Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 75274
Status: resolved
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: paul [...] city-fan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in:
  • 1.42
  • 1.43
Fixed in: (no value)



Subject: Compatibility issue with openssl 1.0.1?
Download (untitled) / with headers
text/plain 2.3k
I have come across a couple of issues running the test suites of downstream users of Net-SSLeay with openssl 1.0.1; in both cases, reverting just openssl to 1.0.0g resolved the problem. The test suite of Net-SSLeay itself passes with openssl 1.0.1 without problems. Firstly, IO-Socket-SSL has a test t/dhe.t that fails with openssl 1.0.1: DEBUG: .../IO/Socket/SSL.pm:494: no socket yet DEBUG: .../IO/Socket/SSL.pm:193: set domain to 2 DEBUG: .../IO/Socket/SSL.pm:334: socket not yet connected DEBUG: .../IO/Socket/SSL.pm:336: socket connected DEBUG: .../IO/Socket/SSL.pm:496: accept created normal socket IO::Socket::SSL=GLOB(0x8558278) DEBUG: .../IO/Socket/SSL.pm:512: starting sslifying DEBUG: .../IO/Socket/SSL.pm:354: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:1281: SSL accept attempt failed with unknown error error:04075070:rsa routines:RSA_sign:digest too big for rsa key SSL error: 31249: 1 - error:1409B006:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:EVP lib DEBUG: .../IO/Socket/SSL.pm:445: connection failed - connect returned 0 t/dhe.t .................... 1..3 ok # [server] Server Initialization not ok # [server] accept failed: Failed 2/3 subtests I raised this at CPAN RT#75165 for IO-Socket-SSL but as this might be a problem in either openssl, Net-SSLeay or IO-Socket-SSL itself, I thought it was worthwhile to ask here too. Secondly, the AnyEvent test t/80_ssltest.t fails in similar fashion: # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Failed test 'server_error <Protocol error>' # at t/80_ssltest.t line 37. # Failed test 'client_error <Broken pipe>' # at t/80_ssltest.t line 97. # Looks like you planned 415 tests but ran 26. # Looks like you failed 9 tests of 26 run. t/80_ssltest.t .............. Dubious, test returned 9 (wstat 2304, 0x900) Failed 398/415 subtests Since AnyEvent uses Net-SSLeay but not IO-Socket-SSL, maybe it's the same issue and it's not in IO-Socket-SSL?
Subject: Re: [rt.cpan.org #75274] Compatibility issue with openssl 1.0.1?
Date: Sat, 25 Feb 2012 08:50:52 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hello, Thanks for the report. I have been able to reproduce this problem with IO-Socket-SSL 1.56 and the current and also older versions of Net-SSLeay, with openssl 1.0.1-beta3, as you report. However, this looks to me like a very low level problem inside openssl concerning the test certificate key and its signature. I suspect either a problem in openssl-.0.1-beta3 or perhaps with the test certificate used by IO-Socket-SSL t/dhe.t certs/server-rsa384-dh.pem needs to be regenerated with the right size signature? Cheers. On Friday, February 24, 2012 08:24:59 AM you wrote: Show quoted text
> Fri Feb 24 08:24:57 2012: Request 75274 was acted upon. > Transaction: Ticket created by paul@city-fan.org > Queue: Net-SSLeay > Subject: Compatibility issue with openssl 1.0.1? > Broken in: 1.42, 1.43 > Severity: (no value) > Owner: Nobody > Requestors: paul@city-fan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75274 > > > > I have come across a couple of issues running the test suites of > downstream users of Net-SSLeay with openssl 1.0.1; in both cases, > reverting just openssl to 1.0.0g resolved the problem. The test suite of > Net-SSLeay itself passes with openssl 1.0.1 without problems. > > Firstly, IO-Socket-SSL has a test t/dhe.t that fails with openssl 1.0.1: > > DEBUG: .../IO/Socket/SSL.pm:494: no socket yet > DEBUG: .../IO/Socket/SSL.pm:193: set domain to 2 > DEBUG: .../IO/Socket/SSL.pm:334: socket not yet connected > DEBUG: .../IO/Socket/SSL.pm:336: socket connected > DEBUG: .../IO/Socket/SSL.pm:496: accept created normal socket > IO::Socket::SSL=GLOB(0x8558278) > DEBUG: .../IO/Socket/SSL.pm:512: starting sslifying > DEBUG: .../IO/Socket/SSL.pm:354: ssl handshake not started > DEBUG: .../IO/Socket/SSL.pm:1281: SSL accept attempt failed with unknown > error > error:04075070:rsa routines:RSA_sign:digest too big for rsa key SSL > error: 31249: 1 - error:1409B006:SSL > routines:SSL3_SEND_SERVER_KEY_EXCHANGE:EVP lib > DEBUG: .../IO/Socket/SSL.pm:445: connection failed - connect returned 0 > t/dhe.t .................... 1..3 ok # [server] Server Initialization > not ok # [server] accept failed: > Failed 2/3 subtests > > I raised this at CPAN RT#75165 for IO-Socket-SSL but as this might be a > problem in either openssl, Net-SSLeay or IO-Socket-SSL itself, I thought > it was worthwhile to ask here too. > > Secondly, the AnyEvent test t/80_ssltest.t fails in similar fashion: > > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Failed test 'server_error <Protocol error>' > # at t/80_ssltest.t line 37. > # Failed test 'client_error <Broken pipe>' > # at t/80_ssltest.t line 97. > # Looks like you planned 415 tests but ran 26. > # Looks like you failed 9 tests of 26 run. > t/80_ssltest.t .............. > Dubious, test returned 9 (wstat 2304, 0x900) > Failed 398/415 subtests > > Since AnyEvent uses Net-SSLeay but not IO-Socket-SSL, maybe it's the > same issue and it's not in IO-Socket-SSL?
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
this was fixed in IO::Socket::SSL v1.57 2012.02.26

see http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.60/Changes

I suggest closing this RT.

--
kmx
From: paul [...] city-fan.org
Download (untitled) / with headers
text/plain 429b
On Thu Mar 22 07:37:56 2012, KMX wrote: Show quoted text
> this was fixed in IO::Socket::SSL v1.57 2012.02.26 > > see http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.60/Changes > > I suggest closing this RT.
Well IO::Socket::SSL is fixed but we don't know what the problem with AnyEvent is yet. https://rt.cpan.org/Public/Bug/Display.html?id=75343 (I've discussed this with AnyEvent's upstream but they've not been able to debug it yet)


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.