rpms/perl-Net-SSLeay
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 1.86_09

Browse Source
This commit is contained in:
Petr Písař 2019-03-20 15:53:32 +01:00
parent 8bbd33a27b
commit 4e08982bea
7 changed files with 21 additions and 656 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

237
Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
View File

@ -1,237 +0,0 @@
From b01291bf88dd84529c93973da7c275e0ffe5cc1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 3 Aug 2018 14:30:22 +0200
Subject: [PATCH] Adapt to OpenSSL 1.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenSSL 1.1.1 defaults to TLS 1.3 that handles session tickets and
session shutdowns differently. This leads to failing various Net-SSLeay
tests that exhibits use cases that are not possible with OpenSSL 1.1.1
anymore or where the library behaves differently.
Since Net-SSLeay is a low-level wrapper, Net-SSLeay will be corrected
in tests. Higher-level code as IO::Socket::SSL and other Net::SSLeay
applications need to be adjusted on case-to-case basis.
This patche changes:
- Retry SSL_read() and SSL_write() (by sebastian [...] breakpoint.cc)
- Disable session tickets in t/local/07_sslecho.t.
- Adaps t/local/36_verify.t to a session end when Net::SSLeay::read()
returns undef.
https://rt.cpan.org/Public/Bug/Display.html?id=125218
https://github.com/openssl/openssl/issues/5637
https://github.com/openssl/openssl/issues/6904
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
SSLeay.xs | 56 ++++++++++++++++++++++++++++++++++++++++++++++++----
lib/Net/SSLeay.pod | 46 ++++++++++++++++++++++++++++++++++++++++++
t/local/07_sslecho.t | 15 ++++++++++++--
t/local/36_verify.t | 2 +-
4 files changed, 112 insertions(+), 7 deletions(-)
diff --git a/SSLeay.xs b/SSLeay.xs
index bf148c0..5aed4d7 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -1999,7 +1999,17 @@ SSL_read(s,max=32768)
int got;
PPCODE:
New(0, buf, max, char);
- got = SSL_read(s, buf, max);
+
+ do {
+ int err;
+
+ got = SSL_read(s, buf, max);
+ if (got > 0)
+ break;
+ err = SSL_get_error(s, got);
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
/* If in list context, return 2-item list:
* first return value: data gotten, or undef on error (got<0)
@@ -2051,10 +2061,20 @@ SSL_write(s,buf)
SSL * s
PREINIT:
STRLEN len;
+ int err;
+ int ret;
INPUT:
char * buf = SvPV( ST(1), len);
CODE:
- RETVAL = SSL_write (s, buf, (int)len);
+ do {
+ ret = SSL_write (s, buf, (int)len);
+ if (ret > 0)
+ break;
+ err = SSL_get_error(s, ret);
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
+ RETVAL = ret;
OUTPUT:
RETVAL
@@ -2083,8 +2103,20 @@ SSL_write_partial(s,from,count,buf)
if (len < 0) {
croak("from beyound end of buffer");
RETVAL = -1;
- } else
- RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
+ } else {
+ int ret;
+ int err;
+
+ do {
+ ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
+ if (ret > 0)
+ break;
+ err = SSL_get_error(s, ret);
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
+ RETVAL = ret;
+ }
OUTPUT:
RETVAL
@@ -6957,4 +6989,20 @@ SSL_export_keying_material(ssl, outlen, label, p)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+
+int
+SSL_CTX_set_num_tickets(SSL_CTX *ctx,size_t num_tickets)
+
+size_t
+SSL_CTX_get_num_tickets(SSL_CTX *ctx)
+
+int
+SSL_set_num_tickets(SSL *ssl,size_t num_tickets)
+
+size_t
+SSL_get_num_tickets(SSL *ssl)
+
+#endif
+
#define REM_EOF "/* EOF - SSLeay.xs */"
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
index 2e1aae3..bca7be4 100644
--- a/lib/Net/SSLeay.pod
+++ b/lib/Net/SSLeay.pod
@@ -4437,6 +4437,52 @@ getticket($ssl,$ticket,$data) -> $return_value
This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb.
+=item * CTX_set_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Set number of session tickets that will be sent to a client.
+
+ my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets);
+ # $ctx - value corresponding to openssl's SSL_CTX structure
+ # $number_of_tickets - number of tickets to send
+ # returns: 1 on success, 0 on failure
+
+Set to zero if you do not no want to support a session resumption.
+
+=item * CTX_get_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Get number of session tickets that will be sent to a client.
+
+ my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx);
+ # $ctx - value corresponding to openssl's SSL_CTX structure
+ # returns: number of tickets to send
+
+=item * set_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Set number of session tickets that will be sent to a client.
+
+ my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets);
+ # $ssl - value corresponding to openssl's SSL structure
+ # $number_of_tickets - number of tickets to send
+ # returns: 1 on success, 0 on failure
+
+Set to zero if you do not no want to support a session resumption.
+
+=item * get_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Get number of session tickets that will be sent to a client.
+
+ my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx);
+ # $ctx - value corresponding to openssl's SSL structure
+ # returns: number of tickets to send
+
=item * set_shutdown
Sets the shutdown state of $ssl to $mode.
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
index 5e16b04..5dc946a 100644
--- a/t/local/07_sslecho.t
+++ b/t/local/07_sslecho.t
@@ -13,7 +13,8 @@ BEGIN {
plan skip_all => "fork() not supported on $^O" unless $Config{d_fork};
}
-plan tests => 78;
+plan tests => 79;
+$SIG{'PIPE'} = 'IGNORE';
my $sock;
my $pid;
@@ -61,6 +62,16 @@ Net::SSLeay::library_init();
ok(Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'), 'CTX_set_cipher_list');
my ($dummy, $errs) = Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
ok($errs eq '', "set_cert_and_key: $errs");
+ SKIP: {
+ skip 'Disabling session tickets requires OpenSSL >= 1.1.1', 1
+ unless (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f);
+ # TLS 1.3 server sends session tickets after a handhake as part of
+ # the SSL_accept(). If a client finishes all its job including closing
+ # TCP connectino before a server sends the tickets, SSL_accept() fails
+ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
+ # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
+ ok(Net::SSLeay::CTX_set_num_tickets($ctx, 0), 'Session tickets disabled');
+ }
$pid = fork();
BAIL_OUT("failed to fork: $!") unless defined $pid;
@@ -351,7 +362,7 @@ waitpid $pid, 0;
push @results, [ $? == 0, 'server exited with 0' ];
END {
- Test::More->builder->current_test(51);
+ Test::More->builder->current_test(52);
for my $t (@results) {
ok( $t->[0], $t->[1] );
}
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index 92afc52..e55b138 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -282,7 +282,7 @@ sub run_server
# Termination request or other message from client
my $msg = Net::SSLeay::read($ssl);
- if ($msg eq 'end')
+ if (defined $msg and $msg eq 'end')
{
Net::SSLeay::write($ssl, 'end');
exit (0);
--
2.14.4

