Skip Menu |
 

This queue is for tickets about the libnet CPAN distribution.

Report information
The Basics
Id: 100529
Status: resolved
Priority: 0/
Queue: libnet

People
Owner: Nobody in particular
Requestors: zefram [...] fysh.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: SSL capability breaks use of data connection
Date: Mon, 24 Nov 2014 15:22:11 +0000
To: bug-libnet [...] rt.cpan.org
From: Zefram <zefram [...] fysh.org>
Download (untitled) / with headers
text/plain 722b
I have some code that uses $ftp->retr($file) to acquire a data connection handle and then calls $conn->getline repeatedly to read directly from it. This used to work. But when using libnet-3.02, the getline call returns undef (indicating end-of-file) without the process ever actually attempting at the syscall level to read from the data socket or even checking whether the socket is readable. It looks like this is a result of using IO::Socket::SSL to manage the data socket. This is not an SSL-using session, and patching Net::FTP to use IO::Socket::INET instead of IO::Socket::SSL makes the code work again. I suggest that IO::Socket::SSL shouldn't be used unless the particular connection requires SSL. -zefram
Download (untitled) / with headers
text/plain 1.5k
On Mon Nov 24 10:22:31 2014, zefram@fysh.org wrote: Show quoted text
> I have some code that uses $ftp->retr($file) to acquire a data connection > handle and then calls $conn->getline repeatedly to read directly > from it. This used to work. But when using libnet-3.02, the getline > call returns undef (indicating end-of-file) without the process ever > actually attempting at the syscall level to read from the data socket > or even checking whether the socket is readable. It looks like this is > a result of using IO::Socket::SSL to manage the data socket. This is > not an SSL-using session, and patching Net::FTP to use IO::Socket::INET > instead of IO::Socket::SSL makes the code work again. > > I suggest that IO::Socket::SSL shouldn't be used unless the particular > connection requires SSL.
Thanks for reporting the problem. The reason for this problem was, that IO::Socket::SSL did not implement getline properly when used in plain mode. This is fixed in IO::Socket::SSL version 2.007. Some Background: Since version 1.994 IO::Socket::SSL can be used in SSL-mode (as before) and also in plain mode and can switch between these modes with start_SSL and stop_SSL. This was explicitly done to support modules like Net::FTP. While it would be nice to make Net::FTP use IO::Socket::SSL only if SSL is actually used, the current design of Net::FTP would mean that Net::FTP::dataconn might need to change the super class for each connection, depending on the required protection mode. This would be a very bad hack and would definitely cause problem when used together with threads. Regards, Steffen Ullrich (Maintainer IO::Socket::SSL)
On Wed Nov 26 17:08:37 2014, SULLR wrote: Show quoted text
> On Mon Nov 24 10:22:31 2014, zefram@fysh.org wrote:
> > I have some code that uses $ftp->retr($file) to acquire a data > > connection > > handle and then calls $conn->getline repeatedly to read directly > > from it. This used to work. But when using libnet-3.02, the getline > > call returns undef (indicating end-of-file) without the process ever > > actually attempting at the syscall level to read from the data socket > > or even checking whether the socket is readable. It looks like this > > is > > a result of using IO::Socket::SSL to manage the data socket. This is > > not an SSL-using session, and patching Net::FTP to use > > IO::Socket::INET > > instead of IO::Socket::SSL makes the code work again. > > > > I suggest that IO::Socket::SSL shouldn't be used unless the > > particular > > connection requires SSL.
> > Thanks for reporting the problem. > The reason for this problem was, that IO::Socket::SSL did not > implement getline > properly when used in plain mode. This is fixed in IO::Socket::SSL > version 2.007. > > > Some Background: > Since version 1.994 IO::Socket::SSL can be used in SSL-mode (as > before) and > also in plain mode and can switch between these modes with start_SSL > and > stop_SSL. This was explicitly done to support modules like Net::FTP. > While it would be nice to make Net::FTP use IO::Socket::SSL only if > SSL > is actually used, the current design of Net::FTP would mean that > Net::FTP::dataconn might need to change the super class for each > connection, > depending on the required protection mode. > This would be a very bad hack and would definitely cause problem when > used > together with threads. >
Many thanks for looking at this, Steffen. I agree that dynamically changing superclass would be a bad idea, so I would propose simply having libnet require IO::Socket::SSL v2.007 or higher if it uses IO::Socket::SSL at all to avoid this problem. Zefram: Would that be acceptable to you, or would you still prefer finding some (other!) way to have it not use IO::Socket::SSL at all when no SSL is involved, if that's possible?
Download (untitled) / with headers
text/plain 380b
On Wed Nov 26 18:06:03 2014, SHAY wrote: Show quoted text
> I agree that dynamically changing superclass would be a bad idea, so I > would propose simply having libnet require IO::Socket::SSL v2.007 or > higher if it uses IO::Socket::SSL at all to avoid this problem.
This is now done in the GitHub repo: https://github.com/steve-m-hay/perl-libnet/commit/4dadbf4eb332a886023b2451ab3ef08d9af31423
Subject: Re: [rt.cpan.org #100529] SSL capability breaks use of data connection
Date: Thu, 27 Nov 2014 13:49:07 +0000
To: Steve Hay via RT <bug-libnet [...] rt.cpan.org>
From: Zefram <zefram [...] fysh.org>
Download (untitled) / with headers
text/plain 300b
Steve Hay via RT wrote: Show quoted text
>I would propose simply having libnet require IO::Socket::SSL v2.007 or >higher if it uses IO::Socket::SSL at all to avoid this problem.
Sounds good to me. I have no great objection to IO::Socket::SSL being involved if it successfully passes plain traffic through. -zefram
Download (untitled) / with headers
text/plain 504b
On Thu Nov 27 08:49:22 2014, zefram@fysh.org wrote: Show quoted text
> Steve Hay via RT wrote:
> >I would propose simply having libnet require IO::Socket::SSL v2.007 or > >higher if it uses IO::Socket::SSL at all to avoid this problem.
> > Sounds good to me. I have no great objection to IO::Socket::SSL being > involved if it successfully passes plain traffic through. >
Thanks. I will close this ticket then since the change is already in GitHub. It will appear in libnet version 3.03 in the not too distant future.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.