Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 75970
Status: resolved
Worked: 30 min
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: kmx [...] volny.cz
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Adding NPN (Next Protocol Negotiation) support
Date: Thu, 22 Mar 2012 12:16:36 +0100
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 476b
NPN is new in openssl-1.0.1 and is required for such things as SPDY To add support into Net::SSLeay means IMHO adding the following functions: - Net::SSleay::CTX_set_next_protos_advertised_cb($ctx_server, \&cb_function, $cb_data); - Net::SSleay::CTX_set_next_proto_select_cb($ctx_client, \&cb_function, $cb_data); - Net::SSleay::get0_next_proto_negotiated($ssl); But it will definitely need more investigation. I will do some work on this in the following weeks. -- kmx
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Mon, 26 Mar 2012 16:08:05 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 869b
While hacking on NPN supports (which is callback oriented) I have ended up first with reorganizing callback related implementations in SSLeay.xs I have prepared callback_big_redesign_r238.diff which: - reduces repreated code in SSleay.xs - makes existing callback implementation easier to follow - and makes adding a new callback (what I will need for NPN) quite simple and straightforward I have fixed also one bug in t/local/07_sslecho.t when running on openssl-0.9.6 (with old callback implementation it used to simply crash - with new implementation it showed couple of falling tests). I have tested mostly on MS Windows with openssl-0.9.6/0.9.7/0.9.8/1.0.0/1.0.1 + perl 5.8/5.10/5.14 (however I am not sure if our testsuite covers all callbacks used in SSLeay.xs) Of course I might have introduced some new bug so any kind of review is welcome. -- kmx

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 07:44:21 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.7k
Hi, tests OK on a variety of platforms and openssls. Do you want this committed? Cheers. BTW, where are we with the apache2 crash. Solved? Cheers. On Monday, March 26, 2012 10:08:28 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > While hacking on NPN supports (which is callback oriented) I have ended > up first with reorganizing callback related implementations in SSLeay.xs > > I have prepared callback_big_redesign_r238.diff which: > - reduces repreated code in SSleay.xs > - makes existing callback implementation easier to follow > - and makes adding a new callback (what I will need for NPN) quite > simple and straightforward > > I have fixed also one bug in t/local/07_sslecho.t when running on > openssl-0.9.6 (with old callback implementation it used to simply crash > - with new implementation it showed couple of falling tests). > > I have tested mostly on MS Windows with > openssl-0.9.6/0.9.7/0.9.8/1.0.0/1.0.1 + perl 5.8/5.10/5.14 (however I am > not sure if our testsuite covers all callbacks used in SSLeay.xs) > > Of course I might have introduced some new bug so any kind of review is > welcome. > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 07:47:48 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 2.7k
Hi again, On Tuesday, March 27, 2012 07:44:21 AM Mike McCauley wrote: Show quoted text
> Hi, > > tests OK on a variety of platforms and openssls.
