Subject: | [abi@grinser.de: Bug#467345: #467345: libnet-proxy-perl: FTBFS: hanging test] |
Date: | Mon, 30 Sep 2013 12:07:40 +0200 |
To: | bug-Net-Proxy [...] rt.cpan.org |
From: | Michael Ablassmeier <abi [...] grinser.de> |
hi,
please see attachment from the original bugreport against the debian
bugtracking system. The Tests of NET::Proxy will fail as more recent
versions of IO::SOCKET:SSL have stricter behavior when it comes to
check ssl certificates.
----- Forwarded message from Michael Ablassmeier <abi@grinser.de> -----
From: Michael Ablassmeier <abi@grinser.de>
Date: Mon, 30 Sep 2013 11:24:23 +0200
To: Damyan Ivanov <dmn@debian.org>, 467345@bugs.debian.org
Subject: Bug#467345: #467345: libnet-proxy-perl: FTBFS: hanging test
Reply-To: Michael Ablassmeier <abi@grinser.de>, 467345@bugs.debian.org
On Mon, Sep 23, 2013 at 12:17:58AM +0300, Damyan Ivanov wrote:
Show quoted text
> # ports: 59669 53285
>
> # Failed test 'Line received'
> # at t/36ctssl_tcp.t line 103.
> # got: '^V^C^C^@^D^N^@^@^@Brian Florence Dougal Ermintrude
> # Zebedee
> # '
> # expected: 'Brian Florence Dougal Ermintrude Zebedee
> # '
> # Looks like you failed 1 test of 8.
> t/36ctssl_tcp.t .........
> Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/8 subtests
> # Random seed 387049612
> # ports: 36571 35473
> 2013-09-22 21:12:00 SSL connect accept failed because of handshake problems error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca at /tmp/buildd/libnet-proxy-perl-0.12/blib/lib/Net/Proxy/Connector/ssl.pm line 72.
i think both failures are caused by a change of behavior in
libio-socket-ssl-perl:
Show quoted text > 1.950 2013/7/3
> - MAJOR BEHAVIOR CHANGE:
> ssl_verify_mode now defaults to verify_peer for client.
> Until now it used verify_none, but loudly complained since 1.79 about it.
> It will not complain any longer, but the connection might probably fail.
> Please don't simply disable ssl verification, but instead set SSL_ca_file
> etc so that verification succeeds!
> - MAJOR BEHAVIOR CHANGE:
> it will now complain if the builtin defaults of certs/my-ca.pem or ca/
> for CA and certs/{server,client}-{key,cert}.pem for cert and key are used,
> e.g. no certificates are specified explicitly.
> In the future these insecure (relative path!) defaults will be removed
> and the CA replaced with the system defaults.
the package does not include ca file/the certificate is self signed and was
created only for testing, so this is something upstream has to care about.
The package builds without libio-socket-ssl-perl in Build-Depends just as
fine (tests are skipped then)
Will most likely remove it from the build-depends with the next upload
to get this sorted.
bye,
- michael
Show quoted text----- End forwarded message -----