Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 65631
Status: resolved
Worked: 10 min
Priority: 0/
Queue: Net-SSLeay
People
Owner: MIKEM [...] cpan.org
Requestors: chrisb [...] debian.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.36
Fixed in: (no value)

History Show all quoted text
  Thu Feb 10 18:08:45 2011 chrisb [...] debian.org - Ticket created
The openssl packages in Debian have recently been changed (in the experimental repository, for now) so that they are compiled without support for SSLv2[1]. This causes Net::SSLeay to fail to build; the test suite fails when trying to 'use' the module, as the SSLv2_method is not present in libssl[2]. I've attached a patch which fixes the problem, by checking for the OPENSSL_NO_SSL2 #define in the XS code. I've also patched the .pm to emit a warning if ssl_version has been set to 2 when SSLv2 is unavailable. I'm not sure if this is the best way to handle the problem though, as I'm not that familiar with the module. [1] http://bugs.debian.org/589706 [2] http://bugs.debian.org/612780
Subject: no_sslv2.patch
Description: Make SSLv2 support conditional OpenSSL may be compiled without SSLv2 support, so do not try to use the SSLv2 functions if they're not present. Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612780 Forwarded: no Author: Chris Butler <chrisb@debian.org> Last-Update: 2011-02-10 --- a/lib/Net/SSLeay.pm +++ b/lib/Net/SSLeay.pm @@ -1600,6 +1600,10 @@ nonsensical error codes (at the SSL handshake level), try this option before mailing me. +On some systems, OpenSSL may be compiled without support for SSLv2. +If this is the case, Net::SSLeay will warn if ssl_version has been set +to 2. + The high level API returns the certificate of the peer, thus allowing one to check what certificate was supplied. However, you will only be able to check the certificate after the fact, i.e. you already sent @@ -2239,7 +2243,13 @@ } sub new_x_ctx { - if ($ssl_version == 2) { $ctx = CTX_v2_new(); } + if ($ssl_version == 2) { + unless (exists &Net::SSLeay::CTX_v2_new) { + warn "ssl_version has been set to 2, but this version of OpenSSL has been compiled without SSLv2 support"; + return undef; + } + $ctx = CTX_v2_new(); + } elsif ($ssl_version == 3) { $ctx = CTX_v3_new(); } elsif ($ssl_version == 10) { $ctx = CTX_tlsv1_new(); } else { $ctx = CTX_new(); } --- a/SSLeay.xs +++ b/SSLeay.xs @@ -724,6 +724,8 @@ OUTPUT: RETVAL +#ifndef OPENSSL_NO_SSL2 + SSL_CTX * SSL_CTX_v2_new() CODE: @@ -731,6 +733,8 @@ OUTPUT: RETVAL +#endif + SSL_CTX * SSL_CTX_v3_new() CODE: @@ -1821,9 +1825,13 @@ #endif +#ifndef OPENSSL_NO_SSL2 + SSL_METHOD * SSLv2_method() +#endif + SSL_METHOD * SSLv3_method()
  Thu Feb 10 22:30:46 2011 MIKEM [...] cpan.org - Taken
  Fri Feb 11 00:02:18 2011 MIKEM [...] cpan.org - Correspondence added 10 min
Your patch has been applied to SVN Thanks!
  Fri Feb 11 00:02:19 2011 The RT System itself - Status changed from 'new' to 'open'
  Fri Feb 11 00:02:19 2011 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'