Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 116118
Status: resolved
Priority: 0/
Queue: Net-SSLeay
People
Owner: Nobody in particular
Requestors: Steffen_Ullrich [...] genua.de
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Jul 13 12:39:27 2016 Steffen_Ullrich [...] genua.de - Ticket created
Subject: Support for cross context session ticket sharing using SSL_CTX_set_tlsext_ticket_key_cb
The attached patch includes support for cross context (and cross process) session sharing using the stateless TLS session tickets. It uses the SSL_CTX_set_tlsext_ticket_key_cb function to manage the encryption and decryption of the tickets but provides a more simplified interface. To not conflict with the OpenSSL name in case the more complex interface will be implemented ever the current simplified interface is called slightly different: CTX_set_tlsext_ticket_*get*key_cb. The patch includes the code, test and documentation. Regards, Steffen
Subject: SSLeay.patch

Message body is not shown because it is too large.

  Wed Jul 13 20:31:26 2016 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #116118] Support for cross context session ticket sharing using SSL_CTX_set_tlsext_ticket_key_cb
Date: Thu, 14 Jul 2016 10:31:11 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hi Steffen, thanks. Happy to consider this. I notice that SSL_CTX_set_tlsext_ticket_getkey_cb() is declared as returning a long but does not actually return anything. Cheers. On Wednesday, July 13, 2016 12:39:29 PM you wrote: Show quoted text
> Wed Jul 13 12:39:27 2016: Request 116118 was acted upon. > Transaction: Ticket created by SULLR > Queue: Net-SSLeay > Subject: Support for cross context session ticket sharing using > SSL_CTX_set_tlsext_ticket_key_cb > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Steffen_Ullrich@genua.de > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=116118 > > > > The attached patch includes support for cross context (and cross process) > session sharing using the stateless TLS session tickets. It uses the > SSL_CTX_set_tlsext_ticket_key_cb function to manage the encryption and > decryption of the tickets but provides a more simplified interface. > > To not conflict with the OpenSSL name in case the more complex interface > will be implemented ever the current simplified interface is called > slightly different: CTX_set_tlsext_ticket_*get*key_cb. > > The patch includes the code, test and documentation. > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Wed Jul 13 20:31:27 2016 The RT System itself - Status changed from 'new' to 'open'
  Thu Jul 14 05:14:20 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Show quoted text
> I notice that SSL_CTX_set_tlsext_ticket_getkey_cb() is declared as > returning a > long but does not actually return anything.
Thanks for finding this. This should be void too. The attached new patch fixes this but apart from that there are no changes to the previous patch. Support for this is also incorporated into IO::Socket::SSL now (https://github.com/noxxi/p5-io-socket-ssl/commit/7e5d3647b2) and I've successfully used it in some internal project to enable session reuse over multiple worker processes. Regards, Steffen
Subject: SSLeay.patch

Message body is not shown because it is too large.

  Thu Jul 14 07:21:02 2016 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #116118] Support for cross context session ticket sharing using SSL_CTX_set_tlsext_ticket_key_cb
Date: Thu, 14 Jul 2016 21:20:47 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hi Steffen, thanks for the update. Compiles OK now. Alas I find that with openssl-1.1.0 I get a segfault in t/local/64_ticket_sharing.t and with /openssl-1.0.0 I get: t/local/64_ticket_sharing.t ............ 1/15 error:00000001:lib(0):func(0):reason(1) at t/local/64_ticket_sharing.t line 228. # Looks like you planned 15 tests but ran 8. # Looks like your test exited with 255 just after 8. t/local/64_ticket_sharing.t ............ Dubious, test returned 255 (wstat 65280, 0xff00) and with openssl-0.9.8i+extensions I get # Failed test 'handshake with reuse' # at t/local/64_ticket_sharing.t line 40. # got: 'full' # expected: 'reuse' # Failed test 'handshake again with reuse' # at t/local/64_ticket_sharing.t line 41. # got: 'full' # expected: 'reuse' # Failed test 'reuse session with server1' # at t/local/64_ticket_sharing.t line 65. # got: 'full' # expected: 'reuse' # Failed test 'reuse session with server2' # at t/local/64_ticket_sharing.t line 66. # got: 'full' # expected: 'reuse' # Failed test 'reuse session with server2' # at t/local/64_ticket_sharing.t line 90. # got: 'full' # expected: 'reuse' # Failed test 'callback was called 2 times' # at t/local/64_ticket_sharing.t line 91. # got: '1' # expected: '2' # Failed test 'first with the old key name' # at t/local/64_ticket_sharing.t line 92. # got: undef # expected: 'secret' Too late for me to investigate further tonight. More tomorrow. Cheers. On Thursday, July 14, 2016 05:14:22 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=116118 > >
> > I notice that SSL_CTX_set_tlsext_ticket_getkey_cb() is declared as > > returning a > > long but does not actually return anything.
