Skip Menu |
 

This queue is for tickets about the AnyEvent CPAN distribution.

Report information
The Basics
Id: 124723
Status: open
Priority: 0/
Queue: AnyEvent

People
Owner: Nobody in particular
Requestors: zvpunry [...] zvpunry.de
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: AnyEvent::Handle OpenSSL incompatibility
Date: Thu, 8 Mar 2018 11:18:46 +0100
To: bug-AnyEvent [...] rt.cpan.org
From: Michael Loeffler <zvpunry [...] zvpunry.de>
Hello, SSL_ST_OK and similar defines got removed from OpenSSL. This causes Net::SSLeay::ST_OK() to die() when it is called. In AnyEvent::Handle::_dotls() is the following code which calls it, if on_starttls is set:   $self->{_on_starttls}       and Net::SSLeay::state ($self->{tls}) == Net::SSLeay::ST_OK ()       and (delete $self->{_on_starttls})->($self, 1, "TLS/SSL connection established"); This breaks AnyEvent::Handle if starttls() is called and an on_starttls handler is set. Additional Information: I use Debian 9 (stretch) with libssl1.1 1.1.0f-3+deb9u1, libnet-ssleay-perl 1.80-1 and libanyevent-perl 7.130-2 perl -e 'use Net::SSLeay; print Net::SSLeay::SSLeay_version(), "\n"; print Net::SSLeay::ST_OK(), "\n";' If this dies with "Your vendor has not defined SSLeay macro ST_OK", then the OpenSSL version is recent enough to reproduce the error. To trigger the Error in AnyEvent::Handle. The change in OpenSSL came with commit f3ae986218ad2269758f4994ffe137b8233dc0b8 in git://git.openssl.org/openssl.git Best Regards, Michael Löffler
Subject: Re: [rt.cpan.org #124723] AnyEvent::Handle OpenSSL incompatibility
Date: Fri, 9 Mar 2018 01:08:17 +0100
To: Michael Loeffler via RT <bug-AnyEvent [...] rt.cpan.org>
From: Marc Lehmann <schmorp [...] schmorp.de>
Hi! Please send your bug report to the official contact/author address for the module in question (or send it to rt.cpan.org@schmorp.de, that's fine as well). What follows is the rationale for this request, you don't have to read it if you don't care. Why is this necessary? rt.cpan.org has many deficiencies which makes it tedious and hard to use, increasing the workload on the people who provide all the perl modules you probably appreciate (and that is really to be avoided - module authors should be able to invest all their time into improving their modules and not fighting with rt.cpan.org's bugs). Still, for some people, rt.cpan.org is useful to have, and some people even like it and really want to use it. That is fine, too. Unfortunately, the designers of rt.cpan.org didn't make their "service" optional - you can neither opt-in nor opt-out of rt.cpan.org as a module author. Just like a spammer, rt.cpan.org forces its "service" (whether wanted or unwanted) on everybody. Just like a spammer, they don't care for the people they actively hurt. Just like a spammer, they don't don't care to fix these issues and make their "service" ethically acceptable. You cannot even configure it to redirect tickets to somewhere else. Unfortunately, ignoring rt.cpan.org is not an option either: for people reporting possible bugs there is no indication that their report will be ignored, and for module authors it means they miss potentially vital bug reports such as yours (and of course it's a great impression if rt.cpan.org has lots of bug reports that are unanswered, making a module look unmaintained when in fact the opposite might be true). I am sorry that this wasted a bit of your time, but please understand that I am just as much a victim as you are - the problem is the unethical stance of the rt.cpan.org providers who force their "service" on everybody. Please redirect your bug report as stated in the beginning of this mail, and please consider petitioning the rt.cpan.org providers to stop their unethical behaviour and allow opt-in, opt-out, or some redirect option. One last issue: many people mail me that this can be "fixed" by including the bugtracker element in my module meta file. This is not true: 1. This field only affects search.cpan.org and maybe similar services. (Many people confuse rt.cpan.org with search.cpan.org for some reason). 2. It doesn't even work (there are still links to rt.cpan.org displayed). 3. Even if search.cpan.org does no longer display the link, it doesn't actually affect rt.cpan.org (and tests have shown that people go to rt.cpan.org regardless) Even *iff* rt.cpan.org would start listening on the bugtracker field, however, it's still wrong. I have a lot of modules, and each time a service like rt.cpan.org comes out, I would have to make dummy releases for all my modules. This not only creates a lot of extra work for me (I take releases very seriously) but also users, who would wonder why there is a new release. Thanks a lot, Marc Lehmann <rt.cpan.org@schmorp.de> Last updated: 2012-04-22
RT-Send-CC: RADIATOR [...] cpan.org
Download (untitled) / with headers
text/plain 546b
On Thu Mar 08 10:38:24 2018, zvpunry@zvpunry.de wrote: Show quoted text
> SSL_ST_OK and similar defines got removed from OpenSSL. This causes > Net::SSLeay::ST_OK() to die() when it is called.
Net-SSLeay 1.86_05 exposes the OpenSSL function SSL_is_init_finished(), and I've submitted a patch to the AnyEvent mailing list [1] suggesting the use of Net::SSLeay::is_init_finished(...) instead of Net::SSLeay::state(...) == Net::SSLeay::ST_OK() so that AnyEvent will work with OpenSSL 1.1.0 onwards. [1] http://lists.schmorp.de/pipermail/anyevent/2018q3/000882.html


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.