Correction, I saw this with 0.9.8a on Linux perl v5.14.2: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'inc', 'blib/lib', 'blib/arch')" t/local/*.t t/handle/local/*.t t/handle/local/05_use.t ................ ok t/local/01_pod.t ....................... ok t/local/02_pod_coverage.t .............. ok t/local/03_use.t ....................... ok t/local/04_basic.t ..................... 1/6 # Version info: # Testing Net::SSLeay 1.46, Perl 5.014002, /usr/bin/perl # OpenSSL version: 'OpenSSL 0.9.8a 11 Oct 2005' # OpenSSL platform: 'platform: linux-elf' t/local/04_basic.t ..................... ok t/local/05_passwd_cb.t ................. ok t/local/06_tcpecho.t ................... ok t/local/07_sslecho.t ................... Failed 76/78 subtests t/local/08_pipe.t ...................... and 08_pipe.t hung forever Show quoted text
> Do you want this committed? > > Cheers. > > BTW, where are we with the apache2 crash. Solved? > > Cheers. > > On Monday, March 26, 2012 10:08:28 AM you wrote:
> > Queue: Net-SSLeay > > > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > > > While hacking on NPN supports (which is callback oriented) I have ended > > up first with reorganizing callback related implementations in SSLeay.xs > > > > I have prepared callback_big_redesign_r238.diff which: > > - reduces repreated code in SSleay.xs > > - makes existing callback implementation easier to follow > > - and makes adding a new callback (what I will need for NPN) quite > > simple and straightforward > > > > I have fixed also one bug in t/local/07_sslecho.t when running on > > openssl-0.9.6 (with old callback implementation it used to simply crash > > - with new implementation it showed couple of falling tests). > > > > I have tested mostly on MS Windows with > > openssl-0.9.6/0.9.7/0.9.8/1.0.0/1.0.1 + perl 5.8/5.10/5.14 (however I am > > not sure if our testsuite covers all callbacks used in SSLeay.xs) > > > > Of course I might have introduced some new bug so any kind of review is > > welcome. > > > > -- > > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 00:31:07 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 172b
Show quoted text
> and 08_pipe.t hung forever >
I have experienced and fixed another issue on my Linux with perl 5.8 + openssl 0.9.8 Try callback_big_redesign_V2_r238.diff -- kmx

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 08:50:47 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.7k
Hi, Tests ok on all platforms except openssl-0.9.8a linux perl 5.14 as before: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'inc', 'blib/lib', 'blib/arch')" t/local/*.t t/handle/local/*.t t/handle/local/05_use.t ................ ok t/local/01_pod.t ....................... ok t/local/02_pod_coverage.t .............. ok t/local/03_use.t ....................... ok t/local/04_basic.t ..................... 1/6 # Version info: # Testing Net::SSLeay 1.46, Perl 5.014002, /usr/bin/perl # OpenSSL version: 'OpenSSL 0.9.8a 11 Oct 2005' # OpenSSL platform: 'platform: linux-elf' t/local/04_basic.t ..................... ok t/local/05_passwd_cb.t ................. ok t/local/06_tcpecho.t ................... ok t/local/07_sslecho.t ................... Failed 76/78 subtests t/local/08_pipe.t ...................... ^Cmake: *** [test_dynamic] Interrupt On Monday, March 26, 2012 06:31:27 PM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > >
> > and 08_pipe.t hung forever
> > I have experienced and fixed another issue on my Linux with perl 5.8 + > openssl 0.9.8 > > Try callback_big_redesign_V2_r238.diff > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 00:54:08 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 130b
Show quoted text
> Tests ok on all platforms except openssl-0.9.8a linux perl 5.14 as before
Not good, I will try to investigate more. -- kmx
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 02:45:12 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 102b
None of my Linux boxes is able to reproduce t/local/08_pipe.t failure :( Giving up for today -- kmx
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 15:52:27 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.9k
On Monday, March 26, 2012 08:45:24 PM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > None of my Linux boxes is able to reproduce t/local/08_pipe.t failure :(