> > Thanks for finding this. This should be void too. > The attached new patch fixes this but apart from that there are no changes > to the previous patch. Support for this is also incorporated into > IO::Socket::SSL now > (https://github.com/noxxi/p5-io-socket-ssl/commit/7e5d3647b2) and I've > successfully used it in some internal project to enable session reuse over > multiple worker processes. > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Thu Jul 14 13:01:13 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Am Do 14. Jul 2016, 07:21:02, mikem@airspayce.com schrieb: Show quoted text
> Hi Steffen, > > thanks for the update. Compiles OK now. > > Alas I find that with openssl-1.1.0 I get a segfault in > t/local/64_ticket_sharing.t
This looks for me like a bug in openssl-1.1.0 which corrupts some memory when SSL_CTX_set_mode is used with SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|SSL_MODE_ENABLE_PARTIAL_WRITE at least when BIO are used. This does not seem to affect IO::Socket::SSL which does not make use BIO but it might affect AnyEvent::TLS. Anyway, this SSL_CTX_set_mode is not needed for this test so I removed this line from the test. Show quoted text
> and with openssl-0.9.8i+extensions > I get > > # Failed test 'handshake with reuse' > # at t/local/64_ticket_sharing.t line 40. > # got: 'full' > # expected: 'reuse'
This happened because 0.9.8 by default uses an SSL 2.0 record and thus does not support TLS extensions. Fixed by explicitly using a TLS 1.0 context. Show quoted text
> and with /openssl-1.0.0 I get: > > t/local/64_ticket_sharing.t ............ 1/15 > error:00000001:lib(0):func(0):reason(1) at t/local/64_ticket_sharing.t line
OpenSSL 1.0.0 (tried 1.0.0t) is really weird. Looks like SSL_do_handshake and the handshake on the wire are kind of broken if session ticket key callback indicates that a renew of the ticket should be done. In this case SSL_do_handshake will indicate that it still requires more data, the key callback will be called multiple times to generate a new ticket and on the wire one can see several unexpected Encrypted Handshake Message and also an unexpected repeated Change Cipher Spec message. I handle this behavior as special case in the test now. Attached is the new patch, with the reworked test. Regards, Steffen
Subject: SSLeay.patch

Message body is not shown because it is too large.

  Thu Jul 14 15:15:10 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Am Do 14. Jul 2016, 13:01:13, SULLR schrieb: Show quoted text
> ... > This looks for me like a bug in openssl-1.1.0
Fortunately this is not a bug in OpenSSL. I just used SSL_CTX_set_mode instead of SSL_set_mode on the SSL object and the code only crashed with 1.1.0 although it was invalid was all the others too. No further changes to the patch needed since I've remove the use of SSL_CTX_set_mode.
  Fri Jul 15 01:41:29 2016 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #116118] Support for cross context session ticket sharing using SSL_CTX_set_tlsext_ticket_key_cb
Date: Fri, 15 Jul 2016 15:41:12 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hi Steffen, Thanks thats much better, but: openssl-1.0.0d and openssl-1.0.0, where I get: mikem@zulu:/usr/local/projects/net-ssleay/trunk$ perl -I blib/lib -I blib/arch/ t/local/64_ticket_sharing.t 1..15 ok 1 - initial handshake is full ok 2 - another full handshake ok 3 - handshake with reuse ok 4 - handshake again with reuse ok 5 - handshake with server2 is full ok 6 - initial full handshake with server1 ok 7 - reuse session with server1 ok 8 - reuse session with server2 error:00000001:lib(0):func(0):reason(1) at t/local/64_ticket_sharing.t line 262. # Looks like you planned 15 tests but ran 8. # Looks like your test exited with 255 just after 8. all else is good, including openssl-1.1.0, openssl-0.9.8i+extensions and libressl-2.4.1, and many other 1.0.x Cheers. On Thursday, July 14, 2016 01:01:14 PM Steffen Ullrich via RT wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=116118 > > > Am Do 14. Jul 2016, 07:21:02, mikem@airspayce.com schrieb:
> > Hi Steffen, > > > > thanks for the update. Compiles OK now. > > > > Alas I find that with openssl-1.1.0 I get a segfault in > > t/local/64_ticket_sharing.t
> > This looks for me like a bug in openssl-1.1.0 which corrupts some memory > when SSL_CTX_set_mode is used with > SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|SSL_MODE_ENABLE_PARTIAL_WRITE at least > when BIO are used. This does not seem to affect IO::Socket::SSL which does > not make use BIO but it might affect AnyEvent::TLS. Anyway, this > SSL_CTX_set_mode is not needed for this test so I removed this line from > the test.
