Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 106645
Status: rejected
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: adam.murphy [...] redgiantmobile.com
gortan [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Net::Socket::SSL SSL_verify_mode must be a number and not a string
Date: Mon, 24 Aug 2015 14:55:58 -0700
To: bug-IO-Socket-SSL [...] rt.cpan.org
From: Adam Murphy <adam.murphy [...] redgiantmobile.com>
Download (untitled) / with headers
text/plain 625b
Hello, Our continuous integration build picked up the latest IO::Socket::SSL 2.0.017 and with that change started reporting the following error. Unable to setup message bus client: SSL_verify_mode must be a number and not a string at /opt/rghtm/script/../../lib/IO/Socket/SSL.pm line 2122 I’m not certain what additional information might be useful but there seems to have been a recent change in the handling of this configuration. I’m happy to provide any additional details that I can. Adam Murphy Director of Technical Operations redgiant Inc adam.murphy@redgiantmobile.com Skype: amurphy-rg m: 415-260-3031
Download signature.asc
application/pgp-signature 496b

Message body not shown because it is not plain text.

Subject: IO::Socket::SSL SSL_verify_mode must be a number and not a string
Download (untitled) / with headers
text/plain 1.2k
Am Mo 24. Aug 2015, 17:56:17, adam.murphy@redgiantmobile.com schrieb: Show quoted text
> Hello, > Our continuous integration build picked up the latest > IO::Socket::SSL 2.0.017 and with that change started reporting the > following error. > > Unable to setup message bus client: SSL_verify_mode must be a number > and not a string at /opt/rghtm/script/../../lib/IO/Socket/SSL.pm line > 2122 > > I’m not certain what additional information might be useful but there > seems to have been a recent change in the handling of this > configuration. I’m happy to provide any additional details that I > can.
Please have a look at your code and what you do with the SSL_verify_mode parameter there. If you set it to a string (like SSL_verify_mode => 'SSL_VERIFY_PEER') then you are doing it wrong. This is not a feature change in IO::Socket::SSL but it is code to detect wrong usage which might be even a security problem. For example the string 'SSL_VERIFY_PEER' evaluates to 0 when used as a number and this would mean that no validation is done, which was probably not the intended action. I reject this bug report because I feel that this is a bug in your application which only surfaced because of this new validation in the code. If you feel otherwise please provide the relevant part of your code which triggered the error.
Download (untitled) / with headers
text/plain 407b
Same issue here: Could not make request ..., 500 SSL_verify_mode must be a number and not a string Funny thing is: I'm not using SSL_verify_mode directly, instead I use: LWP::UserAgent->new(keep_alive => 1, ssl_opts => { verify_hostname => 0 }) as documented here: https://metacpan.org/pod/LWP::UserAgent#ua-LWP::UserAgent-new-options Versions in use: libwww-perl-6.13 Net-SSLeay-1.72 IO-Socket-SSL-2.020
Download (untitled) / with headers
text/plain 285b
On Mon Sep 28 10:01:57 2015, GORTAN wrote: Show quoted text
> Funny thing is: I'm not using SSL_verify_mode directly, instead I use: > LWP::UserAgent->new(keep_alive => 1, ssl_opts => { verify_hostname > => 0 })
Please disregard my last comment, PEBKAC. With verify_hostname, all works as expected!


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.