Ill get to that soon, but in the meantime, Im looking at the t/local/07_sslecho.t faiilure: This test failure is not new: it occurs with the 1.45 dist as well: t/local/07_sslecho.t ........... Failed 69/71 subtests 07_sslecho.t actually crashes on an illegal instruction: (gdb) where #0 0xb7b4f4a0 in PEM_read_bio_X509 () from blib/arch/auto/Net/SSLeay/SSLeay.so #1 0xb7b11c0e in SSL_CTX_use_certificate_file () from blib/arch/auto/Net/SSLeay/SSLeay.so #2 0xb7ae0dba in XS_Net__SSLeay_CTX_use_certificate_file (my_perl=0x81a5008, cv=0x8345af0) at SSLeay.c:2196 #3 0x080e62c3 in Perl_pp_entersub () #4 0x080dd868 in Perl_runops_standard () #5 0x0807df5b in perl_run () #6 0x08060fa7 in main () (gdb) quit also, openssl prog from openssl-0.9.8a also crashes trying to read the test cert /tmp/openssl-0.9.8a/bin/openssl x509 -inform PEM -text -in t/data/cert.pem Illegal instruction I have a vague memory that there was a similar bug in openssl due to some incompatibility with some versions of gcc compiler on some platforms? Something to do with the openssl asm files? Do you have any memory of that? I have gcc (SUSE Linux) 4.6.2 Show quoted text
> > Giving up for today > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 08:27:04 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: Kmx <kmx [...] volny.cz>
Ad t/local/07_sslecho.t try V2 of my patch
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 16:42:39 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 848b
On Tuesday, March 27, 2012 02:27:20 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > Ad t/local/07_sslecho.t try V2 of my patch
tried. Its definitely a problem inside openssl Cheers. -- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 16:58:10 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.2k
Hi, I see this problem with 0.9.8a and 0.9.8b, as least as far back as net-ssleay 1.40 Its clear to me that what I am seeing is a bug in openssl (at least when built and run on my OPenSuSE 12.1, maybe something to do with my CPU type). I am not going to pursue it further. Cheers. On Tuesday, March 27, 2012 02:42:40 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > On Tuesday, March 27, 2012 02:27:20 AM you wrote:
> > Queue: Net-SSLeay > > > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > > > Ad t/local/07_sslecho.t try V2 of my patch
> > tried. Its definitely a problem inside openssl > > Cheers.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 10:04:30 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
OK, could you please commit my last (V2) patch Thanks. -- kmx
Subject: Re: [rt.cpan.org #75970] AutoReply: Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 18:17:22 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 851b
Hi, On Tuesday, March 27, 2012 04:04:43 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > OK, could you please commit my last (V2) patch
done at 329. Cheers. Show quoted text
> > Thanks. > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Tue, 27 Mar 2012 15:40:03 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 890b
My first draft of NPN support (just XS code) - see enclosed npn_support_DRAFT_NOT_FOR_COMMIT.diff - do not commit yet. Currently it seems that I will add these functions: - Net::SSLeay::CTX_set_next_protos_advertised_cb - Net::SSLeay::CTX_set_next_proto_select_cb - Net::SSLeay::P_next_proto_negotiated - Net::SSLeay::P_next_proto_last_status - Net::SSLeay::P_next_proto_support (not sure about this one) I am not sure about P_next_proto_support as it IMHO does not fit the rest of Net::SSLeay Mike, what do you think 1/ do we need Net::SSLeay::P_next_proto_support (retval 1 = have NPN support, 0 = non NPN) ? disadvantage: it cannot be used for NPN detection in older Net::SSLeay versions 2/ or should I recommend in pod NPN support detection like: if (exists &Net::SSLeay::P_next_proto_negotiated) { #do NPN stuff } My opinion is slightly moving from 1/ to 2/ -- kmx

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Wed, 28 Mar 2012 08:56:41 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.7k
Hi, On Tuesday, March 27, 2012 09:40:17 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > My first draft of NPN support (just XS code) - see enclosed > npn_support_DRAFT_NOT_FOR_COMMIT.diff - do not commit yet.