> > and with openssl-0.9.8i+extensions > > I get > > > > # Failed test 'handshake with reuse' > > # at t/local/64_ticket_sharing.t line 40. > > # got: 'full' > > # expected: 'reuse'
> > This happened because 0.9.8 by default uses an SSL 2.0 record and thus does > not support TLS extensions. Fixed by explicitly using a TLS 1.0 context. >
> > and with /openssl-1.0.0 I get: > > > > t/local/64_ticket_sharing.t ............ 1/15 > > error:00000001:lib(0):func(0):reason(1) at t/local/64_ticket_sharing.t > > line
> > OpenSSL 1.0.0 (tried 1.0.0t) is really weird. Looks like SSL_do_handshake > and the handshake on the wire are kind of broken if session ticket key > callback indicates that a renew of the ticket should be done. In this case > SSL_do_handshake will indicate that it still requires more data, the key > callback will be called multiple times to generate a new ticket and on the > wire one can see several unexpected Encrypted Handshake Message and also an > unexpected repeated Change Cipher Spec message. I handle this behavior as > special case in the test now. > > Attached is the new patch, with the reworked test. > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Fri Jul 15 02:19:33 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Am Fr 15. Jul 2016, 01:41:29, mikem@airspayce.com schrieb: Show quoted text
> ... > ok 8 - reuse session with server2 > error:00000001:lib(0):func(0):reason(1) at t/local/64_ticket_sharing.t
That's not funny anymore. It looks like that while support for SSL_CTX_set_tlsext_ticket_key_cb was added with 0.9.8 already it was unstable...broken in various ways in the 1.0.0. versions. In the specific case of 1.0.0d the client could not handle the session ticket created by the server which caused this error. Therefore I've enabled the feature now only for 1.0.1 and better. Regards, Steffen
Subject: SSLeay.patch

Message body is not shown because it is too large.

  Fri Jul 15 02:36:20 2016 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #116118] Support for cross context session ticket sharing using SSL_CTX_set_tlsext_ticket_key_cb
Date: Fri, 15 Jul 2016 16:35:52 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hi Steffen, thanks thats all good now. Pushed to SVN version 470 Cheers. On Friday, July 15, 2016 02:19:34 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=116118 > > > Am Fr 15. Jul 2016, 01:41:29, mikem@airspayce.com schrieb:
> > ... > > ok 8 - reuse session with server2 > > error:00000001:lib(0):func(0):reason(1) at t/local/64_ticket_sharing.t
> > That's not funny anymore. It looks like that while support for > SSL_CTX_set_tlsext_ticket_key_cb was added with 0.9.8 already it was > unstable...broken in various ways in the 1.0.0. versions. In the specific > case of 1.0.0d the client could not handle the session ticket created by > the server which caused this error. Therefore I've enabled the feature now > only for 1.0.1 and better. > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Tue Aug 23 07:34:58 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Am Fr 15. Jul 2016, 02:36:20, mikem@airspayce.com schrieb: Show quoted text
> Hi Steffen, > > thanks thats all good now. >
Hi Mike, while writing a test for IO::Socket::SSL I've noticed some very weird behavior, like unexpected changes in the control flow of the Perl program which seemed to be triggered by the ticket key callback. Turns out that these effects were caused by missing cleanups in the XS code, i.e. PUTBACK, FREETMPS and LEAVE :( The attached patch resolves this issue. I've tested it with openssl versions 1.0.2g, 1.0.2c, 1.1.0 and 1.0.1. I don't expect any problems with other versions since the code is basically doing the same as before, only with proper cleanups at the right time.
