Bug #86707 for Net-Server: [PATCH] SSL_test.t fails with IO::Socket::SSL 1.950 and above

Thu Jul 04 09:28:37 2013 paul [...] city-fan.org - Ticket created

Subject:

[PATCH] SSL_test.t fails with IO::Socket::SSL 1.950 and above

The default for certificate verification for clients has changed from SSL_VERIFY_NONE to SSL_VERIFY_PEER in IO::Socket::SSL 1.950 and above, which breaks SSL_test.t: $ make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Options.t ............... ok t/Port_Configuration.t .... ok t/Server_BASE.t ........... ok t/Server_Fork.t ........... ok t/Server_http.t ........... ok t/Server_INET.t ........... ok t/Server_Multiplex.t ...... ok t/Server_MultiType.t ...... ok t/Server_PreFork.t ........ ok t/Server_PreForkSimple.t .. ok t/Server_Single.t ......... ok t/SSL_test.t .............. Failed 1/5 subtests t/SSLEAY_test.t ........... ok t/UDP_test.t .............. ok t/UNIX_test.t ............. ok Test Summary Report ------------------- t/SSL_test.t (Wstat: 9 Tests: 5 Failed: 1) Failed test: 5 Non-zero wait status: 9 Files=15, Tests=185, 2 wallclock secs ( 0.07 usr 0.02 sys + 0.94 cusr 0.13 csys = 1.16 CPU) Result: FAIL Failed 1/15 test programs. 1/185 subtests failed. make: *** [test_dynamic] Error 255 Explicitly setting SSL_verify_mode to SSL_VERIFY_NONE as per the attached patch fixes this test suite issue.

Subject:

Net-Server-2.007-cert-verify.patch

Since 1.950, IO::Socket::SSL->SSL_verify_mode default changed from SSL_VERIFY_NONE to SSL_VERIFY_PEER, which breaks this test. IO::Socket::SSL version 1.31 or later is needed for the SSL_VERIFY_NONE constant. --- t/SSL_test.t +++ t/SSL_test.t @@ -53,6 +53,7 @@ use_ok qw(Net::Server::Proto::SSL) or exit; require Net::Server; +use IO::Socket::SSL 1.31; @Net::Server::Test::ISA = qw(Net::Server); sub accept { @@ -76,6 +77,7 @@ my $remote = IO::Socket::SSL->new( PeerAddr => $env->{'hostname'}, PeerPort => $env->{'ports'}->[0], + SSL_verify_mode => SSL_VERIFY_NONE, ) || die "Couldn't open child to sock: $!"; my $line = <$remote>;

Wed Jul 24 06:36:54 2013 dsteinbrunner [...] pobox.com - Correspondence added

From:

dsteinbrunner [...] pobox.com

On Thu Jul 04 09:28:37 2013, paul@city-fan.org wrote: Show quoted text

> The default for certificate verification for clients has changed from > SSL_VERIFY_NONE to SSL_VERIFY_PEER in IO::Socket::SSL 1.950 and above, > which breaks SSL_test.t:

I have run into this also. Metacpan shows 30 dependancies on this module so there is the potential for a lot of installs to fail on this.

Wed Jul 24 06:36:54 2013 The RT System itself - Status changed from 'new' to 'open'

Sat Jul 27 13:37:45 2013 dsteinbrunner [...] pobox.com - Correspondence added

From:

dsteinbrunner [...] pobox.com

On Thu Jul 04 09:28:37 2013, paul@city-fan.org wrote: Show quoted text

> The default for certificate verification for clients has changed from > SSL_VERIFY_NONE to SSL_VERIFY_PEER in IO::Socket::SSL 1.950 and above, > which breaks SSL_test.t:

Variation on this patch to avoid 'use' on IO::Socket::SSL is a part of this pull request: https://github.com/rhandom/perl-net-server/pull/1

Tue Aug 06 12:50:02 2013 ether [...] cpan.org - Severity Important added

Mon Sep 09 12:52:59 2013 ether [...] cpan.org - Requestor ETHER added

Sat Nov 09 12:24:42 2013 SKAUFMAN [...] cpan.org - Requestor SKAUFMAN added

Sat Nov 23 12:10:25 2013 dsteinbrunner [...] pobox.com - Correspondence added

From:

dsteinbrunner [...] pobox.com

On Wed Jul 24 06:36:54 2013, dsteinbrunner@pobox.com wrote: Show quoted text

> I have run into this also. Metacpan shows 30 dependencies on this > module so there is the potential for a lot of installs to fail on > this.

Any chance a new release will be available to correct this anytime soon? Is there interest in having someone else added as a co-maintainer to handle this?

Sat Nov 23 12:25:23 2013 ether [...] cpan.org - Correspondence added

On 2013-11-23 09:10:25, dsteinbrunner@pobox.com wrote: Show quoted text

> On Wed Jul 24 06:36:54 2013, dsteinbrunner@pobox.com wrote: >

> > I have run into this also. Metacpan shows 30 dependencies on this > > module so there is the potential for a lot of installs to fail on > > this.

