| Subject: | HTTPS authentication error hangs instead of returning authentication error. Fix included. |
| Date: | Wed, 16 Mar 2011 12:00:06 +0100 |
| To: | "bug-libwww-perl [...] rt.cpan.org" <bug-libwww-perl [...] rt.cpan.org> |
| From: | Tom Koelman <Tom.Koelman [...] intellimagic.net> |
Hi,
We are using LWP 5.837, bundled with ActiveState 5.10.1008 on Windows 7 64 bit, but I just took a look at the libwww-perl repository on github and the most recent commit, 93c26dd32aea887331860e7afbc68d34e141ddab, has the same issue I think.
What I was trying to do was doing a POST request on a https url that requires basic authentication, deliberately giving it wrong credentials. Instead of returning an HTTP::response object with a 401 error, the HTTP::UserAgent->request call just hang and never returned. Tracking it down I found out that the actual call that was not returning was in Net::HTTP::Methods::my_read, calling $self->sysread.
Turns out that in our case $self->sysread resolves to Net::SSL::read, which I think should have been
LWP::Protocol::http::SocketMethods::sysread instead.
In our case Net::HTTPS isa Net::SSL and Net::SSL implements a sysread, which gets found earlier than LWP::Protocol::https::SocketMethods' sysread due to the order in which perl looks for methods in superclasses.
The origin of this problem resides in LWP::Protocol::https.pm, in which I think this line:
@ISA = qw(Net::HTTPS LWP::Protocol::http::SocketMethods);
should be:
@ISA = qw(LWP::Protocol::http::SocketMethods Net::HTTPS);
At least in our case this change fixes the problem. The wrongly authenticated request now returns with a HTTP::response object having the 401 status and doesn't hang anymore.
Regards,
Tom Koelman