Your message dated Sun, 3 Jun 2012 07:41:25 +0200
with message-id <20120603054125.GA13126@elende>
and subject line Re: Bug#675424: libnet-ssleay-perl: Incorrect constant value
for OP_NO_TLSv1_1
has caused the Debian Bug report #675424,
regarding libnet-ssleay-perl: Incorrect constant value for OP_NO_TLSv1_1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
675424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675424
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libnet-ssleay-perl
Version: 1.48-1
Severity: normal
While troubleshooting problems using the Net::SSLeay::OP_NO_TLSv1_1 constant
in a perl app, I came to realize that Net::SSLeay, as packaged in
libnet-ssleay-perl 1.48-1, does not return the proper constant value for
OP_NO_TLSv1_1.
I don't believe this is a bug in the openssl package, but it probably matters
that I have the debian openssl 1.0.1c-1 package installed.
Here are the relevant (correct) constants from /usr/include/openssl/ssl.h:
ssl.h:#define SSL_OP_NO_SSLv2 0x01000000L
ssl.h:#define SSL_OP_NO_SSLv3 0x02000000L
ssl.h:#define SSL_OP_NO_TLSv1 0x04000000L
ssl.h:#define SSL_OP_NO_TLSv1_2 0x08000000L
ssl.h:#define SSL_OP_NO_TLSv1_1 0x10000000L
Here is a quick-and-dirty perl script to dump Net::SSLeay's version of
these constants:
###########
jetmore@lappy-vm2:~$ cat t.pl
#!/usr/bin/perl
use Net::SSLeay;
foreach my $const (qw(OP_NO_SSLv2 OP_NO_SSLv3 OP_NO_TLSv1 OP_NO_TLSv1_1
OP_NO_TLSv1_2)) {
printf("%13s %010x\n", $const, &{"Net::SSLeay::$const"}());
}
###########
Here is the output of the above program when run with the most recent debian
libnet-ssleay-perl (1.48-1):
###########
jetmore@lappy-vm2:~$ perl t.pl
OP_NO_SSLv2 0001000000
OP_NO_SSLv3 0002000000
OP_NO_TLSv1 0004000000
OP_NO_TLSv1_1 0000000400
OP_NO_TLSv1_2 0008000000
###########
As you can see, the value for OP_NO_TLSv1_1 is wrong. This is a real problem,
all of the other constants perform as expected in real TLS connections, TLSv1_1
does not.
I do not believe this is a problem in upstream. I downloaded Net-SSLeay-1.48
from
CPAN and compiled locally and it prints the correct TLSv1_1 constant:
###########
jetmore@lappy-vm2:~$ PERL5LIB=/home/jetmore/dev/lib/perl perl t.pl
OP_NO_SSLv2 0001000000
OP_NO_SSLv3 0002000000
OP_NO_TLSv1 0004000000
OP_NO_TLSv1_1 0010000000
OP_NO_TLSv1_2 0008000000
###########
These constants are pulled into SSLeay.so at build time I believe. It feels
like
libnet-ssleay-perl just needs to be rebuilt with the latest headers to correct
the
problem. Seems likely to be related to this change from openssl-1.0.1b-1
(http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_1.0.1c-1/changelog#version1.0.1b-1):
- Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0
can talk to servers supporting TLS 1.1 but not TLS 1.2
Thanks
--john
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-2-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libnet-ssleay-perl depends on:
ii libc6 2.13-32
ii libssl1.0.0 1.0.1c-1
ii perl 5.14.2-11
ii perl-base [perlapi-5.14.2] 5.14.2-11
libnet-ssleay-perl recommends no packages.
Versions of packages libnet-ssleay-perl suggests:
ii perl [libmime-base64-perl] 5.14.2-11
-- no debconf information
--- End Message ---
--- Begin Message ---
Hi John
The rebuild was now scheduled on all architectures [1].
[1]: https://buildd.debian.org/status/package.php?p=libnet-ssleay-perl
Thanks for reporting.
Regards,
Salvatore
signature.asc
Description: Digital signature
--- End Message ---
