Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 65631
Status: resolved
Worked: 10 min
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: chrisb [...] debian.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.36
Fixed in: (no value)



Download (untitled) / with headers
text/plain 698b
The openssl packages in Debian have recently been changed (in the experimental repository, for now) so that they are compiled without support for SSLv2[1]. This causes Net::SSLeay to fail to build; the test suite fails when trying to 'use' the module, as the SSLv2_method is not present in libssl[2]. I've attached a patch which fixes the problem, by checking for the OPENSSL_NO_SSL2 #define in the XS code. I've also patched the .pm to emit a warning if ssl_version has been set to 2 when SSLv2 is unavailable. I'm not sure if this is the best way to handle the problem though, as I'm not that familiar with the module. [1] http://bugs.debian.org/589706 [2] http://bugs.debian.org/612780
Subject: no_sslv2.patch
Download no_sslv2.patch
text/x-diff 1.6k
Description: Make SSLv2 support conditional OpenSSL may be compiled without SSLv2 support, so do not try to use the SSLv2 functions if they're not present. Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612780 Forwarded: no Author: Chris Butler <chrisb@debian.org> Last-Update: 2011-02-10 --- a/lib/Net/SSLeay.pm +++ b/lib/Net/SSLeay.pm @@ -1600,6 +1600,10 @@ nonsensical error codes (at the SSL handshake level), try this option before mailing me. +On some systems, OpenSSL may be compiled without support for SSLv2. +If this is the case, Net::SSLeay will warn if ssl_version has been set +to 2. + The high level API returns the certificate of the peer, thus allowing one to check what certificate was supplied. However, you will only be able to check the certificate after the fact, i.e. you already sent @@ -2239,7 +2243,13 @@ } sub new_x_ctx { - if ($ssl_version == 2) { $ctx = CTX_v2_new(); } + if ($ssl_version == 2) { + unless (exists &Net::SSLeay::CTX_v2_new) { + warn "ssl_version has been set to 2, but this version of OpenSSL has been compiled without SSLv2 support"; + return undef; + } + $ctx = CTX_v2_new(); + } elsif ($ssl_version == 3) { $ctx = CTX_v3_new(); } elsif ($ssl_version == 10) { $ctx = CTX_tlsv1_new(); } else { $ctx = CTX_new(); } --- a/SSLeay.xs +++ b/SSLeay.xs @@ -724,6 +724,8 @@ OUTPUT: RETVAL +#ifndef OPENSSL_NO_SSL2 + SSL_CTX * SSL_CTX_v2_new() CODE: @@ -731,6 +733,8 @@ OUTPUT: RETVAL +#endif + SSL_CTX * SSL_CTX_v3_new() CODE: @@ -1821,9 +1825,13 @@ #endif +#ifndef OPENSSL_NO_SSL2 + SSL_METHOD * SSLv2_method() +#endif + SSL_METHOD * SSLv3_method()
Your patch has been applied to SVN Thanks!


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.