Package: libnet-ssleay-perl Version: 1.74-1 Severity: important Running in a (preforking) mod_perl context, the first client conneciton attempted (during each process lifetime) fails. Subsequent connections work.
Example script: #!/usr/bin/perl use Net::SSLeay qw(post_https make_form); $Net::SSLeay::trace = 0; my $host = 'secure.authorize.net'; my ($page, $response, %reply_headers) = post_https($host, 443, '/', '', make_form(var1 => 'one', var2 => 'two' )); print "response $response\n"; #again, it'll work... ($page, $response, %reply_headers) = post_https($host, 443, '/', '', make_form(var1 => 'one', var2 => 'two' )); print "response $response\n"; Example Apache config: AddHandler perl-script .cgi PerlHandler ModPerl::Registry Options +ExecCGI In a non-mod_perl context, this returns (e.g., depending on $host): ivan@fleetpaw:/var/www/html$ perl testssl.cgi response HTTP/1.1 303 See Other response HTTP/1.1 303 See Other In a mod_perl context, the first time this is called in a process (i.e. after a restart), this returns: response HTTP/1.0 900 NET OR SSL ERROR CTX_new 30723: 1 - error:0906D06C:PEM routines:PEM_read_bio:no start line CTX_new 30723: 2 - error:0906D06C:PEM routines:PEM_read_bio:no start line response HTTP/1.1 303 See Other Full trace of failing connection: do_httpx3(POST,1,secure.authorize.net:443) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/do_httpx3.al) line 1318. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/do_httpx3.al):1318) httpx_cat: usessl=1 (secure.authorize:443) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/httpx_cat.al) line 1227. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/httpx_cat.al):1227) Opening connection to secure.authorize.net:443 (64.94.118.32) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 486. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al):486) next connect at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 491. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al):491) connected to secure.authorize.net, 443 at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 494. (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al):494) Creating SSL 0 context... (blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/https_cat.al):1126) CTX_new 30717: 1 - error:0906D06C:PEM routines:PEM_read_bio:no start line (/usr/lib/x86_64-linux-gnu/perl5/5.22/Net/SSLeay.pm:422) CTX_new 30717: 2 - error:0906D06C:PEM routines:PEM_read_bio:no start line (/usr/lib/x86_64-linux-gnu/perl5/5.22/Net/SSLeay.pm:422) Changing $host between connections has no effect, so it isn't a per-host failure/cache. Changing $ssl_version has no effect. This does not appear to be specific to ModPerl::Registry (originally observed in an HTML::Mason app). I believe this behavior is present back to jessie. Not sure about wheezy. As a workaround, I'm using the following code per-process to trigger the one-time context creation error so all subsequent real connections work: { use Net::SSLeay; package Net::SSLeay; initialize(); my $bad_ctx = new_x_ctx(); while ( ERR_get_error() ) {}; #print_errs('CTX_new'); CTX_free($bad_ctx); } Oddly, retreiving the errors is necessary to make this work. -- Ivan Kohler President and Head Geek, Freeside Internet Services, Inc. http://freeside.biz/ Debian GNU/Linux developer | CPAN author | cat person | ski addict -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libnet-ssleay-perl depends on: ii libc6 2.22-13 ii libssl1.0.2 1.0.2h-1 ii perl 5.22.2-1 ii perl-base [perlapi-5.22.1] 5.22.2-1 libnet-ssleay-perl recommends no packages. Versions of packages libnet-ssleay-perl suggests: ii libperl5.22 [libmime-base64-perl] 5.22.2-1 -- no debconf information