Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 123755
Status: resolved
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: alexander.bluhm [...] gmx.net
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 1.82
Fixed in: 1.83



Subject: no NPN in LibreSSL, again
LibreSSL has removed support for NPN and the first idea was to set OPENSSL_NO_NEXTPROTONEG to make this information available. Unfortunately OpenSSL has never set this define and all kind of programs break in different ways when compiled with this. So LibreSSL had to remove the OPENSSL_NO_NEXTPROTONEG define again. This gets us back to the situation that Net::SSLeay is exporting the NPN symbols although they do not work. Then IO::Socket::SSL is confused. I see two possible ways to fix this: 1. Replace the non-working !defined(OPENSSL_NO_NEXTPROTONEG) with a check for TLSEXT_TYPE_next_proto_neg. According to the LibreSSL Developers this should also work with all OpenSSL versions. 2. Add a !defined(LIBRESSL_VERSION_NUMBER) to the existing check to explicitly disable NPN for LibreSSL. I have attached patches for both versions. Choose yourself what matches the style of your module better.
Subject: patch-SSLeay_xs-NO_NPN
Download patch-SSLeay_xs-NO_NPN
application/octet-stream 903b

Message body not shown because it is not plain text.

Subject: patch-SSLeay_xs-TYPE_NPN
Download patch-SSLeay_xs-TYPE_NPN
application/octet-stream 751b

Message body not shown because it is not plain text.

Subject: Re: [rt.cpan.org #123755] no NPN in LibreSSL, again
Date: Mon, 27 Nov 2017 17:19:35 +1100
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Thanks. I will look into this soon Cheers Sent from my iPhone Show quoted text
> On 27 Nov 2017, at 12:36 pm, Alexander Bluhm via RT <bug-Net-SSLeay@rt.cpan.org> wrote: > > Sun Nov 26 20:36:15 2017: Request 123755 was acted upon. > Transaction: Ticket created by bluhm > Queue: Net-SSLeay > Subject: no NPN in LibreSSL, again > Broken in: 1.82 > Severity: (no value) > Owner: Nobody > Requestors: alexander.bluhm@gmx.net > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=123755 > > > > LibreSSL has removed support for NPN and the first idea was to set > OPENSSL_NO_NEXTPROTONEG to make this information available. > > Unfortunately OpenSSL has never set this define and all kind of > programs break in different ways when compiled with this. So LibreSSL > had to remove the OPENSSL_NO_NEXTPROTONEG define again. > > This gets us back to the situation that Net::SSLeay is exporting the > NPN symbols although they do not work. Then IO::Socket::SSL is confused. > > I see two possible ways to fix this: > 1. Replace the non-working !defined(OPENSSL_NO_NEXTPROTONEG) with a > check for TLSEXT_TYPE_next_proto_neg. According to the LibreSSL > Developers this should also work with all OpenSSL versions. > 2. Add a !defined(LIBRESSL_VERSION_NUMBER) to the existing check to > explicitly disable NPN for LibreSSL. > > I have attached patches for both versions. Choose yourself what matches > the style of your module better. > <patch-SSLeay_xs-NO_NPN> > <patch-SSLeay_xs-TYPE_NPN>
Subject: Re: [rt.cpan.org #123755] no NPN in LibreSSL, again
Date: Sat, 02 Dec 2017 17:14:14 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hello again. Thanks, we have adopted your patch patch-SSLeay_xs-NO_NPN for the next release. It is now in SVN 505 Cheers. On Monday, 27 November 2017 11:36:22 AM AEST you wrote: Show quoted text
> Sun Nov 26 20:36:15 2017: Request 123755 was acted upon. > Transaction: Ticket created by bluhm > Queue: Net-SSLeay > Subject: no NPN in LibreSSL, again > Broken in: 1.82 > Severity: (no value) > Owner: Nobody > Requestors: alexander.bluhm@gmx.net > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=123755 > > > > LibreSSL has removed support for NPN and the first idea was to set > OPENSSL_NO_NEXTPROTONEG to make this information available. > > Unfortunately OpenSSL has never set this define and all kind of > programs break in different ways when compiled with this. So LibreSSL > had to remove the OPENSSL_NO_NEXTPROTONEG define again. > > This gets us back to the situation that Net::SSLeay is exporting the > NPN symbols although they do not work. Then IO::Socket::SSL is confused. > > I see two possible ways to fix this: > 1. Replace the non-working !defined(OPENSSL_NO_NEXTPROTONEG) with a > check for TLSEXT_TYPE_next_proto_neg. According to the LibreSSL > Developers this should also work with all OpenSSL versions. > 2. Add a !defined(LIBRESSL_VERSION_NUMBER) to the existing check to > explicitly disable NPN for LibreSSL. > > I have attached patches for both versions. Choose yourself what matches > the style of your module better.
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474