Hello community, here is the log from the commit of package perl-Net-SSLeay for openSUSE:Factory checked in at 2018-09-11 17:13:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Net-SSLeay (Old) and /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-SSLeay" Tue Sep 11 17:13:42 2018 rev:28 rq:633282 version:1.85 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Net-SSLeay/perl-Net-SSLeay.changes 2017-08-29 11:35:59.904571259 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new/perl-Net-SSLeay.changes 2018-09-11 17:13:47.515734235 +0200 @@ -1,0 +2,21 @@ +Tue Sep 4 14:44:25 UTC 2018 - Vítězslav Čížek <vci...@suse.com> + +- Add patches to support openssl 1.1.1 from Fedora + * Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch + * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch + * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch + * Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch + +------------------------------------------------------------------- +Mon Aug 27 09:35:57 UTC 2018 - tchva...@suse.com + +- Version update to 1.85: + * Removal of many deprecated calls from 1.1.x series + +------------------------------------------------------------------- +Mon Aug 27 09:31:53 UTC 2018 - tchva...@suse.com + +- Add dependency over zlib-devel, previously added by openssl devel +- Make sure all tests are run + +------------------------------------------------------------------- Old: ---- Net-SSLeay-1.81.tar.gz New: ---- Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch Net-SSLeay-1.85.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Net-SSLeay.spec ++++++ --- /var/tmp/diff_new_pack.VpLlAN/_old 2018-09-11 17:13:47.947733567 +0200 +++ /var/tmp/diff_new_pack.VpLlAN/_new 2018-09-11 17:13:47.951733561 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-Net-SSLeay # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,31 +16,34 @@ # -%bcond_with test - +%define cpan_name Net-SSLeay Name: perl-Net-SSLeay -Version: 1.81 +Version: 1.85 Release: 0 -%define cpan_name Net-SSLeay Summary: Perl extension for using OpenSSL License: Artistic-2.0 Group: Development/Libraries/Perl -Url: http://search.cpan.org/dist/Net-SSLeay/ +URL: http://search.cpan.org/dist/Net-SSLeay/ Source: http://www.cpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz +# Adapt to OpenSSL 1.1.1, bug RH#1614884, CPAN RT#125218 +Patch0: Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch +# Avoid SIGPIPE in t/local/36_verify.t, CPAN RT#125218 +Patch2: Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch +# Revert retry in Net::SSLeay::{read,write}(), CPAN RT#125218 +Patch3: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch +# Revert retry in Net::SSLeay::write_partial(), CPAN RT#125218 +Patch4: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch BuildRequires: libopenssl-devel BuildRequires: openssl BuildRequires: perl BuildRequires: perl-macros -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: zlib-devel %{perl_requires} -%if %{with test} BuildRequires: perl(Test::Exception) BuildRequires: perl(Test::NoWarnings) BuildRequires: perl(Test::Pod) >= 1.00 BuildRequires: perl(Test::Pod::Coverage) BuildRequires: perl(Test::Warn) -%endif -# %description Net::SSLeay module contains perl bindings to openssl (http://www.openssl.org) library. @@ -51,9 +54,10 @@ %prep %setup -q -n %{cpan_name}-%{version} +%autopatch -p1 # replace rest of /usr/local/bin/perl with /usr/bin/perl -for f in $(find . -type f -exec grep -l "/usr/local/bin/perl" {} \; ); do - sed -i -e "s@/usr/local/bin/perl@perl@g" $f +for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do + sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f done # delete .orig files created by patches find . -type f -name "*.orig" -delete @@ -68,7 +72,7 @@ %check %if ! 0%{?qemu_user_space_build} -make test +make %{?_smp_mflags} test %endif %install @@ -76,11 +80,8 @@ %perl_process_packlist %perl_gen_filelist -%clean -rm -rf %{buildroot} - %files -f %{name}.files -%defattr(-,root,root,-) -%doc Changes Credits LICENSE QuickRef README examples +%license LICENSE +%doc Changes Credits QuickRef README examples %changelog ++++++ Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch ++++++ >From b01291bf88dd84529c93973da7c275e0ffe5cc1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Fri, 3 Aug 2018 14:30:22 +0200 Subject: [PATCH] Adapt to OpenSSL 1.