Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 94424
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: paul [...] city-fan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.976
Fixed in: (no value)

History Show all quoted text
  Fri Apr 04 05:39:34 2014 paul [...] city-fan.org - Ticket created
Subject: Multiple issues with new public suffix tests
I've been struggling to build the 1.976 release, with several issues in the new public suffix tests. The code is supporting multiple IDN backends, but from my testing I was only able to get the tests to pass using URI::_idna. With Net::IDN::Encode (2.003), I got: disallowed character U+0095 at /usr/lib64/perl5/vendor_perl/Net/IDN/Encode.pm line 46. # Tests were run but no plan was declared and done_testing() was not seen. # Looks like your test exited with 255 just after 81. t/public_suffix_lib.t ...... Dubious, test returned 255 (wstat 65280, 0xff00) All 81 subtests passed t/public_suffix_ssl.t ...... ok With Net::LibIDN (), I got: Use of uninitialized value $name in lc at /builddir/build/BUILD/IO-Socket-SSL-1.976/blib/lib/IO/Socket/SSL/PublicSuffix.pm line 211. # Failed test at t/public_suffix_lib.t line 179. # got: undef # expected: '敎育.hk' # Failed test at t/public_suffix_lib.t line 180. # got: '' # expected: 'ਭਾਰਤ' # Looks like you failed 2 tests of 83. t/public_suffix_lib.t ...... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/83 subtests t/public_suffix_ssl.t ...... ok With old versions of OpenSSL, there were further issues: # Failed test at t/public_suffix_lib.t line 179. # got: undef # expected: '敎育.hk' # Failed test at t/public_suffix_lib.t line 180. # got: '' # expected: 'ਭਾਰਤ' # Looks like you failed 2 tests of 83. t/public_suffix_lib.t ...... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/83 subtests # Failed test 'ssl www.bar.com against *.bar.com -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.bar.com against *.foo.bar.com -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.co.uk against *.foo.co.uk -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.bl.uk against *.foo.bl.uk -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.bl.uk against *.bl.uk -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.bar.kobe.jp against *.foo.bar.kobe.jp -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.city.kobe.jp against *.city.kobe.jp -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.nodomain against *.foo.nodomain -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Looks like you failed 8 tests of 14. t/public_suffix_ssl.t ...... Dubious, test returned 8 (wstat 2048, 0x800) Failed 8/14 subtests Finally, t/public_suffix_lib.t uses done_testing, which means it requires Test::More >= 0.88 and fails like this with older versions: You tried to run a test without a plan at t/public_suffix_lib.t line 37. t/public_suffix_lib.t ...... Dubious, test returned 2 (wstat 512, 0x200) No subtests run
  Fri Apr 04 09:27:36 2014 Steffen_Ullrich [...] genua.de - Correspondence added
Am Fr 04. Apr 2014, 05:39:34, paul@city-fan.org schrieb: Show quoted text
> I've been struggling to build the 1.976 release, with several issues > in the new public suffix tests.
Thanks for reporting the problem, I should have better tested this. The problem should be fixed with the just released 1.977 and there are also tests with all supported IDN libraries. Thanks, Steffen
  Fri Apr 04 09:27:36 2014 The RT System itself - Status changed from 'new' to 'open'
  Fri Apr 04 09:27:40 2014 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'
  Fri Apr 04 10:03:14 2014 paul [...] city-fan.org - Correspondence added
From: paul [...] city-fan.org
On Fri Apr 04 09:27:36 2014, SULLR wrote: Show quoted text
> Am Fr 04. Apr 2014, 05:39:34, paul@city-fan.org schrieb:
> > I've been struggling to build the 1.976 release, with several issues > > in the new public suffix tests.
> > Thanks for reporting the problem, I should have better tested this. > The problem should be fixed with the just released 1.977 and there are > also tests with all supported IDN libraries.
