Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 106687
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL

Owner: Nobody in particular
Requestors: john [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: IO::Socket::SSL 2.017 fails on MacOS X with 5.22.0
Date: Wed, 26 Aug 2015 20:22:44 -0700
To: bug-IO-Socket-SSL [...]
From: John SJ Anderson <john [...]>
Download (untitled) / with headers
text/plain 3.6k
Specifically, this test fails: % prove -vl t/startssl.t t/startssl.t .. 1..21 ok #Server Initialization ok #Server Fileno Check ok #client tcp connect ok #tcp accept not ok #sslify server not ok #server reblessed as IO::Socket::SSL ok #0 not ok #sslify client not ok #client reblessed as IO::Socket::SSL ok #0 Dubious, test returned 1 (wstat 256, 0x100) Failed 15/21 subtests Test Summary Report ------------------- t/startssl.t (Wstat: 256 Tests: 10 Failed: 4) Failed tests: 5-6, 8-9 Non-zero exit status: 1 Parse errors: Bad plan. You planned 21 tests but ran 10. Files=1, Tests=10, 1 wallclock secs ( 0.03 usr 0.01 sys + 0.13 cusr 0.02 csys = 0.19 CPU) Result: FAIL And here's my 'perl -V': % perl -V Summary of my perl5 (revision 5 version 22 subversion 0) configuration: Platform: osname=darwin, osvers=14.4.0, archname=darwin-2level uname='darwin 14.4.0 darwin kernel version 14.4.0: thu may 28 11:35:04 pdt 2015; root:xnu-2782.30.5~1release_x86_64 x86_64 i386 macbookair4,2 darwin ' config_args='-Dprefix=/opt/plenv/versions/5.22.0 -de -Dusedevel -A'eval:scriptdir=/opt/plenv/versions/5.22.0/bin'' hint=recommended, useposix=true, d_sigaction=define useithreads=undef, usemultiplicity=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe -fstack-protector-strong -I/opt/local/include', optimize='-O3', cppflags='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe -fstack-protector-strong -I/opt/local/include' ccversion='', gccversion='4.2.1 Compatible Apple LLVM 6.1.0 (clang-602.0.53)', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-protector-strong -L/usr/local/lib -L/opt/local/lib' libpth=/Applications/ /Applications/ loper/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib /usr/local/lib /opt/local/lib libs=-lpthread -ldbm -ldl -lm -lutil -lc perllibs=-lpthread -ldl -lm -lutil -lc libc=, so=dylib, useshrplib=false, libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' ' cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup -L/usr/local/lib -L/opt/local/lib -fstack-protector-strong' Characteristics of this binary (from libperl): Compile-time options: HAS_TIMES PERLIO_LAYERS PERL_DONT_CREATE_GVSV PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_MALLOC_WRAP PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV PERL_USE_DEVEL USE_64_BIT_ALL USE_64_BIT_INT USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_PERLIO USE_PERL_ATOF Locally applied patches: Devel::PatchPerl 1.30 Built under darwin Compiled at Jul 20 2015 12:53:24 %ENV: PERL_CPANM_OPT="--skip-installed --prompt" PERL_MM_USE_DEFAULT="1" @INC: /opt/plenv/versions/5.22.0/lib/perl5/site_perl/5.22.0/darwin-2level /opt/plenv/versions/5.22.0/lib/perl5/site_perl/5.22.0 /opt/plenv/versions/5.22.0/lib/perl5/5.22.0/darwin-2level /opt/plenv/versions/5.22.0/lib/perl5/5.22.0 .
Download (untitled) / with headers
text/plain 447b
Thanks for reporting the problem. I could reproduce the problem with other perl versions and it looks like the old openssl version on darwin does not like if the server requests a client certificate but has non ciphers included in the cipher set (which also contains non-anon ciphers): ... SSL routines:SSL3_GET_CERTIFICATE_REQUEST:tls client cert req with anon cipher Fixed in 2.018 by setting to cipher suite to 'HIGH:!ADH' instead of 'HIGH'

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to