Skip Menu |

This queue is for tickets about the Net-SIP CPAN distribution.

Report information
The Basics
Id: 127598
Status: resolved
Priority: 0/
Queue: Net-SIP
People
Owner: Nobody in particular
Requestors: SREZIC [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.816
Fixed in: (no value)

History Show all quoted text
  Wed Nov 07 16:31:03 2018 SREZIC [...] cpan.org - Ticket created
Subject: SSL-related failures on debian/buster
On a debian/buster (debian testing) system I see SSL-related failures: ... failed to create SSL context: Failed to load certificate from file (no PEM, DER or PKCS12) error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error at /root/.cpan/build/Net-SIP-0.816-0/blib/lib/Net/SIP/SocketPool.pm line 108. # Failed test 'UAS created # ' # at t/02_listen_and_invite.t line 73. # Failed test 'died' # at t/02_listen_and_invite.t line 56. ... (more of the same) ... Originally I saw this failures on a VM, but it also can be reproduced in a docker image (so maybe you can do it, too). Below a Dockerfile: # docker build -t perl-test . && docker run perl-test FROM debian:buster RUN echo "cache invalidation #20181107" RUN apt-get -y update RUN apt-get -y install perl-modules-5.26 RUN apt-get -y install make RUN apt-get -y install libio-socket-ssl-perl RUN apt-get -y install openssl CMD cpan -t SULLR/Net-SIP-0.816.tar.gz
  Wed Nov 07 17:40:22 2018 Steffen_Ullrich [...] genua.de - Correspondence added
Am Mi 07. Nov 2018, 16:31:03, SREZIC schrieb: Show quoted text
> On a debian/buster (debian testing) system I see SSL-related failures: > > ... > failed to create SSL context: Failed to load certificate from file (no > PEM, DER or PKCS12) error:0D0680A8:asn1 encoding > routines:asn1_check_tlen:wrong tag error:0D07803A:asn1 encoding > routines:asn1_item_embed_d2i:nested asn1 error at > /root/.cpan/build/Net-SIP-0.816-0/blib/lib/Net/SIP/SocketPool.pm line > 108. >
The problem was that the leaf certificates had only a 2028 bit key (instead the intended 2048 bit key). With OpenSSL 1.1.1 on Debian buster it will no longer load certificates with RSA key smaller than 2048 bit (see https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) which causes above problems. I've recreated the certificates with 4096 bit just to be safe and now it works again. Released as 0.817.
  Wed Nov 07 17:40:23 2018 The RT System itself - Status changed from 'new' to 'open'
  Wed Nov 07 17:40:41 2018 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'