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenSSL 1.1.1 defaults to TLS 1.3 that handles session tickets and session shutdowns differently. This leads to failing various Net-SSLeay tests that exhibits use cases that are not possible with OpenSSL 1.1.1 anymore or where the library behaves differently. Since Net-SSLeay is a low-level wrapper, Net-SSLeay will be corrected in tests. Higher-level code as IO::Socket::SSL and other Net::SSLeay applications need to be adjusted on case-to-case basis. This patche changes: - Retry SSL_read() and SSL_write() (by sebastian [...] breakpoint.cc) - Disable session tickets in t/local/07_sslecho.t. - Adaps t/local/36_verify.t to a session end when Net::SSLeay::read() returns undef. https://rt.cpan.org/Public/Bug/Display.html?id=125218 https://github.com/openssl/openssl/issues/5637 https://github.com/openssl/openssl/issues/6904 Signed-off-by: Petr Písař <ppi...@redhat.com> --- SSLeay.xs | 56 ++++++++++++++++++++++++++++++++++++++++++++++++---- lib/Net/SSLeay.pod | 46 ++++++++++++++++++++++++++++++++++++++++++ t/local/07_sslecho.t | 15 ++++++++++++-- t/local/36_verify.t | 2 +- 4 files changed, 112 insertions(+), 7 deletions(-) diff --git a/SSLeay.xs b/SSLeay.xs index bf148c0..5aed4d7 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -1999,7 +1999,17 @@ SSL_read(s,max=32768) int got; PPCODE: New(0, buf, max, char); - got = SSL_read(s, buf, max); + + do { + int err; + + got = SSL_read(s, buf, max); + if (got > 0) + break; + err = SSL_get_error(s, got); + if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) + break; + } while (1); /* If in list context, return 2-item list: * first return value: data gotten, or undef on error (got<0) @@ -2051,10 +2061,20 @@ SSL_write(s,buf) SSL * s PREINIT: STRLEN len; + int err; + int ret; INPUT: char * buf = SvPV( ST(1), len); CODE: - RETVAL = SSL_write (s, buf, (int)len); + do { + ret = SSL_write (s, buf, (int)len); + if (ret > 0) + break; + err = SSL_get_error(s, ret); + if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) + break; + } while (1); + RETVAL = ret; OUTPUT: RETVAL @@ -2083,8 +2103,20 @@ SSL_write_partial(s,from,count,buf) if (len < 0) { croak("from beyound end of buffer"); RETVAL = -1; - } else - RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len); + } else { + int ret; + int err; + + do { + ret = SSL_write (s, &(buf[from]), (count<=len)?count:len); + if (ret > 0) + break; + err = SSL_get_error(s, ret); + if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) + break; + } while (1); + RETVAL = ret; + } OUTPUT: RETVAL @@ -6957,4 +6989,20 @@ SSL_export_keying_material(ssl, outlen, label, p) #endif +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL + +int +SSL_CTX_set_num_tickets(SSL_CTX *ctx,size_t num_tickets) + +size_t +SSL_CTX_get_num_tickets(SSL_CTX *ctx) + +int +SSL_set_num_tickets(SSL *ssl,size_t num_tickets) + +size_t +SSL_get_num_tickets(SSL *ssl) + +#endif + #define REM_EOF "/* EOF - SSLeay.xs */" diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod index 2e1aae3..bca7be4 100644 --- a/lib/Net/SSLeay.pod +++ b/lib/Net/SSLeay.pod @@ -4437,6 +4437,52 @@ getticket($ssl,$ticket,$data) -> $return_value This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb. +=item * CTX_set_num_tickets + +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 + +Set number of session tickets that will be sent to a client. + + my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets); + # $ctx - value corresponding to openssl's SSL_CTX structure + # $number_of_tickets - number of tickets to send + # returns: 1 on success, 0 on failure + +Set to zero if you do not no want to support a session resumption. + +=item * CTX_get_num_tickets + +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 + +Get number of session tickets that will be sent to a client. + + my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx); + # $ctx - value corresponding to openssl's SSL_CTX structure + # returns: number of tickets to send + +=item * set_num_tickets + +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 + +Set number of session tickets that will be sent to a