Bug #118536 for POE-Filter-SSL: libpoe-filter-ssl-perl: FTBFS with openssl 1.1.0

Fri Oct 28 18:18:56 2016 gregoa [...] cpan.org - Ticket created

From:	gregoa [...] cpan.org
Subject:	libpoe-filter-ssl-perl: FTBFS with openssl 1.1.0

We have the following bug reported to the Debian package of POE-Filter-SSL (https://bugs.debian.org/828408): It doesn't seem to be a bug in the packaging, so you may want to take a look. Thanks! ------8<-----------8<-----------8<-----------8<-----------8<----- Source: libpoe-filter-ssl-perl Version: 0.30-1 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/libpoe-filter-ssl-perl_0.30-1_amd64-20160529-1444 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt ------8<-----------8<-----------8<-----------8<-----------8<----- Thanks for considering, gregor herrmann, Debian Perl Group

Wed Dec 14 16:29:37 2016 gregoa [...] cpan.org - Correspondence added

Here's the patch we're currently applying in Debian. Cheers, gregor

Subject:

add-openssl-1.1.0-support.patch

From d2dd356f8b1048abf754ca7d793b73d1e8255b1f Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed, 14 Dec 2016 22:03:38 +0100 Subject: [PATCH] libpoe-filter-ssl-perl: add openssl 1.1.0 support Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Bug: https://rt.cpan.org/Public/Bug/Display.html?id=118536 Bug-Debian: https://bugs.debian.org/828408 --- SSL.xs | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/SSL.xs b/SSL.xs index f7ee51ca389d..39aa0739ffe8 100755 --- a/SSL.xs +++ b/SSL.xs @@ -6,6 +6,13 @@ #include <openssl/ssl.h> #include <openssl/bio.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000 +static const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +{ + return x->serialNumber; +} +#endif + MODULE = POE::Filter::SSL PACKAGE = POE::Filter::SSL ASN1_INTEGER * @@ -21,6 +28,7 @@ verify_serial_against_crl_file(crlfile, serial) CODE: X509_CRL *crl=NULL; X509_REVOKED *revoked; + STACK_OF(X509_REVOKED) *revokes; BIO *in=NULL; int n,i,retval = 0; STRLEN len, lenser; @@ -51,14 +59,18 @@ verify_serial_against_crl_file(crlfile, serial) goto end; } - n = sk_num(X509_CRL_get_REVOKED(crl)); + revokes = X509_CRL_get_REVOKED(crl); + n = sk_X509_REVOKED_num(revokes); if (n > 0) { for (i = 0; i < n; i++) { - revoked = (X509_REVOKED *)sk_value(X509_CRL_get_REVOKED(crl), i); - if ( (revoked->serialNumber->length > 0) && - (revoked->serialNumber->length == lenser) && - (strncmp(revoked->serialNumber->data, serial, lenser) == 0)) { - sv_setpvn( ST(0), revoked->serialNumber->data, revoked->serialNumber->length); + const ASN1_INTEGER *asn_ser; + + revoked = sk_X509_REVOKED_value(revokes, i); + asn_ser = X509_REVOKED_get0_serialNumber(revoked); + if ( (asn_ser->length > 0) && + (asn_ser->length == lenser) && + (strncmp(asn_ser->data, serial, lenser) == 0)) { + sv_setpvn( ST(0), asn_ser->data, asn_ser->length); goto end; } } -- 2.11.0

Fri Jun 30 12:27:47 2017 PRIVI [...] cpan.org - Correspondence added

Fixed in 0.31. Show quoted text

> Here's the patch we're currently applying in Debian. > > Cheers, > gregor

Fri Jun 30 12:27:47 2017 The RT System itself - Status changed from 'new' to 'open'

Fri Jun 30 12:27:47 2017 PRIVI [...] cpan.org - Status changed from 'open' to 'resolved'

Fri Jun 30 12:27:57 2017 PRIVI [...] cpan.org - Taken