Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 84686
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: CLEACH [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in:
  • 1.79
  • 1.80
  • 1.81
  • 1.82
  • 1.83
  • 1.831
  • 1.84
  • 1.85
Fixed in: (no value)



Subject: Question about warning in configure_SSL()
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
Message-ID: <rt-4.0.11-13062-1366161479-1846.0-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 1865
Download (untitled) / with headers
text/plain 1.8k
Hello, I use this module in my Net-FTPSSL CPAN module & I've been getting questions about a message that pops up when I attempt to open a data channel using the same context as the command channel. [Bug Id 84376]. This happens when I call start_SSL($socket, \%opts), which then calls configure_SSL ($opts). Where: %opts = ( SSL_reuse_ctx => ${*$obj}{_SSL_ctx} ); This code has been working great until the recent addition of this warning in configure_SSL() starting in version 1.79. And part of the context in this case is SSL_verify_mode == 1. (SSL_VERIFY_PEER) My goal here is to eliminate this warning from my code since I'm worried that a future change to your module will otherwise break my code. But I'm concerned there may be a bug in your logic that throws this warning by mistake & may cause issues when you finally implement the changes this warning addresses. Your documentation from v1.85 says that SSL_reuse_ctx causes all options from SSL_version to SSL_check_crl to be inherited from the parent SSL context. [18 options in all.] Of which SSL_verify_mode is one of them. So shouldn't the test also include the presence of SSL_reuse_ctx as well? You wouldn't have to expand on the test since you could rely on the creation of the original SSL socket to fail instead if it didn't set SSL_verify_mode like your warning states. Existing Test: if ( ! $is_server and ! exists $arg_hash->{SSL_verify_mode} and $default_args{SSL_verify_mode} == SSL_VERIFY_NONE ) { Proposed Test: if ( ! $is_server and ! exists $arg_hash->{SSL_reuse_ctx} and ! exists $arg_hash->{SSL_verify_mode} and $default_args{SSL_verify_mode} == SSL_VERIFY_NONE ) { If this isn't enough, feel free to figure out how to check if SSL_verify_mode is set in the specified context yourself. I'd be interested in seeing how that's done myself. Curtis
MIME-Version: 1.0
In-Reply-To: <rt-4.0.11-13062-1366161479-1846.0-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.11-13062-1366161479-1846.0-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.11-8392-1366198379-1164.84686-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 312
Download (untitled) / with headers
text/plain 312b
Show quoted text
> Proposed Test: > if ( ! $is_server > and ! exists $arg_hash->{SSL_reuse_ctx} > and ! exists $arg_hash->{SSL_verify_mode}
Hi Curtis, thanks for your bug report. Your are right, that in case of SSL_reuse_ctx the check should not be done. I fixed it in 1.86 which I just uploaded. Regards, Steffen


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.