57
Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
View File

@ -1,57 +0,0 @@
From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 14 Aug 2018 16:55:52 +0200
Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
t/local/36_verify.t fails randomly with OpenSSL 1.1.1:
# Failed test 'Verify callback result and get_verify_result are equal'
# at t/local/36_verify.t line 111.
# got: '-1'
# expected: '0'
# Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'
# at t/local/36_verify.t line 118.
# got: '-1'
# expected: '43'
Bailout called. Further testing stopped: failed to connect to server: Connection refused
FAILED--Further testing stopped: failed to connect to server: Connection refused
I believe this because TLSv1.3 server can generate SIGPIPE if a client
disconnects too soon.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/local/36_verify.t | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index e55b138..2837288 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -266,10 +266,20 @@ sub run_server
return if $pid != 0;
+ $SIG{'PIPE'} = 'IGNORE';
my $ctx = Net::SSLeay::CTX_new();
Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
my $ret = Net::SSLeay::CTX_check_private_key($ctx);
BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1;
+ if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) {
+ # TLS 1.3 server sends session tickets after a handhake as part of
+ # the SSL_accept(). If a client finishes all its job including closing
+ # TCP connectino before a server sends the tickets, SSL_accept() fails
+ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
+ # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
+ my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0);
+ BAIL_OUT("Session tickets disabled") unless $ret;
+ }
while (1)
{
--
2.14.4

42
Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
View File

@ -1,42 +0,0 @@
commit 6a6bcf3d96115a6ef62289838cea418c185d8c88
Author: Paul Howarth <paul@city-fan.org>
Date: Wed Sep 19 09:38:40 2018 +0100
Expose SSL_CTX_set_post_handshake_auth
TLS 1.3 removed renegotiation in favor of rekeying and post handshake
authentication (PHA). With PHA, a server can request a client certificate from
a client at some point after the handshake. The feature is commonly used by
HTTP servers for conditional and path specific TLS client auth. For example, a
server can decide to require a cert based on HTTP method and/or path. A client
must announce support for PHA during the handshake.
Apache mod_ssl uses PHA:
https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_kernel.c#L1207
As of OpenSSL ticket https://github.com/openssl/openssl/issues/6933, TLS 1.3
clients no longer send the PHA TLS extension by default. For on-demand auth,
PHA extension must be enabled with SSL_CTX_set_post_handshake_auth(),
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth.html .
This function is needed for the Apache httpd upstream test suite:
https://bugzilla.redhat.com/show_bug.cgi?id=1630391 .
diff --git a/SSLeay.xs b/SSLeay.xs
index a4dcb0a..5777ffc 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -7291,4 +7291,13 @@ SSL_export_keying_material(ssl, outlen, label, p)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
+
+void
+SSL_CTX_set_post_handshake_auth(s,val)
+ SSL_CTX * s
+ int val
+
+#endif
+
#define REM_EOF "/* EOF - SSLeay.xs */"

