Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 75274
Status: resolved
Priority: 0/
Queue: Net-SSLeay
People
Owner: MIKEM [...] cpan.org
Requestors: paul [...] city-fan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in:
  • 1.42
  • 1.43
Fixed in: (no value)

History Show all quoted text
  Fri Feb 24 08:24:57 2012 paul [...] city-fan.org - Ticket created
Subject: Compatibility issue with openssl 1.0.1?
I have come across a couple of issues running the test suites of downstream users of Net-SSLeay with openssl 1.0.1; in both cases, reverting just openssl to 1.0.0g resolved the problem. The test suite of Net-SSLeay itself passes with openssl 1.0.1 without problems. Firstly, IO-Socket-SSL has a test t/dhe.t that fails with openssl 1.0.1: DEBUG: .../IO/Socket/SSL.pm:494: no socket yet DEBUG: .../IO/Socket/SSL.pm:193: set domain to 2 DEBUG: .../IO/Socket/SSL.pm:334: socket not yet connected DEBUG: .../IO/Socket/SSL.pm:336: socket connected DEBUG: .../IO/Socket/SSL.pm:496: accept created normal socket IO::Socket::SSL=GLOB(0x8558278) DEBUG: .../IO/Socket/SSL.pm:512: starting sslifying DEBUG: .../IO/Socket/SSL.pm:354: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:1281: SSL accept attempt failed with unknown error error:04075070:rsa routines:RSA_sign:digest too big for rsa key SSL error: 31249: 1 - error:1409B006:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:EVP lib DEBUG: .../IO/Socket/SSL.pm:445: connection failed - connect returned 0 t/dhe.t .................... 1..3 ok # [server] Server Initialization not ok # [server] accept failed: Failed 2/3 subtests I raised this at CPAN RT#75165 for IO-Socket-SSL but as this might be a problem in either openssl, Net-SSLeay or IO-Socket-SSL itself, I thought it was worthwhile to ask here too. Secondly, the AnyEvent test t/80_ssltest.t fails in similar fashion: # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Looks like you planned 415 tests but ran 26. # Looks like you failed 9 tests of 26 run. t/80_ssltest.t .............. Dubious, test returned 9 (wstat 2304, 0x900) Failed 398/415 subtests Since AnyEvent uses Net-SSLeay but not IO-Socket-SSL, maybe it's the same issue and it's not in IO-Socket-SSL?
  Fri Feb 24 17:51:35 2012 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #75274] Compatibility issue with openssl 1.0.1?
Date: Sat, 25 Feb 2012 08:50:52 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hello, Thanks for the report. I have been able to reproduce this problem with IO-Socket-SSL 1.56 and the current and also older versions of Net-SSLeay, with openssl 1.0.1-beta3, as you report. However, this looks to me like a very low level problem inside openssl concerning the test certificate key and its signature. I suspect either a problem in openssl-.0.1-beta3 or perhaps with the test certificate used by IO-Socket-SSL t/dhe.t certs/server-rsa384-dh.pem needs to be regenerated with the right size signature? Cheers. On Friday, February 24, 2012 08:24:59 AM you wrote: Show quoted text
> Fri Feb 24 08:24:57 2012: Request 75274 was acted upon. > Transaction: Ticket created by paul@city-fan.org > Queue: Net-SSLeay > Subject: Compatibility issue with openssl 1.0.1? > Broken in: 1.42, 1.43 > Severity: (no value) > Owner: Nobody > Requestors: paul@city-fan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75274 > > > > I have come across a couple of issues running the test suites of > downstream users of Net-SSLeay with openssl 1.0.1; in both cases, > reverting just openssl to 1.0.0g resolved the problem. The test suite of > Net-SSLeay itself passes with openssl 1.0.1 without problems. > > Firstly, IO-Socket-SSL has a test t/dhe.t that fails with openssl 1.0.1: > > DEBUG: .../IO/Socket/SSL.pm:494: no socket yet > DEBUG: .../IO/Socket/SSL.pm:193: set domain to 2 > DEBUG: .../IO/Socket/SSL.pm:334: socket not yet connected > DEBUG: .../IO/Socket/SSL.pm:336: socket connected > DEBUG: .../IO/Socket/SSL.pm:496: accept created normal socket > IO::Socket::SSL=GLOB(0x8558278) > DEBUG: .../IO/Socket/SSL.pm:512: starting sslifying > DEBUG: .../IO/Socket/SSL.pm:354: ssl handshake not started > DEBUG: .../IO/Socket/SSL.pm:1281: SSL accept attempt failed with unknown > error > error:04075070:rsa routines:RSA_sign:digest too big for rsa key SSL > error: 31249: 1 - error:1409B006:SSL > routines:SSL3_SEND_SERVER_KEY_EXCHANGE:EVP lib > DEBUG: .../IO/Socket/SSL.pm:445: connection failed - connect returned 0 > t/dhe.t .................... 1..3 ok # [server] Server Initialization > not ok # [server] accept failed: > Failed 2/3 subtests > > I raised this at CPAN RT#75165 for IO-Socket-SSL but as this might be a > problem in either openssl, Net-SSLeay or IO-Socket-SSL itself, I thought > it was worthwhile to ask here too. > > Secondly, the AnyEvent test t/80_ssltest.t fails in similar fashion: > > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Looks like you planned 415 tests but ran 26. > # Looks like you failed 9 tests of 26 run. > t/80_ssltest.t .............. > Dubious, test returned 9 (wstat 2304, 0x900) > Failed 398/415 subtests > > Since AnyEvent uses Net-SSLeay but not IO-Socket-SSL, maybe it's the > same issue and it's not in IO-Socket-SSL?
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Fri Feb 24 17:51:37 2012 The RT System itself - Status changed from 'new' to 'open'
  Thu Mar 22 07:37:56 2012 kmx [...] cpan.org - Correspondence added
this was fixed in IO::Socket::SSL v1.57 2012.02.26

see http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.60/Changes

I suggest closing this RT.

--
kmx
  Thu Mar 22 08:22:16 2012 paul [...] city-fan.org - Correspondence added
From: paul [...] city-fan.org
On Thu Mar 22 07:37:56 2012, KMX wrote: Show quoted text
> this was fixed in IO::Socket::SSL v1.57 2012.02.26 > > see http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.60/Changes > > I suggest closing this RT.
Well IO::Socket::SSL is fixed but we don't know what the problem with AnyEvent is yet. https://rt.cpan.org/Public/Bug/Display.html?id=75343 (I've discussed this with AnyEvent's upstream but they've not been able to debug it yet)
  Thu Mar 22 17:29:56 2012 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'
  Thu Mar 22 17:29:56 2012 MIKEM [...] cpan.org - Given to MIKEM