This looks better but there are still issues with older versions of OpenSSL that don't do SNI, e.g. with 0.9.8n: $ make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/external/*.t # openssl version=0x9080ef # Net::SSLeay::VERSION=1.58 t/01loadmodule.t .................. ok t/acceptSSL-timeout.t ............. ok t/auto_verify_hostname.t .......... ok t/cert_no_file.t .................. ok t/compatibility.t ................. ok t/connectSSL-timeout.t ............ ok t/core.t .......................... ok t/dhe.t ........................... ok t/ecdhe.t ......................... skipped: no support for ecdh with this openssl/Net::SSLeay # 4 connections to www.google.com ok # fingerprint www.google.com matches # check www.google.com against builtin CA store ok # 4 connections to www.yahoo.com ok # fingerprint www.yahoo.com matches # check www.yahoo.com against builtin CA store ok # 4 connections to www.facebook.com ok # fingerprint www.facebook.com matches # check www.facebook.com against builtin CA store ok # 4 connections to www.twitter.com ok # fingerprint www.twitter.com matches # check www.twitter.com against builtin CA store ok # 4 connections to meine.deutsche-bank.de ok # fingerprint meine.deutsche-bank.de matches # check meine.deutsche-bank.de against builtin CA store ok # 4 connections to www.live.com ok # fingerprint www.live.com matches # check www.live.com against builtin CA store ok t/external/usable_ca.t ............ ok t/io-socket-inet6.t ............... ok t/io-socket-ip.t .................. skipped: no IO::Socket::IP 0.20 available t/memleak_bad_handshake.t ......... ok t/mitm.t .......................... ok t/nonblock.t ...................... ok t/npn.t ........................... skipped: NPN not available in Net::SSLeay t/public_suffix_lib_encode_idn.t .. skipped: cannot load Net::IDN::Encode: Can't locate Net/IDN/Encode.pm in @INC (@INC contains: /builddir/build/BUILD/IO-Socket-SSL-1.977/blib/lib /builddir/build/BUILD/IO-Socket-SSL-1.977/blib/arch /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl .) at (eval 7) line 3. t/public_suffix_lib_libidn.t ...... skipped: cannot load Net::LibIDN: Can't locate Net/LibIDN.pm in @INC (@INC contains: /builddir/build/BUILD/IO-Socket-SSL-1.977/blib/lib /builddir/build/BUILD/IO-Socket-SSL-1.977/blib/arch /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl .) at (eval 7) line 3. t/public_suffix_lib_uri.t ......... ok # Failed test 'ssl www.bar.com against *.bar.com -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.bar.com against *.foo.bar.com -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.co.uk against *.foo.co.uk -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.bl.uk against *.foo.bl.uk -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.bl.uk against *.bl.uk -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.bar.kobe.jp against *.foo.bar.kobe.jp -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.city.kobe.jp against *.city.kobe.jp -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Failed test 'ssl www.foo.nodomain against *.foo.nodomain -> ok (Client side SNI not supported for this openssl)' # at t/public_suffix_ssl.t line 79. # got: '0' # expected: '1' # Looks like you failed 8 tests of 14. t/public_suffix_ssl.t ............. Dubious, test returned 8 (wstat 2048, 0x800) Failed 8/14 subtests t/readline.t ...................... ok t/sessions.t ...................... ok t/signal-readline.t ............... ok t/sni.t ........................... skipped: because no client side SNI support - openssl/Net::SSleay too old t/start-stopssl.t ................. ok t/startssl-failed.t ............... ok t/startssl.t ...................... ok t/sysread_write.t ................. ok t/verify_fingerprint.t ............ ok t/verify_hostname.t ............... ok Test Summary Report ------------------- t/public_suffix_ssl.t (Wstat: 2048 Tests: 14 Failed: 8) Failed tests: 2-4, 6-7, 10, 12, 14 Non-zero exit status: 8 Files=30, Tests=442, 47 wallclock secs ( 0.18 usr 0.03 sys + 5.97 cusr 0.59 csys = 6.77 CPU) Result: FAIL Failed 1/30 test programs. 8/442 subtests failed. There's also still the issue that public_suffix_lib.pl uses done_testing (presumably because of conditionally running tests) and hence needs to use Test::More 0.88 rather than an unversioned Test::More; this should also be reflected in Makefile.PL/META.yml unless the test is tweaked to use a plan and skips.
  Fri Apr 04 10:22:35 2014 Steffen_Ullrich [...] genua.de - Correspondence added
Show quoted text
> > This looks better but there are still issues with older versions of > OpenSSL that don't do SNI, e.g. with 0.9.8n:
:{ I think 1.978 fixes this, although I right now have no access to a system with an old enough openssl. Thanks, Steffen
  Fri Apr 04 11:38:05 2014 paul [...] city-fan.org - Correspondence added
From: paul [...] city-fan.org
On Fri Apr 04 10:22:35 2014, SULLR wrote: Show quoted text
>
> > > > This looks better but there are still issues with older versions of > > OpenSSL that don't do SNI, e.g. with 0.9.8n:
> > :{ > I think 1.978 fixes this, although I right now have no access to a > system with an old enough openssl. > > Thanks, > Steffen
That's working now, thanks. You might see some test failures with people not knowing that they need Test::More 0.88 or later though. I'd put that requirement in the test script and META.yml next time you do a release.
  Fri Apr 04 11:58:26 2014 Steffen_Ullrich [...] genua.de - Correspondence added
Show quoted text
> > That's working now, thanks. You might see some test failures with > people not knowing that they need Test::More 0.88 or later though. I'd > put that requirement in the test script and META.yml next time you do > a release.
Oh, I forgot about that. I've made a change to not use done_testing any more. It's in git but not yet released - lets see how much breaks with the current version.
  Fri Apr 04 13:48:19 2014 paul [...] city-fan.org - Correspondence added
From: paul [...] city-fan.org
On Fri Apr 04 11:58:26 2014, SULLR wrote: Show quoted text
>
> > > > That's working now, thanks. You might see some test failures with > > people not knowing that they need Test::More 0.88 or later though. > > I'd > > put that requirement in the test script and META.yml next time you do > > a release.
> > Oh, I forgot about that. > I've made a change to not use done_testing any more. It's in git but > not yet released - lets see how much breaks with the current version.
That fix works nicely for me, thanks.