Subject: SSLeay.patch
Index: SSLeay.xs =================================================================== --- SSLeay.xs (revision 478) +++ SSLeay.xs (working copy) @@ -1256,12 +1256,11 @@ ){ dSP; - int count; + int count,usable_rv_count; SV *cb_func, *cb_data; - SV *sv_name, *sv_key; STRLEN svlen; - unsigned char *key; /* key[0..15] aes, key[16..32] hmac */ - unsigned char *name; + unsigned char key[32]; /* key[0..15] aes, key[16..32] hmac */ + unsigned char name[16]; SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); PR1("STARTED: tlsext_ticket_key_cb_invoke\n"); @@ -1274,6 +1273,7 @@ ENTER; SAVETMPS; PUSHMARK(SP); + XPUSHs(sv_2mortal(newSVsv(cb_data))); if (!enc) { @@ -1283,29 +1283,50 @@ /* call as getkey(data) -> (key,current_name) */ } + PUTBACK; - PUTBACK; count = call_sv( cb_func, G_ARRAY ); SPAGAIN; - if (count>0) sv_name = POPs; - if (count>1) sv_key = POPs; - if (!enc && ( !count || !SvOK(sv_key) )) { + if (count>2) + croak("too much return values - only (name,key) should be returned"); + + usable_rv_count = 0; + if (count>0) { + SV *sname = POPs; + if (SvOK(sname)) { + unsigned char *pname = SvPV(sname,svlen); + if (svlen > 16) + croak("name must be at at most 16 bytes, got %d",svlen); + if (svlen == 0) + croak("name should not be empty"); + memset(name, 0, 16); + memcpy(name,pname,svlen); + usable_rv_count++; + } + } + if (count>1) { + SV *skey = POPs; + if (SvOK(skey)) { + unsigned char *pkey = SvPV(skey,svlen); + if (svlen != 32) + croak("key must be exactly 32 random bytes, got %d",svlen); + memcpy(key,pkey,32); + usable_rv_count++; + } + } + + PUTBACK; + FREETMPS; + LEAVE; + + if (!enc && usable_rv_count == 0) { TRACE(2,"no key returned for ticket"); return 0; } - - if (count != 2) + if (usable_rv_count != 2) croak("key functions needs to return (key,name)"); - key = SvPV(sv_key,svlen); - if (svlen < 32) - croak("key must be at least 32 random bytes, got %d",svlen); - name = SvPV(sv_name,svlen); - if (svlen != 16) - croak("name should be exactly 16 characters, got %d",svlen); - if (svlen == 0) - croak("name should not be empty"); if (enc) { /* encrypt ticket information with given key */ @@ -1312,18 +1333,14 @@ RAND_bytes(iv, 16); EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); HMAC_Init_ex(hctx,key+16,16,EVP_sha256(),NULL); - memset(key_name, 0, 16); - memcpy(key_name,name,svlen); + memcpy(key_name,name,16); return 1; + } else { - unsigned char new_name[16]; - memset(new_name, 0, sizeof(new_name)); - memcpy(new_name,name,svlen); - HMAC_Init_ex(hctx,key+16,16,EVP_sha256(),NULL); EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); - if (memcmp(new_name,key_name,16) == 0) + if (memcmp(name,key_name,16) == 0) return 1; /* current key was used */ else return 2; /* different key was used, need to be renewed */
  Tue Aug 23 09:45:33 2016 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #116118] Support for cross context session ticket sharing using SSL_CTX_set_tlsext_ticket_key_cb
Date: Tue, 23 Aug 2016 15:45:17 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Thanks Steffens I'm travelling at the moment and won't get a chance to patch this until October Cheers Sent from my iPhone Show quoted text
> On 23 Aug 2016, at 1:34 PM, Steffen Ullrich via RT <bug-Net-SSLeay@rt.cpan.org> wrote: > > Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=116118 > > > Am Fr 15. Jul 2016, 02:36:20, mikem@airspayce.com schrieb:
>> Hi Steffen, >> >> thanks thats all good now.
