |

This queue is for tickets about the Crypt-SSLeay CPAN distribution.

Report information
The Basics
Id: 104472
Status: open
Priority: 0/
Queue: Crypt-SSLeay
People
Owner: nanis [...] runu.moc.invalid
Requestors: john [...] calva.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sat May 16 10:29:05 2015 john [...] calva.com - Ticket created
Subject: Crypt::SSLeay::Conn::write doesn't handle strings with SvUTF8 on
Date: Sat, 16 May 2015 16:28:51 +0200
To: bug-Crypt-SSLeay [...] rt.cpan.org
From: John Hughes <john [...] calva.com>
(Ok, I see that this is pretty much deprecated now, but here's what I found). I had a horrible problem with LWP (5.836) that I eventually tracked down to a bug in Crypt::SSLeay: If a string with the SvUTF8 flag set (but containing no characters > 255) is passed to Crypt::SSLeay::Conn::write then rubbish is written. The attached patch fixes it to do the right thing in this case. If you want the full gory details of how I found it and what the wierd effects were check out Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745823

Message body is not shown because sender requested not to inline it.

  Mon Apr 03 16:59:24 2017 nanis [...] runu.moc.invalid - Correspondence added
Thank you very much for the report and the patch. I hope to include it with the next release. However, may I suggest that an upgrade to LWP and LWP::Protocol::https might be in order? After all, if you install an updated version of this module, it will pull those in. Along with those, you will also get IO::Socket::SSL and Net::SSLeay which are much more secure and feature-complete. LWP then use those modules by default. Crypt-SSLeay is only kept in an installable state for people who are stuck in old legacy environments. As I point out in the documentation: <https://metacpan.org/pod/Crypt::SSLeay#DO-YOU-NEED-Crypt::SSLeay%3F> you probably don't need Crypt::SSLeay. HTH, -- Sinan
  Mon Apr 03 16:59:24 2017 The RT System itself - Status changed from 'new' to 'open'
  Mon Apr 03 16:59:40 2017 nanis [...] runu.moc.invalid - Taken
  Tue Apr 04 04:32:06 2017 john [...] calva.com - Correspondence added
Subject: Re: [rt.cpan.org #104472] Crypt::SSLeay::Conn::write doesn't handle strings with SvUTF8 on
Date: Tue, 4 Apr 2017 10:22:59 +0200
To: bug-Crypt-SSLeay [...] rt.cpan.org
From: John Hughes <john [...] calva.com>
On 03/04/17 22:59, A. Sinan Unur via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=104472 > > > Thank you very much for the report and the patch.
You're welcome. Show quoted text
> > I hope to include it with the next release. However, may I suggest that an upgrade to LWP and LWP::Protocol::https might be in order? After all, if you install an updated version of this module, it will pull those in. Along with those, you will also get IO::Socket::SSL and Net::SSLeay which are much more secure and feature-complete. LWP then use those modules by default.
On my todo list. Show quoted text
> > Crypt-SSLeay is only kept in an installable state for people who are stuck in old legacy environments.
That's me for the moment :-(