On Tue, Mar 31, 2020 at 09:49:51PM +0200, Salvatore Bonaccorso wrote:
> Hi Kurt,
> 
> On Tue, Mar 31, 2020 at 06:46:44PM +0200, Kurt Roeckx wrote:
> > On Tue, Mar 31, 2020 at 09:03:01AM +0200, Salvatore Bonaccorso wrote:
> > > On Sat, Mar 21, 2020 at 08:31:21PM +0100, gregor herrmann wrote:
> > > > On Fri, 20 Mar 2020 21:50:08 +0100, Sebastian Andrzej Siewior wrote:
> > > > 
> > > > > The package FTBFS since openssl has been updated to 1.1.1e because the
> > > > > testsuite fails. The failure is due to commit db943f43a60d ("Detect 
> > > > > EOF
> > > > > while reading in libssl") [0] in openssl. There an issue ticket [1]
> > > > > which introduced the changed behaviour.
> > > > 
> > > > There's a patch at
> > > > https://github.com/noxxi/p5-io-socket-ssl/issues/93
> > > > This also needs libnet-ssleay-perl_1.88-3 which I uploaded right now.
> > > 
> > > So I guess this should be threated as openssl issue and will reassign
> > > it to it. Upstream for IO::Socket::SSL has released a new version
> > > which will refuse to build with 1.1.1e:
> > > 
> > > 2.068 2020/03/31
> > > - treat OpenSSL 1.1.1e as broken and refuse to build with it in order to
> > >   prevent follow-up problems in tests and user code
> > >   https://github.com/noxxi/p5-io-socket-ssl/issues/93
> > >   https://github.com/openssl/openssl/issues/11388
> > >   https://github.com/openssl/openssl/issues/11378
> > 
> > There might be a misunderstanding. First, in 3.0, we will
> > reintroduce this new behaviour.
> > 
> > We always returned an error in case of an unexpected EOF. We
> > changed the error code of that case. Applications should never
> > trigger the unexpected EOF and should get fixed not to trigger it.
> 
> I see, but then I prefer to loop in Steffen Ullrich into the loop
> (upstream of IO::Socket::SSL). Steffen, see the above comment from
> Kurt in the Debian bug, so it looks we cannot close
> https://github.com/noxxi/p5-io-socket-ssl/issues/93 by marking 1.1.1e
> as broken only. What do you think?

If only https://github.com/openssl/openssl/issues/11388 is a
problem, I think only marking 1.1.1e as a problem is fine. But you
also point to https://github.com/openssl/openssl/issues/11378, which
talks about many different things, and the current plan is to
change back to that behaviour in 3.0. That is, react to an
unexpected EOF as the error it is, including the different error
code and marking the session as not reusable.

You should fix your tests not to trigger an unexpected EOF. You
probably have code now that ignores the current error, you
shouldn't ignore that error, it's a real error.

This might also affect reverse dependecies. And they need to get
fixed too.


Kurt

Reply via email to