Fix FTBFS with OpenSSL 1.1.1e

https://github.com/noxxi/p5-io-socket-ssl/issues/93
This commit is contained in:
Paul Howarth 2020-03-21 18:39:52 +00:00
parent abf3820637
commit ae85d4e223
4 changed files with 57 additions and 4 deletions

View File

@ -0,0 +1,44 @@
--- lib/IO/Socket/SSL.pm
+++ lib/IO/Socket/SSL.pm
@@ -38,6 +38,7 @@ BEGIN {
# results from commonly used constant functions from Net::SSLeay for fast access
my $Net_SSLeay_ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ();
my $Net_SSLeay_ERROR_WANT_WRITE = Net::SSLeay::ERROR_WANT_WRITE();
+my $Net_SSLeay_ERROR_SSL = Net::SSLeay::ERROR_SSL();
my $Net_SSLeay_ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL();
my $Net_SSLeay_VERIFY_NONE = Net::SSLeay::VERIFY_NONE();
my $Net_SSLeay_VERIFY_PEER = Net::SSLeay::VERIFY_PEER();
@@ -1196,6 +1197,11 @@ sub _generic_read {
last;
}
}
+ if ($err == $Net_SSLeay_ERROR_SSL) {
+ # OpenSSL 1.1.1e+
+ $data = '';
+ last;
+ }
$self->error("SSL read error");
}
return;
@@ -1274,6 +1280,11 @@ sub _generic_write {
}
if ( !defined($written) ) {
if ( my $err = $self->_skip_rw_error( $ssl,-1 )) {
+ # if ERROR_SSL then make it look like it used to do
+ if ( $err == $Net_SSLeay_ERROR_SSL ) {
+ $err = $Net_SSLeay_ERROR_SYSCALL;
+ $! = 0;
+ }
# if $! is not set with ERROR_SYSCALL then report as EPIPE
$! ||= EPIPE if $err == $Net_SSLeay_ERROR_SYSCALL;
$self->error("SSL write error ($err)");
--- t/core.t
+++ t/core.t
@@ -130,6 +130,7 @@ unless (fork) {
4.0,
ord("y"),
"Test\nBeaver\nBeaver\n");
+ Net::SSLeay::shutdown($client->_get_ssl_object);
shutdown($client, 1);
my $buffer="\0\0aaaaaaaaaaaaaaaaaaaa";

View File

@ -1,6 +1,6 @@
--- lib/IO/Socket/SSL.pm
+++ lib/IO/Socket/SSL.pm
@@ -194,7 +194,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
@@ -195,7 +195,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
# global defaults
my %DEFAULT_SSL_ARGS = (
SSL_check_crl => 0,
@ -9,7 +9,7 @@
SSL_verify_callback => undef,
SSL_verifycn_scheme => undef, # fallback cn verification
SSL_verifycn_publicsuffix => undef, # fallback default list verification
@@ -2383,7 +2383,7 @@ sub new {
@@ -2394,7 +2394,7 @@ sub new {
my $ssl_op = $DEFAULT_SSL_OP;

View File

@ -1,6 +1,6 @@
--- lib/IO/Socket/SSL.pm
+++ lib/IO/Socket/SSL.pm
@@ -202,77 +202,17 @@ my %DEFAULT_SSL_ARGS = (
@@ -203,77 +203,17 @@ my %DEFAULT_SSL_ARGS = (
SSL_npn_protocols => undef, # meaning depends whether on server or client side
SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']

View File

@ -3,7 +3,7 @@
Name: perl-IO-Socket-SSL
Version: 2.067
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Perl library for transparent SSL
License: (GPL+ or Artistic) and MPLv2.0
URL: https://metacpan.org/release/IO-Socket-SSL
@ -13,6 +13,7 @@ Patch1: IO-Socket-SSL-2.067-use-system-default-SSL-version.patch
# A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
# bug #1632660, requires openssl tool
Patch2: IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
Patch3: IO-Socket-SSL-2.067-openssl-1.1.1e.patch
BuildArch: noarch
# Module Build
BuildRequires: coreutils
@ -79,6 +80,10 @@ mod_perl.
%prep
%setup -q -n IO-Socket-SSL-%{version}
# Fix FTBFS with OpenSSL 1.1.1e
# https://github.com/noxxi/p5-io-socket-ssl/issues/93
%patch3
# Use system-wide default cipher list to support use of system-wide
# crypto policy (#1076390, #1127577, CPAN RT#97816)
# https://fedoraproject.org/wiki/Changes/CryptoPolicy
@ -122,6 +127,10 @@ make test
%{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
%changelog
* Sat Mar 21 2020 Paul Howarth <paul@city-fan.org> - 2.067-2
- Fix FTBFS with OpenSSL 1.1.1e
https://github.com/noxxi/p5-io-socket-ssl/issues/93
* Sat Feb 15 2020 Paul Howarth <paul@city-fan.org> - 2.067-1
- Update to 2.067
- Fix memory leak on incomplete handshake (GH#92)