This queue is for tickets about the AnyEvent CPAN distribution.

Report information
The Basics

Nobody in particular
zvpunry [...]

(no value)
Broken in:
(no value)
Fixed in:
(no value)

Subject: AnyEvent::Handle OpenSSL incompatibility
Date: Thu, 8 Mar 2018 11:18:46 +0100
From: Michael Loeffler <>
Hello, SSL_ST_OK and similar defines got removed from OpenSSL. This causes Net::SSLeay::ST_OK() to die() when it is called. In AnyEvent::Handle::_dotls() is the following code which calls it, if on_starttls is set:   $self->{_on_starttls}       and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK ()       and (delete $self->{_on_starttls})->($self, 1, "TLS/SSL connection established"); This breaks AnyEvent::Handle if starttls() is called and an on_starttls handler is set. Additional Information: I use Debian 9 (stretch) with libssl1.1 1.1.0f-3+deb9u1, libnet-ssleay-perl 1.80-1 and libanyevent-perl 7.130-2 perl -e 'use Net::SSLeay; print Net::SSLeay::SSLeay_version(), "\n"; print Net::SSLeay::ST_OK(), "\n";' If this dies with "Your vendor has not defined SSLeay macro ST_OK", then the OpenSSL version is recent enough to reproduce the error. To trigger the Error in AnyEvent::Handle. The change in OpenSSL came with commit f3ae986218ad2269758f4994ffe137b8233dc0b8 in git:// Best Regards, Michael Löffler
Subject: Re: [ #124723] AnyEvent::Handle OpenSSL incompatibility
Date: Fri, 9 Mar 2018 01:08:17 +0100
To: Michael Loeffler via RT <>
From: Marc Lehmann <>
Hi! Please send your bug report to the official contact/author address for the module in question (or send it to, that's fine as well). What follows is the rationale for this request, you don't have to read it if you don't care. Why is this necessary? has many deficiencies which makes it tedious and hard to use, increasing the workload on the people who provide all the perl modules you probably appreciate (and that is really to be avoided - module authors should be able to invest all their time into improving their modules and not fighting with's bugs). Still, for some people, is useful to have, and some people even like it and really want to use it. That is fine, too. Unfortunately, the designers of didn't make their "service" optional - you can neither opt-in nor opt-out of as a module author. Just like a spammer, forces its "service" (whether wanted or unwanted) on everybody. Just like a spammer, they don't care for the people they actively hurt. Just like a spammer, they don't don't care to fix these issues and make their "service" ethically acceptable. You cannot even configure it to redirect tickets to somewhere else. Unfortunately, ignoring is not an option either: for people reporting possible bugs there is no indication that their report will be ignored, and for module authors it means they miss potentially vital bug reports such as yours (and of course it's a great impression if has lots of bug reports that are unanswered, making a module look unmaintained when in fact the opposite might be true). I am sorry that this wasted a bit of your time, but please understand that I am just as much a victim as you are - the problem is the unethical stance of the providers who force their "service" on everybody. Please redirect your bug report as stated in the beginning of this mail, and please consider petitioning the providers to stop their unethical behaviour and allow opt-in, opt-out, or some redirect option. One last issue: many people mail me that this can be "fixed" by including the bugtracker element in my module meta file. This is not true: 1. This field only affects and maybe similar services. (Many people confuse with for some reason). 2. It doesn't even work (there are still links to displayed). 3. Even if does no longer display the link, it doesn't actually affect (and tests have shown that people go to regardless) Even *iff* would start listening on the bugtracker field, however, it's still wrong. I have a lot of modules, and each time a service like comes out, I would have to make dummy releases for all my modules. This not only creates a lot of extra work for me (I take releases very seriously) but also users, who would wonder why there is a new release. Thanks a lot, Marc Lehmann <> Last updated: 2012-04-22
On Thu Mar 08 10:38:24 2018, wrote:
Show quoted text
> SSL_ST_OK and similar defines got removed from OpenSSL. This causes > Net::SSLeay::ST_OK() to die() when it is called.
Net-SSLeay 1.86_05 exposes the OpenSSL function SSL_is_init_finished(), and I've submitted a patch to the AnyEvent mailing list [1] suggesting the use of Net::SSLeay::is_init_finished(...) instead of Net::SSLeay::state(...) == Net::SSLeay::ST_OK() so that AnyEvent will work with OpenSSL 1.1.0 onwards. [1]

This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with to