Bug #70565 for Crypt-SSLeay: SSLv2_method seems to have gone from upstream

Mon Aug 29 01:53:26 2011 ANDK [...] cpan.org - Ticket created

Subject:

SSLv2_method seems to have gone from upstream

Net::SSLeay has the same problem on my debian box. The linker complains about missing SSLv2_method. The following patch works for me: --- SSLeay.xs~ 2011-08-29 07:25:46.000000000 +0200 +++ SSLeay.xs 2011-08-29 07:29:04.000000000 +0200 @@ -125,13 +125,9 @@ if(ssl_version == 23) { ctx = SSL_CTX_new(SSLv23_client_method()); } - else if(ssl_version == 3) { + else { ctx = SSL_CTX_new(SSLv3_client_method()); } - else { - /* v2 is the default */ - ctx = SSL_CTX_new(SSLv2_client_method()); - } SSL_CTX_set_options(ctx,SSL_OP_ALL|0); SSL_CTX_set_default_verify_paths(ctx); SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); HTH, Thanks && Regards,

Sun Oct 16 04:18:12 2011 leon [...] astray.com - Correspondence added

I can confirm that Ubuntu 11.10 also requires this patch. Cheers, Leon.

Sun Oct 16 04:18:14 2011 The RT System itself - Status changed from 'new' to 'open'

Mon Oct 17 22:44:34 2011 MSCHOUT [...] cpan.org - Correspondence added

Not sure if this is the case everywhere, but at least on Ubuntu 11.10, OPENSSL_NO_SSL2 is defined if SSLv2 support has been removed. In that case, the patch can be done this way instead.

Subject:

nossl2.patch

diff --git a/SSLeay.xs b/SSLeay.xs index 9df9f58..8c26155 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -129,9 +129,15 @@ SSL_CTX_new(packname, ssl_version) ctx = SSL_CTX_new(SSLv3_client_method()); } else { +#ifndef OPENSSL_NO_SSL2 /* v2 is the default */ ctx = SSL_CTX_new(SSLv2_client_method()); +#else + /* v3 is the default */ + ctx = SSL_CTX_new(SSLv3_client_method()); +#endif } + SSL_CTX_set_options(ctx,SSL_OP_ALL|0); SSL_CTX_set_default_verify_paths(ctx); SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);

Sat Oct 22 00:05:55 2011 garu [...] cpan.org - Correspondence added

On Mon Oct 17 22:44:34 2011, MSCHOUT wrote: Show quoted text

> Not sure if this is the case everywhere, but at least on Ubuntu 11.10, > OPENSSL_NO_SSL2 is defined if SSLv2 support has been removed. In that > case, the patch can be done this way instead.

Hi there! Thanks for maintaining Crypt::SSLeay. I'm sure it's a lot of work and wanted you to know I really appreciate it. I had the very same issue and can confirm this patch works perfectly on kubuntu 11.10 as well. The #ifndef patch sounds pretty harmless and straightforward. Please update this module as soon as possible so it works with the newer OpenSSL 1.0.0 (which has v2 disabled by default). Thanks again for such a great module!!

Wed Oct 26 17:30:09 2011 RURBAN [...] cpan.org - Correspondence added

I did my patch (Debian Testing) with + /* openssl-1.0.x does not support that anymore */ +#if SSLEAY_VERSION_NUMBER < 10000000 else { /* v2 is the default */ ctx = SSL_CTX_new(SSLv2_client_method()); } +#endif but OPENSSL_NO_SSL2 looks better to me. On Sat Oct 22 00:05:55 2011, GARU wrote: Show quoted text

> On Mon Oct 17 22:44:34 2011, MSCHOUT wrote:

> > Not sure if this is the case everywhere, but at least on Ubuntu

11.10, Show quoted text

> > OPENSSL_NO_SSL2 is defined if SSLv2 support has been removed. In

that Show quoted text

> > case, the patch can be done this way instead.

> > Hi there! Thanks for maintaining Crypt::SSLeay. I'm sure it's a lot of > work and wanted you to know I really appreciate it. > > I had the very same issue and can confirm this patch works perfectly

on Show quoted text

> kubuntu 11.10 as well. > > The #ifndef patch sounds pretty harmless and straightforward. Please > update this module as soon as possible so it works with the newer > OpenSSL 1.0.0 (which has v2 disabled by default). > > Thanks again for such a great module!!

-- Reini Urban

Sat Dec 03 03:03:53 2011 ckras [...] cpan.org - Correspondence added

I can confirm this patch works fine for me as well on Ubuntu 11.10 with Perl 5.14.2

Sun Jan 01 05:47:20 2012 SPACEBAT [...] cpan.org - Correspondence added

I confirm that the patch also works in Debian wheezy, Perl 5.14.2

Fri Jan 27 08:10:15 2012 nanis [...] runu.moc.invalid - Taken

Thu Mar 08 11:35:40 2012 nanis [...] runu.moc.invalid - Correspondence added

https://rt.cpan.org/Public/Bug/Display.html?id=70565 I applied the changes and uploaded 0.59_02 to CPAN which should be available soon. You can also download it from https://github.com/nanis/Crypt-SSLeay/tags Please let me know if this change fixes the issue. Thank you for your patience. -- Sinan

Thu Mar 08 11:35:42 2012 nanis [...] runu.moc.invalid - Status changed from 'open' to 'resolved'

Fri Mar 09 09:39:33 2012 dagolden [...] cpan.org - Correspondence added

On Thu Mar 08 11:35:40 2012, NANIS wrote: Show quoted text

> https://rt.cpan.org/Public/Bug/Display.html?id=70565 > > I applied the changes and uploaded 0.59_02 to CPAN which should be > available soon. You can also download it from > > https://github.com/nanis/Crypt-SSLeay/tags > > Please let me know if this change fixes the issue. Thank you for your > patience.

It appears to work. I hope to see a stable release soon. Regards, David Golden

Fri Mar 09 09:39:35 2012 The RT System itself - Status changed from 'resolved' to 'open'

Sat Mar 10 18:34:47 2012 nanis [...] runu.moc.invalid - Correspondence added

On Fri Mar 09 09:39:33 2012, DAGOLDEN wrote: Show quoted text

> On Thu Mar 08 11:35:40 2012, NANIS wrote:

> > https://rt.cpan.org/Public/Bug/Display.html?id=70565 > > > > I applied the changes and uploaded 0.59_02 to

... Show quoted text

> It appears to work. I hope to see a stable release soon.

Yup, I want to fix Makefile.PL so it is not such a Hodge-podge. That's going to take care of a lot of outstanding tickets. Then I can focus on the remaining issues. -- Sinan

Sat Mar 10 18:35:24 2012 nanis [...] runu.moc.invalid - Status changed from 'open' to 'resolved'

Sat Mar 10 18:35:25 2012 nanis [...] runu.moc.invalid - Fixed in 0.59_02 added