Compiles and tests fine here. I have now reverted, so it wont be committed. Show quoted text
> > Currently it seems that I will add these functions: > - Net::SSLeay::CTX_set_next_protos_advertised_cb > - Net::SSLeay::CTX_set_next_proto_select_cb > - Net::SSLeay::P_next_proto_negotiated > - Net::SSLeay::P_next_proto_last_status > - Net::SSLeay::P_next_proto_support (not sure about this one) > > I am not sure about P_next_proto_support as it IMHO does not fit the > rest of Net::SSLeay > > Mike, what do you think > > 1/ do we need Net::SSLeay::P_next_proto_support (retval 1 = have NPN > support, 0 = non NPN) ? > > disadvantage: it cannot be used for NPN detection in older Net::SSLeay > versions > > 2/ or should I recommend in pod NPN support detection like: > > if (exists &Net::SSLeay::P_next_proto_negotiated) { > #do NPN stuff > } > > My opinion is slightly moving from 1/ to 2/
Much prefer 2/ Cheers. Show quoted text
> > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Wed, 28 Mar 2012 10:30:18 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 1.1k
could you please test & commit enclosed improving_callback_stuff_r329.diff (it passes fine on all my platforms & openssl versions) Now the new callback stuff should be IMHO pretty good/stable. The only thing I am not sure about is whether cleaning data from global hash is really working correctly. Let us have an existing callback related data in global hash - e.g. (using pseudo code): globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!func"} = SV_with_func_ref; globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!func"} = SV_with_data; The question is whether: hv_delete(globalHV, "ptr_123456", strlen("ptr_123456"), G_DISCARD); will correctly destroy also SV_with_func_ref and SV_with_data I assume yes but have no idea how to test this. Here is the test case: { my $ctx = Net::SSLeay::CTX_new(); my $data = "aaaaa"; Net::SSLeay::SSL_CTX_set_cert_verify_callback($ctx, sub { return 11 }, $data); #this calls newSVsv($param2) + newSVsv($data) Net::SSLeay::CTX_free($ctx); } after this block all SVs should be correctly destroyed. If you have time please check whether my idea of cleaning up the data from global hash is ok. -- kmx

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Wed, 28 Mar 2012 21:03:52 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 2.5k
Hi, On Wednesday, March 28, 2012 04:30:33 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > could you please test & commit enclosed > improving_callback_stuff_r329.diff (it passes fine on all my platforms > & openssl versions)
Tests OK here. Show quoted text
> > Now the new callback stuff should be IMHO pretty good/stable. > > The only thing I am not sure about is whether cleaning data from global > hash is really working correctly. > > Let us have an existing callback related data in global hash - e.g. > (using pseudo code): > > globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!func"} = > SV_with_func_ref; > globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!func"} = > SV_with_data;
Surely SV_with_data will replace SV_with_func_ref and SV_with_func_ref wil be destroyed? Show quoted text
> > The question is whether: > hv_delete(globalHV, "ptr_123456", strlen("ptr_123456"), G_DISCARD); > will correctly destroy also SV_with_func_ref and SV_with_data > > I assume yes but have no idea how to test this. > > Here is the test case: > { > my $ctx = Net::SSLeay::CTX_new(); > my $data = "aaaaa"; > Net::SSLeay::SSL_CTX_set_cert_verify_callback($ctx, sub { return 11 > }, $data); #this calls newSVsv($param2) + newSVsv($data) > Net::SSLeay::CTX_free($ctx); > } > after this block all SVs should be correctly destroyed. > > If you have time please check whether my idea of cleaning up the data > from global hash is ok.
I tested this in an infinite loop and it doesnt leak: use Net::SSLeay; &Net::SSLeay::randomize(); &Net::SSLeay::load_error_strings(); &Net::SSLeay::ERR_load_crypto_strings(); &Net::SSLeay::SSLeay_add_ssl_algorithms(); sub test { my $ctx = Net::SSLeay::CTX_new(); my $data = "aaaaa"; &Net::SSLeay::CTX_set_cert_verify_callback($ctx, sub { return 11 }, $data); &Net::SSLeay::CTX_free($ctx); } while (1) { &test(); } Committed your patch at 331 Cheers. Show quoted text
> > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Wed, 28 Mar 2012 13:19:21 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 673b
Show quoted text
>> globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!func"} = SV_with_func_ref; >> globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!func"} = SV_with_data; >>
> Surely SV_with_data will replace SV_with_func_ref and SV_with_func_ref wil be > destroyed? >
grr, typo, I meant globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!func"} = SV_with_func_ref; globalHV->{"ptr_123456"}->{"ssleay_ctx_cert_verify_cb!!data"} = SV_with_data; Anyway even the first case will not leak as I always destroy the old value via hv_delete() Show quoted text
> I tested this in an infinite loop and it doesnt leak: >
OK Show quoted text
> Committed your patch at 331 >
Thanks -- kmx
Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Wed, 28 Mar 2012 17:46:35 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 169b
Please check enclosed npn_support_r331.diff and please commit to svn if it works for you. Add to repository also a new attached file: t/local/40_npn_support.t -- kmx
Download npn_support_r331.diff
text/x-diff 16.9k

Message body is not shown because sender requested not to inline it.

