From 8efa4cc6d6d8d39fe3e73678c2553f5b8fd77303 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Wed, 9 Jul 2014 09:21:46 +0200 Subject: [PATCH] Fix multihomed SSL --- IO-Socket-IP-0.30-multihomed_SSL.patch | 58 ++++++++++++++++++++++++++ perl-IO-Socket-IP.spec | 8 +++- 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 IO-Socket-IP-0.30-multihomed_SSL.patch diff --git a/IO-Socket-IP-0.30-multihomed_SSL.patch b/IO-Socket-IP-0.30-multihomed_SSL.patch new file mode 100644 index 0000000..1223385 --- /dev/null +++ b/IO-Socket-IP-0.30-multihomed_SSL.patch @@ -0,0 +1,58 @@ +Am Di 08. Jul 2014, 06:35:58, PEVANS schrieb: +> I may have to revert this one because it's causing bad knock-on +> effects with IO::Socket::SSL: +> +> https://rt.cpan.org/Ticket/Display.html?id=97050 +> +> Basically: the very thing it was supposed to fix, it has broken. Meh. + +Yes, unfortunately it wasn't as easy as I thought because the calling scheme inside IO::Socket::* (i.e. new -> configure -> connect ) isn't that simple if you have a class hierarchy and also try to implement multi-homing :( + +But I think I have a working patch (included, against 0.30). +The basic idea of the patch is that one has to distinguish between an error at the transport layer which can be solved with IP based multi-homing and an error at the application layer. One could expect the system error to be reflected inside $!, while an application error will probably not set $! (e.g. IO::Socket::SSL sets an $SSL_ERROR variable). So if connect fails, but $! is not set, one can assume error at the application layer and stop trying to fix it with IP based multi-homing. + +The other difference in the patch is to change $self->IO::Socket::IP::connect($addr) to CORE::connect($self,$addr), because if you have a look at the connect function it simple calls CORE::connect if an $addr argument is given. It was already right to not use $self->connect in this place, it was only a problem if called from inside the new - configure - connect chain. + +With this patch the tests inside IO::Socket::IP pass and also the tests of IO::Socket::SSL. + +Regards, +Steffen + + + +diff --git a/lib/IO/Socket/IP.pm b/lib/IO/Socket/IP.pm +index 1911145..16eb7c8 100644 +--- a/lib/IO/Socket/IP.pm ++++ b/lib/IO/Socket/IP.pm +@@ -601,7 +601,7 @@ sub setup + } + + if( defined( my $addr = $info->{peeraddr} ) ) { +- if( $self->IO::Socket::IP::connect( $addr ) ) { ++ if( $self->connect( $addr ) ) { + $! = 0; + return 1; + } +@@ -611,6 +611,13 @@ sub setup + return 0; + } + ++ # If connect failed but we have no system error there must be an error ++ # at the application layer, like a bad certificate with ++ # IO::Socket::SSL. ++ # In this case don't continue IP based multi-homing because the problem ++ # cannot be solved at the IP layer. ++ return 0 if ! $!; ++ + ${*$self}{io_socket_ip_errors}[0] = $!; + next; + } +@@ -651,7 +658,7 @@ sub connect + # (still in progress). This even works on MSWin32. + my $addr = ${*$self}{io_socket_ip_infos}[${*$self}{io_socket_ip_idx}]{peeraddr}; + +- if( $self->IO::Socket::IP::connect( $addr ) or $! == EISCONN ) { ++ if( CORE::connect( $self, $addr ) or $! == EISCONN ) { + delete ${*$self}{io_socket_ip_connect_in_progress}; + $! = 0; + return 1; diff --git a/perl-IO-Socket-IP.spec b/perl-IO-Socket-IP.spec index 39d83cb..611ccdf 100644 --- a/perl-IO-Socket-IP.spec +++ b/perl-IO-Socket-IP.spec @@ -1,11 +1,13 @@ Name: perl-IO-Socket-IP Version: 0.30 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Drop-in replacement for IO::Socket::INET supporting both IPv4 and IPv6 License: GPL+ or Artistic Group: Development/Libraries URL: http://search.cpan.org/dist/IO-Socket-IP/ Source0: http://www.cpan.org/authors/id/P/PE/PEVANS/IO-Socket-IP-%{version}.tar.gz +# Fix multihomed SSL, bug #1116600, CPAN RT#95983 +Patch0: IO-Socket-IP-0.30-multihomed_SSL.patch BuildArch: noarch BuildRequires: perl BuildRequires: perl(base) @@ -33,6 +35,7 @@ arguments and methods are provided in a backward-compatible way. %prep %setup -q -n IO-Socket-IP-%{version} +%patch0 -p1 %build perl Build.PL installdirs=vendor @@ -53,6 +56,9 @@ rm -f t/21nonblocking-connect-internet.t %{_mandir}/man3/* %changelog +* Wed Jul 09 2014 Petr Pisar - 0.30-2 +- Fix multihomed SSL (bug #1116600) + * Mon Jul 07 2014 Petr Pisar - 0.30-1 - 0.30 bump