> > Any chance a new release will be available to correct this anytime > soon? Is there interest in having someone else added as a co- > maintainer to handle this?

It might be useful to fold this module into the care of the libwww-perl working group (loose and informal as it is), for easier coordination of issues across the Net::* and LWP::* modules.

Fri Jan 17 18:35:32 2014 SPACEBAT [...] cpan.org - Correspondence added

On Sat Nov 23 12:25:23 2013, ETHER wrote: Show quoted text

> It might be useful to fold this module into the care of the libwww- > perl working group (loose and informal as it is), for easier > coordination of issues across the Net::* and LWP::* modules.

Having run into this while upgrading something as mainstream as Catalyst, I second the motion that such a crucial module not go unmaintained.

Thu Mar 06 08:48:15 2014 wreis [...] cpan.org - Requestor WREIS added

Sat Mar 08 21:59:08 2014 KENTNL [...] cpan.org - Requestor KENTNL added

Sun May 04 15:57:53 2014 JETEVE [...] cpan.org - Requestor JETEVE added

Mon May 12 13:22:28 2014 mst [...] shadowcat.co.uk - Correspondence added

Subject:	[rt.cpan.org #86707] Offering to find alternative maintainers
Date:	Mon, 12 May 2014 17:22:17 +0000
To:	bug-Net-Server [...] rt.cpan.org, modules [...] perl.org, paul [...] seamons.com, bbb [...] cpan.org, rhandom [...] cpan.org
From:	Matt S Trout <mst [...] shadowcat.co.uk>

Given this bug has been outstanding for close to a year now and results in installation failures for Starman, the current favourite perl http server, I'm offering to find people who can maintain it if the current team don't have team (which currently seems likely). Filing this offer against the relevant RT ticket, also sent to modules@perl.org to start the abandonware countdown clock if it proves necessary and to the email addresses given in the POD in case authors are receiving normal mail but not RT mail. -- Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a clue http://shadowcat.co.uk/blog/matt-s-trout/ http://twitter.com/shadowcat_mst/ Email me now on mst (at) shadowcat.co.uk and let's chat about how our CPAN commercial support, training and consultancy packages could help your team.

Mon May 12 13:35:02 2014 bbb [...] cpan.org - Correspondence added

CC:	bug-Net-Server [...] rt.cpan.org, modules [...] perl.org, paul [...] seamons.com, Paul Seamons <rhandom [...] cpan.org>, Rob Brown <bbb [...] cpan.org>
Subject:	Re: [rt.cpan.org #86707] Offering to find alternative maintainers
Date:	Mon, 12 May 2014 11:34:52 -0600
To:	Matt S Trout <mst [...] shadowcat.co.uk>
From:	Rob Brown <bbb [...] cpan.org>

Matt, Sorry, this is not abandonware. http://search.cpan.org is just down right now. On Mon, May 12, 2014 at 11:22 AM, Matt S Trout <mst@shadowcat.co.uk> wrote: Show quoted text

> Given this bug has been outstanding for close to a year now and results in > installation failures for Starman, the current favourite perl http server, > I'm offering to find people who can maintain it if the current team don't > have team (which currently seems likely). > > Filing this offer against the relevant RT ticket, also sent to > modules@perl.org to start the abandonware countdown clock if it proves > necessary and to the email addresses given in the POD in case authors are > receiving normal mail but not RT mail. > > -- > Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a > clue > > http://shadowcat.co.uk/blog/matt-s-trout/ > http://twitter.com/shadowcat_mst/ > > Email me now on mst (at) shadowcat.co.uk and let's chat about how our CPAN > commercial support, training and consultancy packages could help your team. >

Mon May 12 13:39:13 2014 ether [...] cpan.org - Correspondence added

On 2014-05-12 10:35:02, BBB wrote: Show quoted text

> Matt, > > Sorry, this is not abandonware. http://search.cpan.org is just down > right > now.

How is this relevant? (and metacpan.org is working just fine.)

Mon May 12 13:46:06 2014 mst [...] shadowcat.co.uk - Correspondence added

CC:	bug-Net-Server [...] rt.cpan.org, modules [...] perl.org, paul [...] seamons.com, Paul Seamons <rhandom [...] cpan.org>
Subject:	Re: [rt.cpan.org #86707] Offering to find alternative maintainers
Date:	Mon, 12 May 2014 17:45:56 +0000
To:	Rob Brown <bbb [...] cpan.org>
From:	Matt S Trout <mst [...] shadowcat.co.uk>

On Mon, May 12, 2014 at 11:34:52AM -0600, Rob Brown wrote: Show quoted text

> Sorry, this is not abandonware. http://search.cpan.org is just down right > now.