Download 40_npn_support.t
text/x-perl 2.9k

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Thu, 29 Mar 2012 07:28:17 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.1k
Hi, Tests fine here, although I could only test against 1.0.1 on Linux Committed at 333 BTW, I am away for the next 4 days (starting a few hours from now), and wont be able to do any more ssleay stuff in that time. Cheers. On Wednesday, March 28, 2012 11:46:51 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > Please check enclosed npn_support_r331.diff and please commit to svn if > it works for you. > > Add to repository also a new attached file: t/local/40_npn_support.t > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Thu, 29 Mar 2012 09:20:58 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 572b
Show quoted text
> Tests fine here, although I could only test against 1.0.1 on Linux > > Committed at 333 >
Thanks. Show quoted text
> BTW, I am away for the next 4 days (starting a few hours from now), and wont > be able to do any more ssleay stuff in that time. >
I am not planning any other huge changes - NPN was last thing on my list. I'll do only some testing over the weekend and maybe only some cosmetic changes. IMHO current changelist is quite long and after fixing crashing apache@debian I am not aware of any other critical bug - so perhaps time for the next release. -- kmx
Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Thu, 29 Mar 2012 13:55:44 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Fixing compiler warnings - see fixing_compiler_warnings_r333.diff

Message body is not shown because sender requested not to inline it.

Fixing compiler warnings even more - see fixing_compiler_warnings_V2_r333.diff


Subject: fixing_compiler_warnings_V2_r333.diff
Index: SSLeay.xs =================================================================== --- SSLeay.xs (revision 333) +++ SSLeay.xs (working copy) @@ -744,7 +744,7 @@ int next_proto_helper_protodata2AV(AV * list, const unsigned char *in, unsigned int inlen) { - int i = 0; + unsigned int i = 0; unsigned char il; if (!list || inlen<2) return 0; while (i<inlen) { @@ -761,7 +761,7 @@ { SV *cb_func, *cb_data; unsigned char *next_proto_data; - unsigned short next_proto_len; + unsigned char next_proto_len; int next_proto_status; SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); @@ -793,11 +793,12 @@ croak ("Net::SSLeay: next_proto_select_cb_invoke perl function did not return 2 values.\n"); next_proto_data = POPpx; next_proto_status = POPi; - next_proto_len = strlen(next_proto_data); PUTBACK; FREETMPS; LEAVE; + if (strlen(next_proto_data)>255) return SSL_TLSEXT_ERR_ALERT_FATAL; + next_proto_len = (unsigned char)strlen(next_proto_data); /* store last_status + last_negotiated into global hash */ cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status)); tmpsv = newSVpv(next_proto_data, next_proto_len); @@ -1893,7 +1894,7 @@ char * buf; CODE: ST(0) = sv_newmortal(); /* Undefined to start with */ - if (buf = X509_NAME_oneline(name, NULL, 0)) { + if ((buf = X509_NAME_oneline(name, NULL, 0))) { sv_setpvn( ST(0), buf, strlen(buf)); OPENSSL_free(buf); /* mem was allocated by openssl */ } @@ -1957,7 +1958,7 @@ PREINIT: STRLEN len; INPUT: - unsigned char *bytes = SvPV(ST(3), len); + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); CODE: RETVAL = X509_NAME_add_entry_by_NID(name,nid,type,bytes,len,loc,set); OUTPUT: @@ -1973,15 +1974,12 @@ PREINIT: STRLEN len; INPUT: - unsigned char *bytes = SvPV(ST(3), len); + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); CODE: RETVAL = X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,len,loc,set); OUTPUT: RETVAL -#if OPENSSL_VERSION_NUMBER < 0x0090707fL -#define REM18 "before 0.9.7g" - int X509_NAME_add_entry_by_txt(name,field,type,bytes,loc=-1,set=0) X509_NAME *name @@ -1992,34 +1990,14 @@ PREINIT: STRLEN len; INPUT: - unsigned char *bytes = SvPV(ST(3), len); + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); CODE: RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set); OUTPUT: RETVAL -#else - -int -X509_NAME_add_entry_by_txt(name,field,type,bytes,len=-1,loc=-1,set=0) - X509_NAME *name - const char *field - int type - int loc - int set - PREINIT: - STRLEN len; - INPUT: - const unsigned char *bytes = SvPV(ST(3), len); - CODE: - RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set); - OUTPUT: - RETVAL - #endif -#endif - int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) @@ -2196,9 +2174,6 @@ int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, int lastpos=-1) -#if OPENSSL_VERSION_NUMBER < 0x0090700fL -#define REM22 "NOTE: before 0.9.7" - int X509_REQ_add1_attr_by_NID(req,nid,type,bytes) X509_REQ *req @@ -2207,30 +2182,12 @@ PREINIT: STRLEN len; INPUT: - unsigned char *bytes = SvPV(ST(3), len); + unsigned char *bytes = (unsigned char *)SvPV(ST(3), len); CODE: RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len); OUTPUT: RETVAL -#else - -int -X509_REQ_add1_attr_by_NID(req,nid,type,bytes) - X509_REQ *req - int nid - int type - PREINIT: - STRLEN len; - INPUT: - const unsigned char *bytes = SvPV(ST(3), len); - CODE: - RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len); - OUTPUT: - RETVAL - -#endif - #if OPENSSL_VERSION_NUMBER >= 0x0090700fL #define REM21 "requires 0.9.7+" @@ -2492,7 +2449,7 @@ gnames = p->distpoint->name.fullname; for (j = 0; j < sk_GENERAL_NAME_num(gnames); j++) { gn = sk_GENERAL_NAME_value(gnames, j); - XPUSHs(sv_2mortal(newSVpv(ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5)))); + XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5)))); } } else { @@ -2865,15 +2822,15 @@ ASN1_TIME_to_generalizedtime(tm,&tmp); if (tmp) { if (ASN1_GENERALIZEDTIME_check(tmp)) { - if (strlen(tmp->data)>=14 && strlen(tmp->data)<200) { + if (strlen((char*)tmp->data)>=14 && strlen((char*)tmp->data)<200) { strcpy (buf,"yyyy-mm-ddThh:mm:ss"); - strncpy(buf, tmp->data, 4); - strncpy(buf+5, tmp->data+4, 2); - strncpy(buf+8, tmp->data+6, 2); - strncpy(buf+11,tmp->data+8, 2); - strncpy(buf+14,tmp->data+10,2); - strncpy(buf+17,tmp->data+12,2); - if (strlen(tmp->data)>14) strcat(buf+19,tmp->data+14); + strncpy(buf, (char*)tmp->data, 4); + strncpy(buf+5, (char*)tmp->data+4, 2); + strncpy(buf+8, (char*)tmp->data+6, 2); + strncpy(buf+11,(char*)tmp->data+8, 2); + strncpy(buf+14,(char*)tmp->data+10,2); + strncpy(buf+17,(char*)tmp->data+12,2); + if (strlen((char*)tmp->data)>14) strcat(buf+19,(char*)tmp->data+14); } } ASN1_GENERALIZEDTIME_free(tmp); @@ -2888,7 +2845,6 @@ PREINIT: ASN1_TIME t; char buf[256]; - int y=0,M=0,d=0,h=0,m=0,s=0; int i,rv; CODE: if (!tm) XSRETURN_UNDEF; @@ -3044,13 +3000,13 @@ if (passwd_len>0) { /* encrypted key */ if (!enc_alg) - PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),passwd,passwd_len,cb,u); + PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u); else - PEM_write_bio_PrivateKey(bp,pk,enc_alg,passwd,passwd_len,cb,u); + PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u); } else { /* unencrypted key */ - PEM_write_bio_PrivateKey(bp,pk,NULL,passwd,passwd_len,cb,u); + PEM_write_bio_PrivateKey(bp,pk,NULL,(unsigned char *)passwd,passwd_len,cb,u); } n = BIO_ctrl_pending(bp); New(0, buf, n, char); @@ -3074,13 +3030,13 @@ FILE *fp; CODE: RETVAL = 0; - if (fp = fopen (file, "rb")) { + if ((fp = fopen (file, "rb"))) { #if OPENSSL_VERSION_NUMBER >= 0x0090700fL OPENSSL_add_all_algorithms_noconf(); #else OpenSSL_add_all_algorithms(); #endif - if (p12 = d2i_PKCS12_fp(fp, NULL)) { + if ((p12 = d2i_PKCS12_fp(fp, NULL))) { if (PKCS12_parse(p12, password, &private_key, &certificate, NULL)) { if (private_key) { if (SSL_CTX_use_PrivateKey(ctx, private_key)) RETVAL = 1; @@ -3113,13 +3069,13 @@ FILE *fp; int i, result; PPCODE: - if (fp = fopen (file, "rb")) { + if ((fp = fopen (file, "rb"))) { #if OPENSSL_VERSION_NUMBER >= 0x0090700fL OPENSSL_add_all_algorithms_noconf(); #else OpenSSL_add_all_algorithms(); #endif - if (p12 = d2i_PKCS12_fp(fp, NULL)) { + if ((p12 = d2i_PKCS12_fp(fp, NULL))) { if(load_chain) result= PKCS12_parse(p12, password, &private_key, &certificate, &cachain); else @@ -4165,6 +4121,7 @@ PREINIT: simple_cb_data_t* cb = NULL; CODE: + RETVAL = 0; if (SvOK(perl_cb)) { /* setup our callback */ cb = simple_cb_data_new(perl_cb, perl_data); @@ -4663,7 +4620,7 @@ unsigned int md_size; PPCODE: if (X509_digest(data,type,md,&md_size)) - XSRETURN_PVN((unsigned char *)md, md_size); + XSRETURN_PVN((char *)md, md_size); XSRETURN_UNDEF; void @@ -4675,7 +4632,7 @@ unsigned int md_size; PPCODE: if (X509_CRL_digest(data,type,md,&md_size)) - XSRETURN_PVN((unsigned char *)md, md_size); + XSRETURN_PVN((char *)md, md_size); XSRETURN_UNDEF; void @@ -4687,7 +4644,7 @@ unsigned int md_size; PPCODE: if (X509_REQ_digest(data,type,md,&md_size)) - XSRETURN_PVN((unsigned char *)md, md_size); + XSRETURN_PVN((char *)md, md_size); XSRETURN_UNDEF; void @@ -4699,7 +4656,7 @@ unsigned int md_size; PPCODE: if (X509_NAME_digest(data,type,md,&md_size)) - XSRETURN_PVN((unsigned char *)md, md_size); + XSRETURN_PVN((char *)md, md_size); XSRETURN_UNDEF; unsigned long
Subject: Re: [rt.cpan.org #75970] Adding NPN (Next Protocol Negotiation) support
Date: Mon, 02 Apr 2012 18:39:53 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 870b
Hi, Thanks. Committed in 334. Cheers. On Thursday, March 29, 2012 02:45:53 PM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75970 > > > Fixing compiler warnings even more - see > fixing_compiler_warnings_V2_r333.diff
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Thanks for your valuable contribution


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.