client. + + my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets); + # $ssl - value corresponding to openssl's SSL structure + # $number_of_tickets - number of tickets to send + # returns: 1 on success, 0 on failure + +Set to zero if you do not no want to support a session resumption. + +=item * get_num_tickets + +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 + +Get number of session tickets that will be sent to a client. + + my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx); + # $ctx - value corresponding to openssl's SSL structure + # returns: number of tickets to send + =item * set_shutdown Sets the shutdown state of $ssl to $mode. diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t index 5e16b04..5dc946a 100644 --- a/t/local/07_sslecho.t +++ b/t/local/07_sslecho.t @@ -13,7 +13,8 @@ BEGIN { plan skip_all => "fork() not supported on $^O" unless $Config{d_fork}; } -plan tests => 78; +plan tests => 79; +$SIG{'PIPE'} = 'IGNORE'; my $sock; my $pid; @@ -61,6 +62,16 @@ Net::SSLeay::library_init(); ok(Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'), 'CTX_set_cipher_list'); my ($dummy, $errs) = Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); ok($errs eq '', "set_cert_and_key: $errs"); + SKIP: { + skip 'Disabling session tickets requires OpenSSL >= 1.1.1', 1 + unless (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f); + # TLS 1.3 server sends session tickets after a handhake as part of + # the SSL_accept(). If a client finishes all its job including closing + # TCP connectino before a server sends the tickets, SSL_accept() fails + # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives + # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904> + ok(Net::SSLeay::CTX_set_num_tickets($ctx, 0), 'Session tickets disabled'); + } $pid = fork(); BAIL_OUT("failed to fork: $!") unless defined $pid; @@ -351,7 +362,7 @@ waitpid $pid, 0; push @results, [ $? == 0, 'server exited with 0' ]; END { - Test::More->builder->current_test(51); + Test::More->builder->current_test(52); for my $t (@results) { ok( $t->[0], $t->[1] ); } diff --git a/t/local/36_verify.t b/t/local/36_verify.t index 92afc52..e55b138 100644 --- a/t/local/36_verify.t +++ b/t/local/36_verify.t @@ -282,7 +282,7 @@ sub run_server # Termination request or other message from client my $msg = Net::SSLeay::read($ssl); - if ($msg eq 'end') + if (defined $msg and $msg eq 'end') { Net::SSLeay::write($ssl, 'end'); exit (0); -- 2.14.4 ++++++ Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch ++++++ >From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Tue, 14 Aug 2018 16:55:52 +0200 Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit t/local/36_verify.t fails randomly with OpenSSL 1.1.1: # Failed test 'Verify callback result and get_verify_result are equal' # at t/local/36_verify.t line 111. # got: '-1' # expected: '0' # Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY' # at t/local/36_verify.t line 118. # got: '-1' # expected: '43' Bailout called. Further testing stopped: failed to connect to server: Connection refused FAILED--Further testing stopped: failed to connect to server: Connection refused I believe this because TLSv1.3 server can generate SIGPIPE if a client disconnects too soon. Signed-off-by: Petr Písař <ppi...@redhat.com> --- t/local/36_verify.t | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/t/local/36_verify.t b/t/local/36_verify.t index e55b138..2837288 100644 --- a/t/local/36_verify.t +++ b/t/local/36_verify.t @@ -266,10 +266,20 @@ sub run_server return if $pid != 0; + $SIG{'PIPE'} = 'IGNORE'; my $ctx = Net::SSLeay::CTX_new(); Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); my $ret = Net::SSLeay::CTX_check_private_key($ctx); BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1; + if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) { + # TLS 1.3 server sends session tickets after a handhake as part of + # the SSL_accept(). If a client finishes all its job including closing + # TCP connectino before a server sends the tickets, SSL_accept() fails + # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives + # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904> + my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0); + BAIL_OUT("Session tickets disabled") unless $ret; + } while (1) { -- 2.14.4 ++++++ Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch ++++++ >From e0b42b0120b941b5675e4071445424dc8a1230e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Wed, 15 Aug 2018 14:46:52 +0200 Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from read()/write() up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/core.t test because it tests non-blocking socket operations and expects to see SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE errors and to handle them byt itself. This patch purifies Net::SSLeay::{read,write}() to behave exactly as underlying OpenSSL functions. The retry is moved to Net::SSLeay::ssl_read_all. All relevant Net::SSLeay::{read,write}() calls in tests are changed into Net::SSLea::ssl_{read,write}_all(). All applications should implement the retry themsleves or use ssl_*_all() instead. Signed-off-by: Petr Písař <ppi...@redhat.com> --- SSLeay.xs | 28 +++++++--------------------- lib/Net/SSLeay.pm | 22 +++++++++++++++------- t/local/07_sslecho.t | 12 ++++++------ t/local/36_verify.t | 9 +++++---- 4 files changed, 33 insertions(+), 38 deletions(-) diff --git a/SSLeay.xs b/SSLeay.xs index 5aed4d7..7cb6eab 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -1997,19 +1997,13 @@ SSL_read(s,max=32768) PREINIT: char *buf; int got; + int succeeded = 1; PPCODE: New(0, buf, max, char); - do { - int err; - - got = SSL_read(s, buf, max); - if (got > 0) - break; - err = SSL_get_error(s, got); - if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) - break; - } while (1); + got = SSL_read(s, buf, max); + if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got)) + succeeded = 0; /* If in list context, return 2-item list: * first return value: data gotten, or undef on error (got<0) @@ -2017,13 +2011,13 @@ SSL_read(s,max=32768) */ if (GIMME_V==G_ARRAY) { EXTEND(SP, 2); - PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0))); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); PUSHs(sv_2mortal(newSViv(got))); /* If in scalar or void context, return data gotten, or undef on error. */ } else { EXTEND(SP, 1); - PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0))); + PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); } Safefree(buf); @@ -2066,15 +2060,7 @@ SSL_write(s,buf) INPUT: char * buf = SvPV( ST(1), len); CODE: - do { - ret = SSL_write (s, buf, (int)len); - if (ret > 0) - break; - err = SSL_get_error(s, ret); - if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) - break; - } while (1); - RETVAL = ret; + RETVAL = SSL_write (s, buf, (int)len); OUTPUT: RETVAL diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm index 3adf12c..afc6c8f 100644 --- a/lib/Net/SSLeay.pm +++ b/lib/Net/SSLeay.pm @@ -579,14 +579,22 @@ sub debug_read { sub ssl_read_all { my ($ssl,$how_much) = @_; $how_much = 2000000000 unless $how_much; - my ($got, $errs); + my ($got, $rv, $errs); my $reply = ''; while ($how_much > 0) { - $got = Net::SSLeay::read($ssl, + ($got, $rv) = Net::SSLeay::read($ssl, ($how_much > 32768) ? 32768 : $how_much ); - last if $errs = print_errs('SSL_read'); + if (! defined $got) { + my $err = Net::SSLeay::get_error($ssl, $rv); + if ($err != Net::SSLeay::ERROR_WANT_READ() and + $err != Net::SSLeay::ERROR_WANT_WRITE()) { + $errs = print_errs('SSL_read'); + last; + } + next; + } $how_much -= blength($got); debug_read(\$reply, \$got) if $trace>1; last if $got eq ''; # EOF @@ -839,14 +847,14 @@ sub ssl_read_until ($;$$) { $found = index($match, $delim); if ($found > -1) { - #$got = Net::SSLeay::read($ssl, $found+$len_delim); + #$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim); #read up to the end of the delimiter - $got = Net::SSLeay::read($ssl, + $got = Net::SSLeay::ssl_read_all($ssl, $found + $len_delim - ((blength($match)) - (blength($got)))); $done = 1; } else { - $got = Net::SSLeay::read($ssl, $peek_length); + $got = Net::SSLeay::ssl_read_all($ssl, $peek_length); $done = 1 if ($peek_length == $max_length - blength($reply)); } @@ -857,7 +865,7 @@ sub ssl_read_until ($;$$) { } } else { while (!defined $max_length || length $reply < $max_length) { - $got = Net::SSLeay::read($ssl,1); # one by one + $got = Net::SSLeay::ssl_read_all($ssl,1); # one by one last if print_errs('SSL_read'); debug_read(\$reply, \$got) if $trace>1; last