Skip Menu |

This queue is for tickets about the Net-HTTPS-NB CPAN distribution.

Report information
The Basics
Id: 85931
Status: resolved
Worked: 30 min
Priority: 0/
Queue: Net-HTTPS-NB
People
Owner: Nobody in particular
Requestors: hvn [...] open.com.au
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Jun 06 12:53:38 2013 hvn [...] open.com.au - Ticket created
Subject: Patch to add SSL options and check for successful start_SSL
Date: Thu, 06 Jun 2013 19:53:16 +0300
To: bug-Net-HTTPS-NB [...] rt.cpan.org
From: Heikki Vatiainen <hvn [...] open.com.au>
Hello, Net::HTTP::NB does not check for return value when calling IO::Socket::SSL->start_SSL() If start_SSL() fails, the socket 'will remain blessed in its original class' as stated by IO::Socket:SSL documentation. Since the socket is still valid, the subsequent communication will happen over plain HTTP instead of HTTPS. The attached patch adds check for return value. Another thing the patch adds is the possibility to pass options such as SSL_verify_mode and SSL_ca_file. This lets the caller to enable any certificate checking and other options IO::Socket:SSL supports. The patch is against Net::HTTPS::NB version 0.12 -- Heikki Vatiainen <hvn@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

Message body is not shown because sender requested not to inline it.

  Wed Jun 12 06:54:55 2013 oleg [...] cpan.org - Correspondence added
On Thu Jun 06 12:53:38 2013, hvn@open.com.au wrote: Show quoted text
> Hello, > > Net::HTTP::NB does not check for return value when calling > IO::Socket::SSL->start_SSL() > > If start_SSL() fails, the socket 'will remain blessed in its original > class' as stated by IO::Socket:SSL documentation. Since the socket is > still valid, the subsequent communication will happen over plain HTTP > instead of HTTPS. > > The attached patch adds check for return value. > > Another thing the patch adds is the possibility to pass options such as > SSL_verify_mode and SSL_ca_file. This lets the caller to enable any > certificate checking and other options IO::Socket:SSL supports. > > The patch is against Net::HTTPS::NB version 0.12 >
Hello, It looks like SSLOptions parameter is not compatible with Net::HTTPS. So I slightly reworked your patch. Please try last version from this git repo: https://github.com/olegwtf/p5-Net-HTTPS-NB Is it works for you?
  Wed Jun 12 06:54:55 2013 The RT System itself - Status changed from 'new' to 'open'
  Wed Jun 12 08:21:44 2013 hvn [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #85931] Patch to add SSL options and check for successful start_SSL
Date: Wed, 12 Jun 2013 15:21:20 +0300
To: bug-Net-HTTPS-NB [...] rt.cpan.org
From: Heikki Vatiainen <hvn [...] open.com.au>
On 06/12/2013 01:54 PM, Oleg G via RT wrote: Show quoted text
> It looks like SSLOptions parameter is not compatible with Net::HTTPS. So I slightly reworked your patch. Please try last version from this git repo: https://github.com/olegwtf/p5-Net-HTTPS-NB > Is it works for you?
This works fine with me. The SSL_ option passing works as expected. Also, if e.g., non existing file is passed with SSL_ca_file, the module now returns undef instead of plain HTTP socket. Thanks! Heikki -- Heikki Vatiainen <hvn@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Wed Jun 12 10:48:30 2013 oleg [...] cpan.org - Correspondence added 30 min
On Wed Jun 12 08:21:44 2013, hvn@open.com.au wrote: Show quoted text
> On 06/12/2013 01:54 PM, Oleg G via RT wrote: >
> > It looks like SSLOptions parameter is not compatible with
> Net::HTTPS. So I slightly reworked your patch. Please try last version > from this git repo: https://github.com/olegwtf/p5-Net-HTTPS-NB
> > Is it works for you?
> > This works fine with me. > > The SSL_ option passing works as expected. Also, if e.g., non existing > file is passed with SSL_ca_file, the module now returns undef instead > of > plain HTTP socket. > > Thanks! > Heikki >
Thank you I just uploaded version 0.13
  Wed Jun 12 10:48:31 2013 oleg [...] cpan.org - Status changed from 'open' to 'resolved'