IO::Socket::SSL has changed its default verification mode and that's what's requiring the fix. I don't understand how you think the status of the privately run closed source CPAN search system that's been superceded by metacpan has any relevance whatsoever to the fact that you're sat on an important patch and have been completely ignoring the ticket. If it isn't abandonware, some actual activity so the dist installs would be a better way of proving it than mere assertion is :) -- Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a clue http://shadowcat.co.uk/blog/matt-s-trout/ http://twitter.com/shadowcat_mst/ Email me now on mst (at) shadowcat.co.uk and let's chat about how our CPAN commercial support, training and consultancy packages could help your team.

Mon May 12 14:18:15 2014 bbb [...] cpan.org - Correspondence added

Sorry, I meant it hasn't been ignored. I know that IO::Socket::SSL changed the default behavior, and an appropriate backward compatible patch has been deployed into github already: https://github.com/rhandom/perl-net-server/commit/e9574bda0354c2f1911ba1edc1cd5a4c52dd809e However due to the migration from MakeMaker on sourceforge to distzilla on github, it has temporarily snagged the roll out to CPAN. Thanks for your follow up. :-) On Mon May 12 13:46:06 2014, mst@shadowcat.co.uk wrote: Show quoted text

> IO::Socket::SSL has changed its default verification mode and that's > what's requiring the fix.

Mon May 12 14:24:37 2014 paul [...] seamons.com - Correspondence added

Subject:	Re: [rt.cpan.org #86707] Offering to find alternative maintainers
Date:	Mon, 12 May 2014 12:24:15 -0600
To:	Matt S Trout <mst [...] shadowcat.co.uk>, bug-Net-Server [...] rt.cpan.org, modules [...] perl.org, bbb [...] cpan.org, rhandom [...] cpan.org
From:	Paul Seamons <paul [...] seamons.com>

A patched version has been uploaded. Other applications of pending patches on rt will be applied shortly. Paul Seamons On 05/12/2014 11:22 AM, Matt S Trout wrote: Show quoted text

> Given this bug has been outstanding for close to a year now and results in > installation failures for Starman, the current favourite perl http server, > I'm offering to find people who can maintain it if the current team don't > have team (which currently seems likely). > > Filing this offer against the relevant RT ticket, also sent to > modules@perl.org to start the abandonware countdown clock if it proves > necessary and to the email addresses given in the POD in case authors are > receiving normal mail but not RT mail. >

Mon May 12 14:38:41 2014 mst [...] shadowcat.co.uk - Correspondence added

CC:	bug-Net-Server [...] rt.cpan.org, modules [...] perl.org, bbb [...] cpan.org, rhandom [...] cpan.org
Subject:	Re: [rt.cpan.org #86707] Offering to find alternative maintainers
Date:	Mon, 12 May 2014 18:38:32 +0000
To:	Paul Seamons <paul [...] seamons.com>
From:	Matt S Trout <mst [...] shadowcat.co.uk>

On Mon, May 12, 2014 at 12:24:15PM -0600, Paul Seamons wrote: Show quoted text

> A patched version has been uploaded. > > Other applications of pending patches on rt will be applied shortly.

Thank you! -- Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a clue http://shadowcat.co.uk/blog/matt-s-trout/ http://twitter.com/shadowcat_mst/ Email me now on mst (at) shadowcat.co.uk and let's chat about how our CPAN commercial support, training and consultancy packages could help your team.

Mon May 12 14:54:12 2014 samuel.c.kaufman [...] gmail.com - Correspondence added

CC:	JETEVE [...] cpan.org, KENTNL [...] cpan.org, SKAUFMAN [...] cpan.org, ether [...] cpan.org, paul [...] city-fan.org, wreis [...] cpan.org
Subject:	Re: [rt.cpan.org #86707] Offering to find alternative maintainers
Date:	Mon, 12 May 2014 14:53:57 -0400
To:	bug-Net-Server [...] rt.cpan.org
From:	Samuel Kaufman <samuel.c.kaufman [...] gmail.com>

Thanks!!! This has been a pretty big pain in the butt for our build system for a while now. Adding --notest to Starman will also skip tests on things that don't have broken tests, leading to trying to --notest Net::Server itself, but that requires ordering the dependency install, which is also a pain in the butt. On Mon, May 12, 2014 at 2:38 PM, Matt S Trout via RT <bug-Net-Server@rt.cpan.org> wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=86707 > > > On Mon, May 12, 2014 at 12:24:15PM -0600, Paul Seamons wrote:

>> A patched version has been uploaded. >> >> Other applications of pending patches on rt will be applied shortly.

> > Thank you! > > -- > Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a clue > > http://shadowcat.co.uk/blog/matt-s-trout/ http://twitter.com/shadowcat_mst/ > > Email me now on mst (at) shadowcat.co.uk and let's chat about how our CPAN > commercial support, training and consultancy packages could help your team. >