Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 104497
Status: open
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: ppisar [...] redhat.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 1.68
Fixed in: (no value)



Subject: Can't locate auto/Net/SSLeay/CTX_v3_new.al with OpenSSL-1.0.2a
Download (untitled) / with headers
text/plain 874b
Hello, I experience this failure after building Net-SSLeay-1.68 against OpenSSL-1.0.2a: $ perl -Iblib/{arch,lib} -MNet::SSLeay -e 'Net::SSLeay::CTX_v3_new()' Can't locate auto/Net/SSLeay/CTX_v3_new.al in @INC (@INC contains: blib/arch blib/lib /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at -e line 1. The reason is in SSLeay.xs: #ifndef OPENSSL_NO_SSL3 #if OPENSSL_VERSION_NUMBER < 0x10002000L SSL_CTX * SSL_CTX_v3_new() CODE: RETVAL = SSL_CTX_new (SSLv3_method()); OUTPUT: RETVAL #endif #endif The OPENSSL_NO_SSL3 is not defined, but the OPENSSL_VERSION_NUMBER increases to 0x1000201fL in case OpenSSL 1.0.2a, thus Net-SSLeay stops providing SSL_CTX_v3_new(). I know SSLv3 is going to be deprecated, but was that a reason for the macro condition?
From: paul [...] city-fan.org
Download (untitled) / with headers
text/plain 269b
On Mon May 18 09:09:26 2015, ppisar wrote: Show quoted text
> I know SSLv3 is going to be deprecated, but was that a reason for the > macro condition?
See https://rt.cpan.org/Public/Bug/Display.html?id=101484 It would appear that the reports of SSLv3's demise are a little premature.
Subject: Re: [rt.cpan.org #104497] Can't locate auto/Net/SSLeay/CTX_v3_new.al with OpenSSL-1.0.2a
Date: Mon, 18 May 2015 15:28:27 +0200
To: "paul [...] city-fan.org via RT" <bug-Net-SSLeay [...] rt.cpan.org>
From: Petr Pisar <ppisar [...] redhat.com>
Download (untitled) / with headers
text/plain 1.3k
On Mon, May 18, 2015 at 09:14:07AM -0400, paul@city-fan.org via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=104497 > > > On Mon May 18 09:09:26 2015, ppisar wrote:
> > I know SSLv3 is going to be deprecated, but was that a reason for the > > macro condition?
> > See https://rt.cpan.org/Public/Bug/Display.html?id=101484 > > It would appear that the reports of SSLv3's demise are a little premature. >
I see. The 1.0.2a still delivers the functions, ssl/ssl.h: # ifndef OPENSSL_NO_SSL2 const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ # endif # ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ # endif const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS * version */ const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available * SSL/TLS version */ const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available * SSL/TLS version */ I think removing the OPENSSL_VERSION_NUMBER checks and keeping OPENSSL_NO_* would be the best. -- Petr
Subject: Re: [rt.cpan.org #104497] Can't locate auto/Net/SSLeay/CTX_v3_new.al with OpenSSL-1.0.2a
Date: Tue, 19 May 2015 07:19:27 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 1.7k
Hi Petr, Thanks for the suggestion. Tested OK here. Fixed for the next release and in SVN 437 On Monday, May 18, 2015 09:28:47 AM Petr Pisar via RT wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=104497 > > > On Mon, May 18, 2015 at 09:14:07AM -0400, paul@city-fan.org via RT wrote:
> > <URL: https://rt.cpan.org/Ticket/Display.html?id=104497 > > > > > On Mon May 18 09:09:26 2015, ppisar wrote:
> > > I know SSLv3 is going to be deprecated, but was that a reason for the > > > macro condition?
> > > > See https://rt.cpan.org/Public/Bug/Display.html?id=101484 > > > > It would appear that the reports of SSLv3's demise are a little premature.
> > I see. The 1.0.2a still delivers the functions, ssl/ssl.h: > > # ifndef OPENSSL_NO_SSL2 > const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ > const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ > const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ > # endif > > # ifndef OPENSSL_NO_SSL3_METHOD > const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ > const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ > const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ > # endif > > const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available > SSL/TLS * version */ > const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available > * SSL/TLS version */ const SSL_METHOD *SSLv23_client_method(void); /* > Negotiate highest available * SSL/TLS version */ > > I think removing the OPENSSL_VERSION_NUMBER checks and keeping OPENSSL_NO_* > would be the best. > > -- Petr
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.