Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 118725
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: paul [...] city-fan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 2.038
Fixed in: (no value)



Subject: Tests failing with openssl 1.1.0c
Download (untitled) / with headers
text/plain 5.1k
After updating from 1.1.0b to 1.1.0c (in Fedora Rawhide), tests fail: make test PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/external/*.t # openssl version=0x1010002f # Net::SSLeay version=1.78 # parent IO::Socket::IP version=0.38 t/01loadmodule.t .................. ok t/acceptSSL-timeout.t ............. ok t/alpn.t .......................... ok t/auto_verify_hostname.t .......... ok t/cert_formats.t .................. ok t/cert_no_file.t .................. ok t/compatibility.t ................. ok t/connectSSL-timeout.t ............ Dubious, test returned 1 (wstat 256, 0x100) Failed 8/16 subtests # Failed test 'Server Getlines Check 1' # at t/core.t line 246. # got: '0' # expected: '6' # Failed test 'Server Getlines Check 2' # at t/core.t line 248. # got: undef # expected: '1.04 # ' # Failed test 'Server Getlines Check 3' # at t/core.t line 250. # got: undef # expected: '4 # ' # Failed test 'Server Getlines Check 4' # at t/core.t line 252. # got: undef # expected: 'y # ' Use of uninitialized value in join or string at t/core.t line 254. Use of uninitialized value in join or string at t/core.t line 254. Use of uninitialized value in join or string at t/core.t line 254. # Failed test 'Server Getlines Check 5' # at t/core.t line 254. # got: '' # expected: 'Test # Beaver # Beaver # ' t/core.t .......................... Failed 5/48 subtests t/dhe.t ........................... ok t/ecdhe.t ......................... ok # tcp connect to www.chksum.de:443 ok # fingerprint matches # tcp connect to www.spiegel.de:443 ok # fingerprint matches # tcp connect to revoked.grc.com:443 ok # fingerprint matches t/external/ocsp.t ................. ok t/external/usable_ca.t ............ skipped: no default CA store found t/io-socket-inet6.t ............... ok t/io-socket-ip.t .................. ok t/memleak_bad_handshake.t ......... ok t/mitm.t .......................... ok t/nonblock.t ...................... ok t/npn.t ........................... ok # -- test: newINET start_SSL stop_SSL start_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x160301 from client # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 connect_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 start_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # server accepted new client # wait for initial data from client # got 0x656e64 from client # client requested end of tests t/plain_upgrade_downgrade.t ....... ok # failed to accept SSLv3 # looks like OpenSSL was compiled without SSLv3 support t/protocol_version.t .............. ok t/public_suffix_lib_encode_idn.t .. ok t/public_suffix_lib_libidn.t ...... ok t/public_suffix_lib_uri.t ......... ok t/public_suffix_ssl.t ............. ok Use of uninitialized value $c[0] in string eq at t/readline.t line 34. Use of uninitialized value $b in string eq at t/readline.t line 48. Use of uninitialized value $b in concatenation (.) or string at t/readline.t line 48. Use of uninitialized value $c[0] in string eq at t/readline.t line 58. Use of uninitialized value $c[0] in string eq at t/readline.t line 71. Use of uninitialized value $c[0] in string eq at t/readline.t line 84. t/readline.t ...................... Failed 5/19 subtests t/session_ticket.t ................ skipped: no support for session ticket key callback t/sessions.t ...................... ok t/signal-readline.t ............... ok t/sni.t ........................... ok t/sni_verify.t .................... ok t/start-stopssl.t ................. ok t/startssl-failed.t ............... ok t/startssl.t ...................... ok t/sysread_write.t ................. ok t/verify_fingerprint.t ............ ok t/verify_hostname.t ............... ok t/verify_hostname_standalone.t .... ok Test Summary Report ------------------- t/connectSSL-timeout.t (Wstat: 256 Tests: 10 Failed: 2) Failed tests: 9-10 Non-zero exit status: 1 Parse errors: Bad plan. You planned 16 tests but ran 10. t/core.t (Wstat: 0 Tests: 48 Failed: 5) Failed tests: 22-26 t/readline.t (Wstat: 0 Tests: 19 Failed: 5) Failed tests: 4, 7, 10, 13, 16 Files=38, Tests=765, 36 wallclock secs ( 0.11 usr 0.01 sys + 3.20 cusr 0.36 csys = 3.68 CPU) Result: FAIL Failed 3/38 test programs. 12/765 subtests failed. make: *** [Makefile:791: test_dynamic] Error 255 Tests passed immediately before updating the openssl packages (and only the openssl packages).
Download (untitled) / with headers
text/plain 645b
Am Sa 12. Nov 2016, 04:02:11, paul@city-fan.org schrieb: Show quoted text
> After updating from 1.1.0b to 1.1.0c (in Fedora Rawhide), tests fail:
I think this is a bug in OpenSSL, introduced in https://github.com/openssl/openssl/commit/4880672a9b41a09a0984b55e219f02a2de7ab75e. This commit changes the documented API on SSL_read so that it now return -1 on EOF with a claimed syscall error instead of 0 as it did before and as is documented. When reverting this commit everything works again. See also https://github.com/openssl/openssl/issues/1903. This means for now I hope that OpenSSL fixes the issue so that the behavior matches again the documented API.
Download (untitled) / with headers
text/plain 289b
Show quoted text
It looks like OpenSSL reverts the behavior because it not only broke Perl but also Python and MIT KRB5. I will therefore reject this bug since the fault is not in IO::Socket::SSL and original problem gets fixed somewhere else.
Download (untitled) / with headers
text/plain 602b
Am Do 17. Nov 2016, 08:35:00, SULLR schrieb: Show quoted text
> > > It looks like OpenSSL reverts the behavior because it not only broke > Perl but also Python and MIT KRB5. I will therefore reject this bug > since the fault is not in IO::Socket::SSL and original problem gets > fixed somewhere else.
Since it looks like that the changed API will at least remain with 1.1.1 (unreleased branch) I've adapted to the new behavior of SSL_read and IO::Socket::SSL 2.039 should work transparently around the API difference between old and new OpenSSL versions.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.