Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 118725
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: paul [...] city-fan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 2.038
Fixed in: (no value)

History Show all quoted text
  Sat Nov 12 04:02:11 2016 paul [...] city-fan.org - Ticket created
Subject: Tests failing with openssl 1.1.0c
After updating from 1.1.0b to 1.1.0c (in Fedora Rawhide), tests fail: make test PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/external/*.t # openssl version=0x1010002f # Net::SSLeay version=1.78 # parent IO::Socket::IP version=0.38 t/01loadmodule.t .................. ok t/acceptSSL-timeout.t ............. ok t/alpn.t .......................... ok t/auto_verify_hostname.t .......... ok t/cert_formats.t .................. ok t/cert_no_file.t .................. ok t/compatibility.t ................. ok t/connectSSL-timeout.t ............ Dubious, test returned 1 (wstat 256, 0x100) Failed 8/16 subtests # Failed test 'Server Getlines Check 1' # at t/core.t line 246. # got: '0' # expected: '6' # Failed test 'Server Getlines Check 2' # at t/core.t line 248. # got: undef # expected: '1.04 # ' # Failed test 'Server Getlines Check 3' # at t/core.t line 250. # got: undef # expected: '4 # ' # Failed test 'Server Getlines Check 4' # at t/core.t line 252. # got: undef # expected: 'y # ' Use of uninitialized value in join or string at t/core.t line 254. Use of uninitialized value in join or string at t/core.t line 254. Use of uninitialized value in join or string at t/core.t line 254. # Failed test 'Server Getlines Check 5' # at t/core.t line 254. # got: '' # expected: 'Test # Beaver # Beaver # ' t/core.t .......................... Failed 5/48 subtests t/dhe.t ........................... ok t/ecdhe.t ......................... ok # tcp connect to www.chksum.de:443 ok # fingerprint matches # tcp connect to www.spiegel.de:443 ok # fingerprint matches # tcp connect to revoked.grc.com:443 ok # fingerprint matches t/external/ocsp.t ................. ok t/external/usable_ca.t ............ skipped: no default CA store found t/io-socket-inet6.t ............... ok t/io-socket-ip.t .................. ok t/memleak_bad_handshake.t ......... ok t/mitm.t .......................... ok t/nonblock.t ...................... ok t/npn.t ........................... ok # -- test: newINET start_SSL stop_SSL start_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x160301 from client # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 connect_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 start_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # server accepted new client # wait for initial data from client # got 0x656e64 from client # client requested end of tests t/plain_upgrade_downgrade.t ....... ok # failed to accept SSLv3 # looks like OpenSSL was compiled without SSLv3 support t/protocol_version.t .............. ok t/public_suffix_lib_encode_idn.t .. ok t/public_suffix_lib_libidn.t ...... ok t/public_suffix_lib_uri.t ......... ok t/public_suffix_ssl.t ............. ok Use of uninitialized value $c[0] in string eq at t/readline.t line 34. Use of uninitialized value $b in string eq at t/readline.t line 48. Use of uninitialized value $b in concatenation (.) or string at t/readline.t line 48. Use of uninitialized value $c[0] in string eq at t/readline.t line 58. Use of uninitialized value $c[0] in string eq at t/readline.t line 71. Use of uninitialized value $c[0] in string eq at t/readline.t line 84. t/readline.t ...................... Failed 5/19 subtests t/session_ticket.t ................ skipped: no support for session ticket key callback t/sessions.t ...................... ok t/signal-readline.t ............... ok t/sni.t ........................... ok t/sni_verify.t .................... ok t/start-stopssl.t ................. ok t/startssl-failed.t ............... ok t/startssl.t ...................... ok t/sysread_write.t ................. ok t/verify_fingerprint.t ............ ok t/verify_hostname.t ............... ok t/verify_hostname_standalone.t .... ok Test Summary Report ------------------- t/connectSSL-timeout.t (Wstat: 256 Tests: 10 Failed: 2) Failed tests: 9-10 Non-zero exit status: 1 Parse errors: Bad plan. You planned 16 tests but ran 10. t/core.t (Wstat: 0 Tests: 48 Failed: 5) Failed tests: 22-26 t/readline.t (Wstat: 0 Tests: 19 Failed: 5) Failed tests: 4, 7, 10, 13, 16 Files=38, Tests=765, 36 wallclock secs ( 0.11 usr 0.01 sys + 3.20 cusr 0.36 csys = 3.68 CPU) Result: FAIL Failed 3/38 test programs. 12/765 subtests failed. make: *** [Makefile:791: test_dynamic] Error 255 Tests passed immediately before updating the openssl packages (and only the openssl packages).
  Sun Nov 13 15:50:36 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Am Sa 12. Nov 2016, 04:02:11, paul@city-fan.org schrieb: Show quoted text
> After updating from 1.1.0b to 1.1.0c (in Fedora Rawhide), tests fail:
I think this is a bug in OpenSSL, introduced in https://github.com/openssl/openssl/commit/4880672a9b41a09a0984b55e219f02a2de7ab75e. This commit changes the documented API on SSL_read so that it now return -1 on EOF with a claimed syscall error instead of 0 as it did before and as is documented. When reverting this commit everything works again. See also https://github.com/openssl/openssl/issues/1903. This means for now I hope that OpenSSL fixes the issue so that the behavior matches again the documented API.
  Sun Nov 13 15:50:37 2016 The RT System itself - Status changed from 'new' to 'open'
  Sun Nov 13 15:50:47 2016 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'stalled'
  Thu Nov 17 08:35:00 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Show quoted text
> See also https://github.com/openssl/openssl/issues/1903.
It looks like OpenSSL reverts the behavior because it not only broke Perl but also Python and MIT KRB5. I will therefore reject this bug since the fault is not in IO::Socket::SSL and original problem gets fixed somewhere else.
  Thu Nov 17 08:35:01 2016 The RT System itself - Status changed from 'stalled' to 'open'
  Thu Nov 17 08:35:01 2016 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'
  Sun Nov 20 16:03:57 2016 Steffen_Ullrich [...] genua.de - Correspondence added
Am Do 17. Nov 2016, 08:35:00, SULLR schrieb: Show quoted text
>
> > See also https://github.com/openssl/openssl/issues/1903.
> > It looks like OpenSSL reverts the behavior because it not only broke > Perl but also Python and MIT KRB5. I will therefore reject this bug > since the fault is not in IO::Socket::SSL and original problem gets > fixed somewhere else.
Since it looks like that the changed API will at least remain with 1.1.1 (unreleased branch) I've adapted to the new behavior of SSL_read and IO::Socket::SSL 2.039 should work transparently around the API difference between old and new OpenSSL versions.
  Sun Nov 20 16:04:09 2016 Steffen_Ullrich [...] genua.de - Status changed from 'rejected' to 'resolved'