Skip Menu |
 

This queue is for tickets about the Crypt-SSLeay CPAN distribution.

Report information
The Basics
Id: 118343
Status: open
Priority: 0/
Queue: Crypt-SSLeay

People
Owner: Nobody in particular
Requestors: ppisar [...] redhat.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.72
Fixed in: (no value)

Attachments
0001-Do-not-use-SSLv2_client_method-with-OpenSSL-1.1.0.patch
Use_TLS_client_method-with-OpenSSL-1.1.1.patch



Subject: Tests fail with OpenSSL 1.1.0
Download (untitled) / with headers
text/plain 604b
After upgrading OpenSSL to 1.1.0b, tests fail like this: # Failed test 'use Crypt::SSLeay;' # at t/00-basic.t line 6. # Tried to use 'Crypt::SSLeay'. # Error: Can't load '/home/test/fedora/perl-Crypt-SSLeay/Crypt-SSLeay-0.72/blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: /home/test/fedora/perl-Crypt-SSLeay/Crypt-SSLeay-0.72/blib/arch/auto/Crypt/SSLeay/SSLeay.so: undefined symbol: SSLv2_client_method at /usr/lib64/perl5/DynaLoader.pm line 193. # at t/00-basic.t line 6. This is because OpenSSL 1.1.0 removed support for SSLv2 <https://www.openssl.org/news/cl110.txt>.
From: ppisar [...] redhat.com
Download (untitled) / with headers
text/plain 342b
Dne St 12.říj.2016 04:36:31, ppisar napsal(a): Show quoted text
> This is because OpenSSL 1.1.0 removed support for SSLv2 > <https://www.openssl.org/news/cl110.txt>.
Attached patch stoppes using SSLv2_client_method() with OpenSSL 1.1.0 and newer. Please note OpenSSL 1.1.0 also deprecated SSLv3 and recommends using TLS methods. I did not touch that part.
Subject: 0001-Do-not-use-SSLv2_client_method-with-OpenSSL-1.1.0.patch
From 1c725e333e9d20b87346fb394a1d01fa5be4fbaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> Date: Wed, 12 Oct 2016 10:46:22 +0200 Subject: [PATCH] Do not use SSLv2_client_method() with OpenSSL >= 1.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SSLv2 support was removed from OpenSSL 1.1.0. CPAN RT#118343 Signed-off-by: Petr Písař <ppisar@redhat.com> --- SSLeay.xs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SSLeay.xs b/SSLeay.xs index 1560604..ba0dd24 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -152,7 +152,7 @@ SSL_CTX_new(packname, ssl_version) ctx = SSL_CTX_new(SSLv3_client_method()); } else { -#ifndef OPENSSL_NO_SSL2 +#if !defined OPENSSL_NO_SSL2 && OPENSSL_VERSION_NUMBER < 0x10100000L /* v2 is the default */ ctx = SSL_CTX_new(SSLv2_client_method()); #else -- 2.7.4
Download (untitled) / with headers
text/plain 793b
On Wed Oct 12 04:36:31 2016, ppisar wrote: Show quoted text
> After upgrading OpenSSL to 1.1.0b, tests fail like this: > > # Failed test 'use Crypt::SSLeay;' > # at t/00-basic.t line 6. > # Tried to use 'Crypt::SSLeay'. > # Error: Can't load '/home/test/fedora/perl-Crypt-SSLeay/Crypt- > SSLeay-0.72/blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module > Crypt::SSLeay: /home/test/fedora/perl-Crypt-SSLeay/Crypt-SSLeay- > 0.72/blib/arch/auto/Crypt/SSLeay/SSLeay.so: undefined symbol: > SSLv2_client_method at /usr/lib64/perl5/DynaLoader.pm line 193. > # at t/00-basic.t line 6. > > This is because OpenSSL 1.1.0 removed support for SSLv2 > <https://www.openssl.org/news/cl110.txt>.
Attached patch stops using SSLv3_client_method() with OpenSSL 1.1.1. TheTLS_client_method method is used instead.
Subject: Use_TLS_client_method-with-OpenSSL-1.1.1.patch
--- SSLeay.xs.bak 2020-04-30 14:48:03.897259294 +0000 +++ SSLeay.xs 2020-04-30 14:51:14.193744640 +0000 @@ -149,15 +149,15 @@ ctx = SSL_CTX_new(SSLv23_client_method()); } else if(ssl_version == 3) { - ctx = SSL_CTX_new(SSLv3_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); } else { -#ifndef OPENSSL_NO_SSL2 +#if !defined OPENSSL_NO_SSL2 && OPENSSL_VERSION_NUMBER < 0x10100000L /* v2 is the default */ ctx = SSL_CTX_new(SSLv2_client_method()); #else /* v3 is the default */ - ctx = SSL_CTX_new(SSLv3_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); #endif }


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.