Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 129464
Status: rejected
Priority: 0/
Queue: Net-SSLeay
People
Owner: Nobody in particular
Requestors: wyant [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 1.86_07
Attachments
make.log
Net-SSLeay-LibreSSL.patch

History Show all quoted text
  Mon May 06 00:25:49 2019 wyant [...] cpan.org - Ticket created
Subject: Build fails under LibreSSL 2.9 (OpenBSD 6.5)
OpenBSD 6.5 just came out, and I was trying to configure a custom-built Perl the way I wanted. Under that OS, Net::SSLeay failed to build. Specifically, the compilation of SSLeay.c failed, with the error no member named 'tmp' in 'struct ssl3_state_st' It appears that the relevant structures are no longer exposed as of LibreSSL 2.9. Specifically, s->s3->tmp.new_mac_secret_size became something like s->s3->internal->tmp.new_mac_secret_size. The "internal" item is defined as struct ssl3_state_internal_st but this is defined in ssl/ssl_locl.h in the LibreSSL kit, and included via #include "ssl/ssl_locl.h" The ssl_locl.h header appears not to be installed when LibreSSL is. I have worked out a patch that at least compiles. With this patch applied, Net::SSLeay passes all tests under Perl 5.28.2 under OpenBSD 6.5 (32 bit), OpenBSD 6.4 (32 bit), XUbuntu 18.04 (64 bit), and macOS 10.14.4 Mojave. But I can not verify that the patch actually works, because I have been unable to get anything but -1 out of get_keyblock_size(). I am probably calling it incorrectly -- I found the documentation a bit obscure, but thought that $ perl -MNet::SSLeay -E 'say Net::SSLeay::get_keyblock_size( Net::SSLeay::new( Net::SSLeay::CTX_new() ) );' might work. Is this the correct way to call it? I have attached a log of the original error (as make.log) and the referred-to patch. The patch is against Net-SSLeay-1.85.tar.gz, because I was unable to access svn://svn.debian.org/svn/net-ssleay.
Subject: Net-SSLeay-LibreSSL.patch
--- SSLeay.old 2019-05-05 23:26:44.000000000 -0400 +++ SSLeay.xs 2019-05-05 23:26:01.000000000 -0400 @@ -5681,8 +5681,10 @@ int md_size = -1; c = s->enc_read_ctx->cipher; #if OPENSSL_VERSION_NUMBER >= 0x10001000L +#if LIBRESSL_VERSION_NUMBER < 0x20900000L if (s->s3) md_size = s->s3->tmp.new_mac_secret_size; +#endif #elif OPENSSL_VERSION_NUMBER >= 0x00909000L h = EVP_MD_CTX_md(s->read_hash); md_size = EVP_MD_size(h);
Subject: make.log
Download make.log
application/octet-stream 2.2k

Message body not shown because it is not plain text.

  Mon May 06 08:18:23 2019 chrisn [...] cpan.org - Correspondence added
Thanks for the report, Tom. (This reply is slightly out of order...) On Mon May 06 05:25:49 2019, WYANT wrote: Show quoted text
> I have attached a log of the original error (as make.log) and the > referred-to patch. The patch is against Net-SSLeay-1.85.tar.gz, > because I was unable to access svn://svn.debian.org/svn/net-ssleay.
There have been quite a few changes to Net-SSLeay since 1.85: the module has new maintainers, and Debian shut down their Subversion repository so we rescued the code base and moved everything to GitHub [1]. This has mostly gone unnoticed because we haven't released a new stable version since taking over maintainance and MetaCPAN's UI doesn't make developer versions as obvious as search.cpan.org used to. Show quoted text
> OpenBSD 6.5 just came out, and I was trying to configure a custom- > built Perl the way I wanted. Under that OS, Net::SSLeay failed to > build. Specifically, the compilation of SSLeay.c failed, with the > error > > no member named 'tmp' in 'struct ssl3_state_st' > > It appears that the relevant structures are no longer exposed as of > LibreSSL 2.9. Specifically, s->s3->tmp.new_mac_secret_size became > something like s->s3->internal->tmp.new_mac_secret_size. The > "internal" item is defined as > > struct ssl3_state_internal_st > > but this is defined in ssl/ssl_locl.h in the LibreSSL kit, and > included via > > #include "ssl/ssl_locl.h" > > The ssl_locl.h header appears not to be installed when LibreSSL is.
Your diagnosis of the problem is spot-on --- Alexander Bluhm, one of the OpenBSD developers, sent us a patch [2] that takes the pre-existing OpenSSL 1.1.0 code path through SSL_get_keyblock_size() instead of the old OpenSSL 1.0.0 code path when using LibreSSL >= 2.7, since the APIs are similar. That patch was included as part of Net-SSLeay 1.86_07, which should work fine on OpenBSD 6.5 (although 1.86_10 is the latest developer release now [3]). We'll be releasing a new stable version soon if you'd prefer not to use a developer version (although _10 works well, and will pretty much become the new stable version). [1] https://github.com/radiator-software/p5-net-ssleay [2] https://github.com/radiator-software/p5-net-ssleay/commit/3bea4ab4511789d28522e4ec154d2c3682568784 [3] https://metacpan.org/release/CHRISN/Net-SSLeay-1.86_10
  Mon May 06 08:18:24 2019 The RT System itself - Status changed from 'new' to 'open'
  Mon May 06 08:18:24 2019 chrisn [...] cpan.org - Status changed from 'open' to 'rejected'
  Mon May 06 08:18:24 2019 chrisn [...] cpan.org - Fixed in 1.86_07 added