Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 121016
Status: open
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: GURWALL [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: DTLS support
Hello, these patches add dtlsv1 and dtlsv1.2 functions and some useful BIO functions.
Subject: ssleay-pm-dtls.patch
--- Net-SSLeay-1.81/lib/Net/SSLeay.pm 2017-03-27 16:59:48.000000000 -0400 +++ Net-SSLeay-1.81-dtls-patch/lib/Net/SSLeay.pm 2017-04-06 18:34:50.220077007 -0400 @@ -32,6 +32,8 @@ # 10 = insist on TLSv1 # 11 = insist on TLSv1.1 # 12 = insist on TLSv1.2 +# 1010 = insist on DTLSv1 +# 1012 = insist on DTLSv1.2 # 0 or undef = guess (v23) # $Net::SSLeay::ssl_version = 0; # don't change here, use @@ -92,8 +94,8 @@ ERROR_NONE NID_info_access OP_NO_TICKET ERROR_SSL NID_initials OP_NO_TLSv1 ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1 - ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2 - ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1 + ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2 +ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1 ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2 ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE @@ -215,7 +217,9 @@ NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ - NID_email_protect OP_COOKIE_EXCHANGE + NID_email_protect OP_COOKIE_EXCHANGE OP_NO_DTLSv1 + OP_NO_DTLSv1_2 + BIO_eof BIO_f_ssl BIO_free @@ -226,6 +230,14 @@ BIO_s_mem BIO_wpending BIO_write + BIO_new_dgram + BIO_ctrl_dgram_connect + BIO_ctrl_set_connected + BIO_dgram_recv_timedout + BIO_dgram_send_timedout + BIO_dgram_get_peer + BIO_dgram_set_peer + BIO_dgram_get_mtu_overhead CTX_free CTX_get_cert_store CTX_new @@ -234,6 +246,9 @@ CTX_v23_new CTX_v2_new CTX_v3_new + DTLSv1_get_timeout + DTLSv1_handle_timeout + DTLSv1_listen ERR_error_string ERR_get_error ERR_load_RAND_strings @@ -959,6 +974,20 @@ } $ctx = CTX_tlsv1_2_new; } + elsif ($ssl_version == 1010) { + unless (exists &Net::SSLeay::CTX_dtlsv1_new) { + warn "ssl_version has been set to 1010, but this version of OpenSSL has been compiled without DTLSv1 support"; + return undef; + } + $ctx = CTX_dtlsv1_new; + } + elsif ($ssl_version == 1012) { + unless (exists &Net::SSLeay::CTX_dtlsv1_2_new) { + warn "ssl_version has been set to 1012, but this version of OpenSSL has been compiled without DTLSv1.2 support"; + return undef; + } + $ctx = CTX_dtlsv1_2_new; + } else { $ctx = CTX_new(); } return $ctx; }
Subject: ssleay-xs-dtls.patch
--- Net-SSLeay-1.81/SSLeay.xs 2017-03-03 23:25:15.000000000 -0500 +++ Net-SSLeay-1.81-dtls-patch/SSLeay.xs 2017-04-06 18:37:19.050240011 -0400 @@ -161,6 +161,7 @@ */ #define BLOCK OPENSSL_BLOCK #include <openssl/err.h> +#include <openssl/bio.h> #include <openssl/lhash.h> #include <openssl/rand.h> #include <openssl/buffer.h> @@ -1607,6 +1608,23 @@ #endif SSL_CTX * +SSL_CTX_dtlsv1_new() + CODE: + RETVAL = SSL_CTX_new (DTLSv1_method()); + OUTPUT: + RETVAL + + + +SSL_CTX * +SSL_CTX_dtlsv1_2_new() + CODE: + RETVAL = SSL_CTX_new (DTLSv1_2_method()); + OUTPUT: + RETVAL + + +SSL_CTX * SSL_CTX_new_with_method(meth) SSL_METHOD * meth CODE: @@ -4009,6 +4027,39 @@ #endif +const SSL_METHOD * +DTLSv1_method() + +const SSL_METHOD * +DTLSv1_2_method() + +long +DTLSv1_get_timeout(ssl,arg) + SSL *ssl + void *arg + CODE: + RETVAL = SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg); + OUTPUT: + RETVAL + + +long +DTLSv1_handle_timeout(ssl) + SSL *ssl + CODE: + RETVAL = SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL); + OUTPUT: + RETVAL + +long +DTLSv1_listen(ssl,peer) + SSL *ssl + void *peer + CODE: + RETVAL = SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer); + OUTPUT: + RETVAL + #if OPENSSL_VERSION_NUMBER < 0x10000000L @@ -4105,6 +4156,73 @@ BIO_ssl_shutdown(ssl_bio) BIO * ssl_bio +BIO * +BIO_new_dgram(sock,flag) + int sock + int flag + +int +BIO_ctrl_dgram_connect(b,peer) + BIO *b + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT, 0,(char *) peer); + OUTPUT: + RETVAL + +int +BIO_ctrl_set_connected(b, state, peer) + BIO *b + int state + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_SET_CONNECTED, state,(char *) peer); + OUTPUT: + RETVAL + +int +BIO_dgram_recv_timedout(b) + BIO *b + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0,NULL); + OUTPUT: + RETVAL + +int +BIO_dgram_send_timedout(b) + BIO *b + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0,NULL); + OUTPUT: + RETVAL + + +int +BIO_dgram_get_peer(b,peer) + BIO *b + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_PEER, 0,(char *) peer); + OUTPUT: + RETVAL + +int +BIO_dgram_set_peer(b,peer) + BIO *b + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_SET_PEER, 0,(char *) peer); + OUTPUT: + RETVAL + +unsigned int +BIO_dgram_get_mtu_overhead(b) + BIO *b + CODE: + RETVAL = (unsigned int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0,NULL); + OUTPUT: + RETVAL + int SSL_add_client_CA(ssl,x) SSL * ssl
Subject: Re: [rt.cpan.org #121016] DTLS support
Date: Sat, 8 Apr 2017 07:11:18 +0100
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 5.1k
Thanks. It will be some time before I can look at this. Cheers Sent from my iPhone Show quoted text
> On 8 Apr 2017, at 1:37 am, Franck Rupin via RT <bug-Net-SSLeay@rt.cpan.org> wrote: > > Fri Apr 07 20:37:08 2017: Request 121016 was acted upon. > Transaction: Ticket created by GURWALL > Queue: Net-SSLeay > Subject: DTLS support > Broken in: (no value) > Severity: Wishlist > Owner: Nobody > Requestors: GURWALL@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=121016 > > > > Hello, > > these patches add dtlsv1 and dtlsv1.2 functions and some useful BIO functions. > > > --- Net-SSLeay-1.81/lib/Net/SSLeay.pm 2017-03-27 16:59:48.000000000 -0400 +++ Net-SSLeay-1.81-dtls-patch/lib/Net/SSLeay.pm 2017-04-06 18:34:50.220077007 -0400 @@ -32,6 +32,8 @@ # 10 = insist on TLSv1 # 11 = insist on TLSv1.1 # 12 = insist on TLSv1.2 +# 1010 = insist on DTLSv1 +# 1012 = insist on DTLSv1.2 # 0 or undef = guess (v23) # $Net::SSLeay::ssl_version = 0; # don't change here, use @@ -92,8 +94,8 @@ ERROR_NONE NID_info_access OP_NO_TICKET ERROR_SSL NID_initials OP_NO_TLSv1 ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1 - ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2 - ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1 + ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2 +ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1 ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2 ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE @@ -215,7 +217,9 @@ NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ - NID_email_protect OP_COOKIE_EXCHANGE + NID_email_protect OP_COOKIE_EXCHANGE OP_NO_DTLSv1 + OP_NO_DTLSv1_2 + BIO_eof BIO_f_ssl BIO_free @@ -226,6 +230,14 @@ BIO_s_mem BIO_wpending BIO_write + BIO_new_dgram + BIO_ctrl_dgram_connect + BIO_ctrl_set_connected + BIO_dgram_recv_timedout + BIO_dgram_send_timedout + BIO_dgram_get_peer + BIO_dgram_set_peer + BIO_dgram_get_mtu_overhead CTX_free CTX_get_cert_store CTX_new @@ -234,6 +246,9 @@ CTX_v23_new CTX_v2_new CTX_v3_new + DTLSv1_get_timeout + DTLSv1_handle_timeout + DTLSv1_listen ERR_error_string ERR_get_error ERR_load_RAND_strings @@ -959,6 +974,20 @@ } $ctx = CTX_tlsv1_2_new; } + elsif ($ssl_version == 1010) { + unless (exists &Net::SSLeay::CTX_dtlsv1_new) { + warn "ssl_version has been set to 1010, but this version of OpenSSL has been compiled without DTLSv1 support"; + return undef; + } + $ctx = CTX_dtlsv1_new; + } + elsif ($ssl_version == 1012) { + unless (exists &Net::SSLeay::CTX_dtlsv1_2_new) { + warn "ssl_version has been set to 1012, but this version of OpenSSL has been compiled without DTLSv1.2 support"; + return undef; + } + $ctx = CTX_dtlsv1_2_new; + } else { $ctx = CTX_new(); } return $ctx; } > --- Net-SSLeay-1.81/SSLeay.xs 2017-03-03 23:25:15.000000000 -0500 +++ Net-SSLeay-1.81-dtls-patch/SSLeay.xs 2017-04-06 18:37:19.050240011 -0400 @@ -161,6 +161,7 @@ */ #define BLOCK OPENSSL_BLOCK #include +#include #include #include #include @@ -1607,6 +1608,23 @@ #endif SSL_CTX * +SSL_CTX_dtlsv1_new() + CODE: + RETVAL = SSL_CTX_new (DTLSv1_method()); + OUTPUT: + RETVAL + + + +SSL_CTX * +SSL_CTX_dtlsv1_2_new() + CODE: + RETVAL = SSL_CTX_new (DTLSv1_2_method()); + OUTPUT: + RETVAL + + +SSL_CTX * SSL_CTX_new_with_method(meth) SSL_METHOD * meth CODE: @@ -4009,6 +4027,39 @@ #endif +const SSL_METHOD * +DTLSv1_method() + +const SSL_METHOD * +DTLSv1_2_method() + +long +DTLSv1_get_timeout(ssl,arg) + SSL *ssl + void *arg + CODE: + RETVAL = SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg); + OUTPUT: + RETVAL + + +long +DTLSv1_handle_timeout(ssl) + SSL *ssl + CODE: + RETVAL = SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL); + OUTPUT: + RETVAL + +long +DTLSv1_listen(ssl,peer) + SSL *ssl + void *peer + CODE: + RETVAL = SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer); + OUTPUT: + RETVAL + #if OPENSSL_VERSION_NUMBER < 0x10000000L @@ -4105,6 +4156,73 @@ BIO_ssl_shutdown(ssl_bio) BIO * ssl_bio +BIO * +BIO_new_dgram(sock,flag) + int sock + int flag + +int +BIO_ctrl_dgram_connect(b,peer) + BIO *b + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT, 0,(char *) peer); + OUTPUT: + RETVAL + +int +BIO_ctrl_set_connected(b, state, peer) + BIO *b + int state + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_SET_CONNECTED, state,(char *) peer); + OUTPUT: + RETVAL + +int +BIO_dgram_recv_timedout(b) + BIO *b + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0,NULL); + OUTPUT: + RETVAL + +int +BIO_dgram_send_timedout(b) + BIO *b + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0,NULL); + OUTPUT: + RETVAL + + +int +BIO_dgram_get_peer(b,peer) + BIO *b + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_PEER, 0,(char *) peer); + OUTPUT: + RETVAL + +int +BIO_dgram_set_peer(b,peer) + BIO *b + void *peer + CODE: + RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_SET_PEER, 0,(char *) peer); + OUTPUT: + RETVAL + +unsigned int +BIO_dgram_get_mtu_overhead(b) + BIO *b + CODE: + RETVAL = (unsigned int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0,NULL); + OUTPUT: + RETVAL + int SSL_add_client_CA(ssl,x) SSL * ssl
Subject: Re: [rt.cpan.org #121016] DTLS support
Date: Thu, 01 Jun 2017 14:03:55 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hello, thanks for sending these, but alas I dont think I can accept them in their current form: 1. They appear to be inconsistant with some earlier versions of openssl, for example I get various compile errors with openssl-1.0.0 and openssl-0.9.8i 2. I dont understand why you do not use eg: RETVAL = BIO_ctrl_dgram_connect(b, peer); instead of RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT, 0,(char *) peer); Cheers. On Friday, 7 April 2017 8:37:20 PM AEST you wrote: Show quoted text
> Fri Apr 07 20:37:08 2017: Request 121016 was acted upon. > Transaction: Ticket created by GURWALL > Queue: Net-SSLeay > Subject: DTLS support > Broken in: (no value) > Severity: Wishlist > Owner: Nobody > Requestors: GURWALL@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=121016 > > > > Hello, > > these patches add dtlsv1 and dtlsv1.2 functions and some useful BIO > functions.
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.