if $got eq ''; diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t index 74e317a..7f19027 100644 --- a/t/local/07_sslecho.t +++ b/t/local/07_sslecho.t @@ -134,10 +134,10 @@ my @results; push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ]; - push @results, [ Net::SSLeay::write($ssl, $msg), 'write' ]; + push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ]; shutdown($s, 1); - my ($got) = Net::SSLeay::read($ssl); + my $got = Net::SSLeay::ssl_read_all($ssl); push @results, [ $got eq uc($msg), 'read' ]; Net::SSLeay::free($ssl); @@ -177,7 +177,7 @@ my @results; Net::SSLeay::set_fd($ssl, fileno($s)); Net::SSLeay::connect($ssl); - Net::SSLeay::write($ssl, $msg); + Net::SSLeay::ssl_write_all($ssl, $msg); shutdown $s, 2; close $s; @@ -231,15 +231,15 @@ my @results; Net::SSLeay::set_fd($ssl3, $s3); Net::SSLeay::connect($ssl1); - Net::SSLeay::write($ssl1, $msg); + Net::SSLeay::ssl_write_all($ssl1, $msg); shutdown $s1, 2; Net::SSLeay::connect($ssl2); - Net::SSLeay::write($ssl2, $msg); + Net::SSLeay::ssl_write_all($ssl2, $msg); shutdown $s2, 2; Net::SSLeay::connect($ssl3); - Net::SSLeay::write($ssl3, $msg); + Net::SSLeay::ssl_write_all($ssl3, $msg); shutdown $s3, 2; close $s1; diff --git a/t/local/36_verify.t b/t/local/36_verify.t index 2837288..b04be13 100644 --- a/t/local/36_verify.t +++ b/t/local/36_verify.t @@ -252,8 +252,9 @@ sub client { Net::SSLeay::set_fd($ssl, $cl); Net::SSLeay::connect($ssl); my $end = "end"; - Net::SSLeay::write($ssl, $end); - ok($end eq Net::SSLeay::read($ssl), 'Successful termination'); + Net::SSLeay::ssl_write_all($ssl, $end); + Net::SSLeay::shutdown($ssl); + ok($end eq Net::SSLeay::ssl_read_all($ssl), 'Successful termination'); return; } @@ -291,10 +292,10 @@ sub run_server next unless $ret == 1; # Termination request or other message from client - my $msg = Net::SSLeay::read($ssl); + my $msg = Net::SSLeay::ssl_read_all($ssl); if (defined $msg and $msg eq 'end') { - Net::SSLeay::write($ssl, 'end'); + Net::SSLeay::ssl_write_all($ssl, 'end'); exit (0); } } -- 2.14.4 ++++++ Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch ++++++ >From 122c80853a9bd66f21699fc79a689b3028d00d3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Fri, 17 Aug 2018 13:08:44 +0200 Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from write_partial() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/nonblock.t test because it tests non-blocking socket operations and expects to see SSL_ERROR_WANT_WRITE errors and to handle them byt itself. This patch purifies Net::SSLeay::write_partial() to behave exactly as underlying OpenSSL SSL_write() function. The retry is already presented in Net::SSLeay::ssl_write_all(). All applications should implement the retry themsleves or use ssl_*_all() instead. Signed-off-by: Petr Písař <ppi...@redhat.com> --- SSLeay.xs | 16 ++-------------- lib/Net/SSLeay.pod | 3 ++- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/SSLeay.xs b/SSLeay.xs index 7cb6eab..fc7677f 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -2089,20 +2089,8 @@ SSL_write_partial(s,from,count,buf) if (len < 0) { croak("from beyound end of buffer"); RETVAL = -1; - } else { - int ret; - int err; - - do { - ret = SSL_write (s, &(buf[from]), (count<=len)?count:len); - if (ret > 0) - break; - err = SSL_get_error(s, ret); - if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) - break; - } while (1); - RETVAL = ret; - } + } else + RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len); OUTPUT: RETVAL diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod index bca7be4..8b5f738 100644 --- a/lib/Net/SSLeay.pod +++ b/lib/Net/SSLeay.pod @@ -4819,7 +4819,8 @@ Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_write.html|http://www.op B<NOTE:> Does not exactly correspond to any low level API function -Writes a fragment of data in $data from the buffer $data into the specified $ssl connection. +Writes a fragment of data in $data from the buffer $data into the specified +$ssl connection. This is a non-blocking function like L<Net::SSLeay::write()>. my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data); # $ssl - value corresponding to openssl's SSL structure -- 2.14.4 ++++++ Net-SSLeay-1.81.tar.gz -> Net-SSLeay-1.85.tar.gz ++++++ ++++ 8612 lines of diff (skipped)