225
Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
View File

@ -1,225 +0,0 @@
From e0b42b0120b941b5675e4071445424dc8a1230e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 15 Aug 2018 14:46:52 +0200
Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
read()/write() up
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/core.t test
because it tests non-blocking socket operations and expects to see
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE errors and to handle them
byt itself.
This patch purifies Net::SSLeay::{read,write}() to behave exactly as
underlying OpenSSL functions. The retry is moved to
Net::SSLeay::ssl_read_all. All relevant Net::SSLeay::{read,write}() calls in
tests are changed into Net::SSLea::ssl_{read,write}_all().
All applications should implement the retry themsleves or use
ssl_*_all() instead.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
SSLeay.xs | 28 +++++++---------------------
lib/Net/SSLeay.pm | 22 +++++++++++++++-------
t/local/07_sslecho.t | 12 ++++++------
t/local/36_verify.t | 9 +++++----
4 files changed, 33 insertions(+), 38 deletions(-)
diff --git a/SSLeay.xs b/SSLeay.xs
index 5aed4d7..7cb6eab 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -1997,19 +1997,13 @@ SSL_read(s,max=32768)
PREINIT:
char *buf;
int got;
+ int succeeded = 1;
PPCODE:
New(0, buf, max, char);
- do {
- int err;
-
- got = SSL_read(s, buf, max);
- if (got > 0)
- break;
- err = SSL_get_error(s, got);
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
- break;
- } while (1);
+ got = SSL_read(s, buf, max);
+ if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
+ succeeded = 0;
/* If in list context, return 2-item list:
* first return value: data gotten, or undef on error (got<0)
@@ -2017,13 +2011,13 @@ SSL_read(s,max=32768)
*/
if (GIMME_V==G_ARRAY) {
EXTEND(SP, 2);
- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
+ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
PUSHs(sv_2mortal(newSViv(got)));
/* If in scalar or void context, return data gotten, or undef on error. */
} else {
EXTEND(SP, 1);
- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
+ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
}
Safefree(buf);
@@ -2066,15 +2060,7 @@ SSL_write(s,buf)
INPUT:
char * buf = SvPV( ST(1), len);
CODE:
- do {
- ret = SSL_write (s, buf, (int)len);
- if (ret > 0)
- break;
- err = SSL_get_error(s, ret);
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
- break;
- } while (1);
- RETVAL = ret;
+ RETVAL = SSL_write (s, buf, (int)len);
OUTPUT:
RETVAL
diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
index 3adf12c..afc6c8f 100644
--- a/lib/Net/SSLeay.pm
+++ b/lib/Net/SSLeay.pm
@@ -579,14 +579,22 @@ sub debug_read {
sub ssl_read_all {
my ($ssl,$how_much) = @_;
$how_much = 2000000000 unless $how_much;
- my ($got, $errs);
+ my ($got, $rv, $errs);
my $reply = '';
while ($how_much > 0) {
- $got = Net::SSLeay::read($ssl,
+ ($got, $rv) = Net::SSLeay::read($ssl,
($how_much > 32768) ? 32768 : $how_much
);
- last if $errs = print_errs('SSL_read');
+ if (! defined $got) {
+ my $err = Net::SSLeay::get_error($ssl, $rv);
+ if ($err != Net::SSLeay::ERROR_WANT_READ() and
+ $err != Net::SSLeay::ERROR_WANT_WRITE()) {
+ $errs = print_errs('SSL_read');
+ last;
+ }
+ next;
+ }
$how_much -= blength($got);
debug_read(\$reply, \$got) if $trace>1;
last if $got eq ''; # EOF
@@ -839,14 +847,14 @@ sub ssl_read_until ($;$$) {
$found = index($match, $delim);
if ($found > -1) {
- #$got = Net::SSLeay::read($ssl, $found+$len_delim);
+ #$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim);
#read up to the end of the delimiter
- $got = Net::SSLeay::read($ssl,
+ $got = Net::SSLeay::ssl_read_all($ssl,
$found + $len_delim
- ((blength($match)) - (blength($got))));
$done = 1;
} else {
- $got = Net::SSLeay::read($ssl, $peek_length);
+ $got = Net::SSLeay::ssl_read_all($ssl, $peek_length);
$done = 1 if ($peek_length == $max_length - blength($reply));
}
@@ -857,7 +865,7 @@ sub ssl_read_until ($;$$) {
}
} else {
while (!defined $max_length || length $reply < $max_length) {
- $got = Net::SSLeay::read($ssl,1); # one by one
+ $got = