Skip Menu |
 

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 86684
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL

People
Owner: Steffen_Ullrich [...] genua.de
Requestors: rjbs [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: get "SSL wants a read first" on any IO::Socket::SSL later than 0.96
Download (untitled) / with headers
text/plain 1.6k
I'm trying to upgrade one of our software stacks at work. It is, forgive me, running with IO::Socket::SSL 0.96. One of the things it does is talk to the OpenSRS domain registrar API endpoint using their own library. At some point, it contacts their server something like this: perl -MLWP::UserAgent -e 'my $x = LWP::UserAgent->new ->get("https://horizon.opensrs.net:55443/"); use Data::Dumper; print Dumper($x);' I've just updated the entire set of installed libraries on this machine. In particular, that includes: IO::Socket::SSL 1.951 /Users/rjbs/.perlbrew/libs/19.1@std/lib/perl... LWP::UserAgent 6.05 /Users/rjbs/.perlbrew/libs/19.1@std/lib/perl... LWP::Protocol::https 6.04 /Users/rjbs/.perlbrew/libs/19.1@std/lib/perl... The request times out. Just now, I got "LWP::Protocol::https::Socket: SSL connect attempt failed with unknown error." In previous requests, I was getting "SSL wants a read first." If I change nothing but IO::Socket::SSL to 0.96, it works. I get a 200 response with the expected content, which starts with: <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> 0.96 is what I'm using in production. 0.97 also works. 0.98 seems to be a non-release. 0.99 and every release I tested subsequent to that fails. I tested a dozen or so. The documentation says "If you are using non-blocking sockets read on, as version 0.98 added better support for non-blocking." and I can only assume some change to provide that is causing my difficulty, since "wants a read" seems to be a non-blocking-related error. This may not be a bug, exactly, but I'm not sure. Do you have any advice? Thank you very much for your time. -- rjbs
Download (untitled) / with headers
text/plain 1.3k
Am Mi 03. Jul 2013, 15:46:53, RJBS schrieb: Show quoted text
> I'm trying to upgrade one of our software stacks at work. It is, > forgive me, running with IO::Socket::SSL 0.96. > > ... > The request times out. Just now, I got "LWP::Protocol::https::Socket: > SSL connect attempt failed with unknown error." In previous > requests, I was getting "SSL wants a read first." > > ... > This may not be a bug, exactly, but I'm not sure. Do you have any > advice? >
It looks like the server simply does not respond, if it does not like the SSL client hello. There might be a lot of things like supported algorithms, various SSL options etc, which it might not like. I don't see anything which might have changed in this regard between 0.97 and 0.99, but maybe you used not only a different IO::Socket::SSL version, but also a different openssl version or Net::SSLeay version. Anyway, one of the things the server does not like is SNI support, e.g. where the client sends the hostname it want to connect, used if you have multiple SSL servers behind the same IP. SNI support is enabled by default since IO::Socket::SSL version 1.56. You might disable it by setting SSL_hostname => '', e.g. the following code works for me: my $ua = LWP::UserAgent->new; $ua->ssl_opts( SSL_hostname => '' ); my $x = $ua->get("https://horizon.opensrs.net:55443/"); print Dumper($x);


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.