Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 68070
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: paul [...] city-fan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.41
Fixed in: (no value)

History Show all quoted text
  Tue May 10 06:51:40 2011 paul [...] city-fan.org - Ticket created
Subject: Test failure of nonblock.t with older Perls/openssl
I attempted to build 1.41 on a variety of Fedora/Red Hat Enterprise Linux releases and found that while more recent releases were fine, nonblock.t was failing on older systems (e.g. RHEL4). I have the same (latest) version of Net::SSLeay everywhere but use the system versions of Perl and openssl, and I suspect openssl is the significant difference. Anyway, running the test in verbose mode gave the following diagnostic: t/nonblock.................1..27 ok # [server] Server Initialization ok # [client] client tcp connect ok # [client] write plain text ok # [server] tcp accept ok # [server] received plain text ok # [client] upgrade client to IO::Socket::SSL ok # [server] upgrade to_client to IO::Socket::SSL # SSL wants a read first # failed to accept: SSL accept attempt failed with unknown errorerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number not ok # [server] ssl accept handshake done # ^@f^@^@^@^P^@^@9^@ ok # [server] received client message # $!=Resource temporarily unavailable $SSL_ERROR=SSL accept attempt failed with unknown errorerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number # failed to connect: not ok # [client] connected ok # [client] nonblocking connect with 1 attempts # sndbuf=16384 # read 30000 (0 r/w attempts) # $!=Connection reset by peer $SSL_ERROR=SSL wants a read first send=30300 # connection closed hard ok # [client] syswrite not ok # [client] multiple write attempts ok # [client] 30000 bytes send ok # [client] client tcp connect ok # [client] write plain text ok # [server] tcp accept ok # [server] received plain text ok # [server] upgrade to_client to IO::Socket::SSL ok # [client] upgrade client to IO::Socket::SSL # SSL wants a read first # failed to accept: SSL accept attempt failed with unknown errorerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number not ok # [server] ssl accept handshake done ok # [server] nonblocking accept_SSL with 1 attempts # ^@f^@^@^@^P^@^@9^@ ok # [server] received client message # $!=Resource temporarily unavailable $SSL_ERROR=SSL accept attempt failed with unknown errorerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number # failed to connect: not ok # [client] connected # sndbuf=16384 # read 30000 (1 r/w attempts) # $!=Connection reset by peer $SSL_ERROR=SSL wants a read first send=30120 # connection closed hard ok # [client] syswrite not ok # [client] multiple write attempts ok # [client] 30000 bytes send FAILED tests 8, 10, 13, 21, 24, 26 Failed 6/27 tests, 77.78% okay So it looked like some protocol mismatch between client and server. Looking at what had changed between 1.40 (where everything was fine on all releases) and 1.41, I tried using SSL.pm from 1.40 with nonblock.t from 1.41 and that also failed, so I tried SSL.pm from 1.41 with nonblock.t from 1.40 and that was OK. The next thing I tried was reverting the part of the change in nonblock.t relating to %extra_options (see attached patch) as that seemed to be protocol version related. With that patch applied, everything passed again. I don't why exactly that fixed things, but it did.
Subject: IO-Socket-SSL-1.41-nonblock.patch
--- IO-Socket-SSL-1.41/t/nonblock.t.orig 2011-05-05 09:26:13.000000000 +0100 +++ IO-Socket-SSL-1.41/t/nonblock.t 2011-05-10 10:34:53.749833057 +0100 @@ -43,10 +43,6 @@ ) : ( SSL_key_file => "certs/client-key.pem" ); -%extra_options = ( %extra_options, - SSL_version => 'TLSv1', - SSL_cipher_list => 'HIGH', -); # first create simple non-blocking tcp-server @@ -128,6 +124,8 @@ # upgrade to SSL socket w/o connection yet if ( ! IO::Socket::SSL->start_SSL( $to_server, SSL_startHandshake => 0, + SSL_version => 'TLSv1', + SSL_cipher_list => 'HIGH', %extra_options )) { diag( 'start_SSL return undef' ); @@ -292,6 +290,8 @@ SSL_ca_file => "certs/test-ca.pem", SSL_use_cert => 1, SSL_cert_file => "certs/client-cert.pem", + SSL_version => 'TLSv1', + SSL_cipher_list => 'HIGH', %extra_options )) { diag( 'start_SSL return undef' ); @@ -305,7 +305,7 @@ sleep(5) if $test eq 'slow'; # wait until client calls connect_SSL # SSL handshake thru accept_SSL - # if test is 'fast' (e.g. client is 'slow') we excpect the first + # if test is 'fast' (e.g. client is 'slow') we expect the first # accept_SSL attempt to fail because client did not call connect_SSL yet my $attempts = 0; while ( 1 ) {
  Wed May 11 04:25:32 2011 Steffen_Ullrich [...] genua.de - Correspondence added
should be fixed with 1.43
  Wed May 11 04:25:34 2011 The RT System itself - Status changed from 'new' to 'open'
  Wed May 11 04:25:34 2011 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'