Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 85278
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Nobody in particular
Requestors: mabzug1 [...] gl.umbc.edu
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.81
Fixed in: (no value)



Subject: 1.81 broke HTTP::Daemon::SSL test suite
Download (untitled) / with headers
text/plain 401b
IO::Socket::SSL 1.81 breaks the HTTP::Daemon:SSL test suite. I can verify that prior versions of IO::Socket:SSL, specifically 1.77, 1.79, and 1.80, do not break HTTP::Daemon:SSL. Version 1.88 of IO::Socket::SSL still breaks HTTP::Daemon:SSL. I'm a sysadmin looking to upgrade Perl and a bunch of modules. Is there a fix for this issue? Or should I just downgrade IO::Socket:SSL to 1.80? Thanks!
BTW: there is also a ticket about the HTTP::Daemon::SSL error, #81932. Thanks again!
Download (untitled) / with headers
text/plain 744b
Am Di 14. Mai 2013, 03:47:01, MORTY schrieb: Show quoted text
> BTW: there is also a ticket about the HTTP::Daemon::SSL error, #81932. > > Thanks again!
The problem described in RT#81932 is caused by an error in IO::Socket::IP, which was fixed in 0.20. I've released IO::Socket::SSL version 1.89 so that it uses IO::Socket::IP only with versions at least 0.20. But this has probably nothing to do with why it broke with 1.81 for you. This is a problem in HTTP::Daemon::SSL testsuite, where it declares which SSL_cert_file and SSL_ca_file to use, but forgets to specify SSL_key_file. Up to 1.80 it would use a default (which worked in this case), with 1.81 you must either specify both cert and key or none of it, only in the latter case it will use defaults.
Download (untitled) / with headers
text/plain 444b
Thanks! Is there any way to get back the old behavior of IO::Socket::SSL, i.e. where it's possible to mix user-supplied settings and default settings? I'm building Perl modules for a large org, with several PB of storage and scripts all over the place. There are almost certainly scripts that are using IO::Socket:SSL that would break based on the 1.81 behavior. The safe way to proceed would be to avoid breaking backwards compatibility.
Download (untitled) / with headers
text/plain 1.3k
Am Mi 15. Mai 2013, 02:44:51, MORTY schrieb: Show quoted text
> Thanks! > > Is there any way to get back the old behavior of IO::Socket::SSL, i.e. > where it's possible to mix user-supplied settings and default > settings? > > I'm building Perl modules for a large org, with several PB of storage > and scripts all over the place. There are almost certainly scripts > that are using IO::Socket:SSL that would break based on the 1.81 > behavior. The safe way to proceed would be to avoid breaking > backwards compatibility. >
I can understand your problem, but the old behavior simply did not made sense: either you use the default locations or you don't. Explicitly specifying the location of the cert, but trusting the default for the location of the key is not a sensible and expected behavior. Having a default location for key and cert at all was IMHO a bad decision anyway, but this decision was done years ago (and not by me). If you have control over your code I would strongly recommend to look, if you are affected by the problem at all. Unless you have strange setups you will probably not be affected. If you are affected you might try to work around the problem if you have a module, which is included from all your code. There you can setup your own defaults, like SSL_cert_file and SSL_key_file, with IO::Socket::SSL->set_defaults.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.