Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 96013
Status: resolved
Priority: 0/
Queue: Net-SSLeay
People
Owner: MIKEM [...] cpan.org
Requestors: sullr [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in:
  • 1.58
  • 1.59
  • 1.60
  • 1.61
  • 1.62
  • 1.63
Fixed in: 1.65

History Show all quoted text
  Tue May 27 12:46:10 2014 Steffen_Ullrich [...] genua.de - Ticket created
Subject: get_peer_cert_chain with anon authentication returns SSL object instead of empty list
Hi, if the SSL handshake results in an anonymous authentication, like ADH-DES-CBC3-SHA, get_peer_cert_chain will not return an empty list, but instead return the SSL object. Example: use strict; use Net::SSLeay; use IO::Socket::INET; # anon cipher - no certificates will be transferred my $cipher = 'ADH-DES-CBC3-SHA'; my $fd = IO::Socket::INET->new('www.kmcgov.in:443') or die "tcp connect failed: $!"; Net::SSLeay::initialize(); my $ctx = Net::SSLeay::CTX_new() or die "failed to create CTX"; Net::SSLeay::CTX_set_cipher_list($ctx,$cipher); my $ssl = Net::SSLeay::new($ctx) or die "failed to create SSL"; Net::SSLeay::set_fd($ssl,$fd); Net::SSLeay::connect($ssl) or die "failed to SSL connect"; my @chain = Net::SSLeay::get_peer_cert_chain($ssl); warn "get_peer_cert_chain($ssl) -> @chain"; With the current implementation it will return something like this: get_peer_cert_chain(28270720) -> 28270720 E.g. it will leave the stack unchanged and thus return what was put onto the stack. The following change will fix it and return an empty list as expected: --- SSLeay.xs (revision 412) +++ SSLeay.xs (working copy) @@ -1818,7 +1818,7 @@ PPCODE: chain = SSL_get_peer_cert_chain(s); if( chain == NULL ) { - return; + XSRETURN_EMPTY; } for (i=0; i<sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); Regards, Steffen
  Tue May 27 20:59:32 2014 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #96013] get_peer_cert_chain with anon authentication returns SSL object instead of empty list
Date: Wed, 28 May 2014 10:59:18 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hi Steffen, Thanks. Fixed in SVN 413. On Tuesday, May 27, 2014 12:46:11 PM Steffen Ullrich via RT wrote: Show quoted text
> Tue May 27 12:46:10 2014: Request 96013 was acted upon. > Transaction: Ticket created by SULLR > Queue: Net-SSLeay > Subject: get_peer_cert_chain with anon authentication returns SSL > object instead of empty list > Broken in: 1.58, 1.59, 1.60, 1.61, 1.62, 1.63 > Severity: (no value) > Owner: Nobody > Requestors: sullr@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=96013 > > > > Hi, > if the SSL handshake results in an anonymous authentication, like > ADH-DES-CBC3-SHA, get_peer_cert_chain will not return an empty list, but > instead return the SSL object. Example: > > use strict; > use Net::SSLeay; > use IO::Socket::INET; > > # anon cipher - no certificates will be transferred > my $cipher = 'ADH-DES-CBC3-SHA'; > > my $fd = IO::Socket::INET->new('www.kmcgov.in:443') > or die "tcp connect failed: $!"; > > Net::SSLeay::initialize(); > my $ctx = Net::SSLeay::CTX_new() or die "failed to create CTX"; > Net::SSLeay::CTX_set_cipher_list($ctx,$cipher); > my $ssl = Net::SSLeay::new($ctx) or die "failed to create SSL"; > Net::SSLeay::set_fd($ssl,$fd); > Net::SSLeay::connect($ssl) or die "failed to SSL connect"; > > my @chain = Net::SSLeay::get_peer_cert_chain($ssl); > warn "get_peer_cert_chain($ssl) -> @chain"; > > With the current implementation it will return something like this: > get_peer_cert_chain(28270720) -> 28270720 > E.g. it will leave the stack unchanged and thus return what was put onto the > stack. > > The following change will fix it and return an empty list as expected: > > --- SSLeay.xs (revision 412) > +++ SSLeay.xs (working copy) > @@ -1818,7 +1818,7 @@ > PPCODE: > chain = SSL_get_peer_cert_chain(s); > if( chain == NULL ) { > - return; > + XSRETURN_EMPTY; > } > for (i=0; i<sk_X509_num(chain); i++) { > x = sk_X509_value(chain, i); > > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474 Fax +61 7 5598-7070
  Tue May 27 20:59:33 2014 The RT System itself - Status changed from 'new' to 'open'
  Wed Aug 27 19:37:21 2014 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'
  Wed Aug 27 19:37:21 2014 MIKEM [...] cpan.org - Taken
  Wed Aug 27 19:37:21 2014 MIKEM [...] cpan.org - Fixed in 1.65 added