Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 129542
Status: open
Priority: 0/
Queue: Net-SSLeay

People
Owner: chrisn [...] cpan.org
Requestors: voegelas [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.88
Fixed in: (no value)



Subject: www.google.com causes t/external/15_altnames.t to fail
Download (untitled) / with headers
text/plain 571b
Testing Net::SSLeay 1.88 on Slackware64-current with OpenSSL 1.1.1b fails in 15_altnames.t when connecting to www.google.com. This problem might depend on the location, which is Germany in my case. I ran the exernal tests in two locations, Stuttgart and Nuremberg. If www.google.com is replaced with, for example, www.duckduckgo.com or www.heise.de the tests pass. $ prove -v t/external/15_altnames.t t/external/15_altnames.t .. 1..9 ok 1 - connection not ok 2 - get_subjectAltNames works my @sites = qw( www.google.com www.microsoft.com www.kernel.org );
Download (untitled) / with headers
text/plain 849b
Thanks for the report, Andreas. On Sun May 12 07:15:13 2019, voegelas wrote: Show quoted text
> Testing Net::SSLeay 1.88 on Slackware64-current with OpenSSL 1.1.1b > fails in 15_altnames.t when connecting to www.google.com. This problem > might depend on the location, which is Germany in my case. I ran the > exernal tests in two locations, Stuttgart and Nuremberg. If > www.google.com is replaced with, for example, www.duckduckgo.com or > www.heise.de the tests pass. > > $ prove -v t/external/15_altnames.t > t/external/15_altnames.t .. > 1..9 > ok 1 - connection > not ok 2 - get_subjectAltNames works > > my @sites = qw( > www.google.com > www.microsoft.com > www.kernel.org > );
This does indeed appear to depend on your location, as the test passes fine from a UK IP address --- apart from test 2, does t/external/15_altnames.t pass for you?
Download (untitled) / with headers
text/plain 1.7k
Hello Chris, On 12.05.19 13:36, Chris Novakovic via RT wrote: Show quoted text
> Thanks for the report, Andreas. > > On Sun May 12 07:15:13 2019, voegelas wrote:
>> Testing Net::SSLeay 1.88 on Slackware64-current with OpenSSL 1.1.1b >> fails in 15_altnames.t when connecting to www.google.com. This problem >> might depend on the location, which is Germany in my case. I ran the >> exernal tests in two locations, Stuttgart and Nuremberg. If >> www.google.com is replaced with, for example, www.duckduckgo.com or >> www.heise.de the tests pass. >> >> $ prove -v t/external/15_altnames.t >> t/external/15_altnames.t .. >> 1..9 >> ok 1 - connection >> not ok 2 - get_subjectAltNames works >> >> my @sites = qw( >> www.google.com >> www.microsoft.com >> www.kernel.org >> );
> > This does indeed appear to depend on your location, as the test passes fine from a UK IP address --- apart from test 2, does t/external/15_altnames.t pass for you?
Yes, www.microsoft.com and www.kernel.org are tested successfully. If I connect to www.google.com with "openssl s_client -connect www.google.com:443 -servername www.google.com" I get the certificate attached in openssl.crt, which contains a subject alternative name. I added the below line to 15_altnames.t. print STDERR Net::SSLeay::PEM_get_string_X509($c); This outputs the certificate attached in perl.crt. The certificate's subject is: Subject: OU = "No SNI provided; please fix your client.", CN = invalid2.invalid The command "openssl s_client -connect www.google.com:443 -noservername" also returns the invalid certificate. www.google.com resolves to the below addresses. I've got both IPv4 and IPv6, but that doesn't seem to matter. $ host www.google.com www.google.com has address 172.217.22.100 www.google.com has IPv6 address 2a00:1450:4001:81d::2004


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.