> > Hi Mike, > while writing a test for IO::Socket::SSL I've noticed some very weird behavior, like unexpected changes in the control flow of the Perl program which seemed to be triggered by the ticket key callback. Turns out that these effects were caused by missing cleanups in the XS code, i.e. PUTBACK, FREETMPS and LEAVE :( > > The attached patch resolves this issue. I've tested it with openssl versions 1.0.2g, 1.0.2c, 1.1.0 and 1.0.1. I don't expect any problems with other versions since the code is basically doing the same as before, only with proper cleanups at the right time. > Index: SSLeay.xs =================================================================== --- SSLeay.xs (revision 478) +++ SSLeay.xs (working copy) @@ -1256,12 +1256,11 @@ ){ dSP; - int count; + int count,usable_rv_count; SV *cb_func, *cb_data; - SV *sv_name, *sv_key; STRLEN svlen; - unsigned char *key; /* key[0..15] aes, key[16..32] hmac */ - unsigned char *name; + unsigned char key[32]; /* key[0..15] aes, key[16..32] hmac */ + unsigned char name[16]; SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); PR1("STARTED: tlsext_ticket_key_cb_invoke\n"); @@ -1274,6 +1273,7 @@ ENTER; SAVETMPS; PUSHMARK(SP); + XPUSHs(sv_2mortal(newSVsv(cb_data))); if (!enc) { @@ -1283,29 +1283,50 @@ /* call as getkey(data) -> (key,current_name) */ } + PUTBACK; - PUTBACK; count = call_sv( cb_func, G_ARRAY ); SPAGAIN; - if (count>0) sv_name = POPs; - if (count>1) sv_key = POPs; - if (!enc && ( !count || !SvOK(sv_key) )) { + if (count>2) + croak("too much return values - only (name,key) should be returned"); + + usable_rv_count = 0; + if (count>0) { + SV *sname = POPs; + if (SvOK(sname)) { + unsigned char *pname = SvPV(sname,svlen); + if (svlen > 16) + croak("name must be at at most 16 bytes, got %d",svlen); + if (svlen == 0) + croak("name should not be empty"); + memset(name, 0, 16); + memcpy(name,pname,svlen); + usable_rv_count++; + } + } + if (count>1) { + SV *skey = POPs; + if (SvOK(skey)) { + unsigned char *pkey = SvPV(skey,svlen); + if (svlen != 32) + croak("key must be exactly 32 random bytes, got %d",svlen); + memcpy(key,pkey,32); + usable_rv_count++; + } + } + + PUTBACK; + FREETMPS; + LEAVE; + + if (!enc && usable_rv_count == 0) { TRACE(2,"no key returned for ticket"); return 0; } - - if (count != 2) + if (usable_rv_count != 2) croak("key functions needs to return (key,name)"); - key = SvPV(sv_key,svlen); - if (svlen < 32) - croak("key must be at least 32 random bytes, got %d",svlen); - name = SvPV(sv_name,svlen); - if (svlen != 16) - croak("name should be exactly 16 characters, got %d",svlen); - if (svlen == 0) - croak("name should not be empty"); if (enc) { /* encrypt ticket information with given key */ @@ -1312,18 +1333,14 @@ RAND_bytes(iv, 16); EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); HMAC_Init_ex(hctx,key+16,16,EVP_sha256(),NULL); - memset(key_name, 0, 16); - memcpy(key_name,name,svlen); + memcpy(key_name,name,16); return 1; + } else { - unsigned char new_name[16]; - memset(new_name, 0, sizeof(new_name)); - memcpy(new_name,name,svlen); - HMAC_Init_ex(hctx,key+16,16,EVP_sha256(),NULL); EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); - if (memcmp(new_name,key_name,16) == 0) + if (memcmp(name,key_name,16) == 0) return 1; /* current key was used */ else return 2; /* different key was used, need to be renewed */
  Tue Jan 03 16:35:25 2017 Steffen_Ullrich [...] genua.de - Correspondence added
Am Di 23. Aug 2016, 09:45:33, mikem@airspayce.com schrieb: Show quoted text
> Thanks Steffens > I'm travelling at the moment and won't get a chance to patch this > until October
Hi Mike, unfortunately Net::SSLeay 1.79 was released without my latest patch which means that the feature is still not official usable from IO::Socket::SSL and the related tests will fail. I'm using this patch for several month in production without problems now. It would be nice if you could make a release in the next time which includes this patch. Regards, Steffen
  Wed Jan 04 16:41:10 2017 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #116118] Support for cross context session ticket sharing using SSL_CTX_set_tlsext_ticket_key_cb
Date: Thu, 05 Jan 2017 07:40:54 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hi Steffen, Sorry, I dont know what happened there. Your patch is now in the new version 1.80. Cheers. On Tuesday, January 03, 2017 04:35:27 PM Steffen Ullrich via RT wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=116118 > > > Am Di 23. Aug 2016, 09:45:33, mikem@airspayce.com schrieb:
> > Thanks Steffens > > > > I'm travelling at the moment and won't get a chance to patch this > > > > until October
> > Hi Mike, > unfortunately Net::SSLeay 1.79 was released without my latest patch which > means that the feature is still not official usable from IO::Socket::SSL > and the related tests will fail. I'm using this patch for several month in > production without problems now. It would be nice if you could make a > release in the next time which includes this patch. > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Thu Jan 05 14:09:52 2017 Steffen_Ullrich [...] genua.de - Correspondence added
Am Mi 04. Jan 2017, 16:41:10, mikem@airspayce.com schrieb: Show quoted text
> Hi Steffen, > > Sorry, I dont know what happened there. Your patch is now in the new > version > 1.80. > > Cheers.
Thanks for the quick response. Tests now run successfully and I've released a new version of IO::Socket::SL which enables this feature when used with Net::SSLeay>= 1.80. Regards, Steffen
  Thu Jan 05 14:09:58 2017 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'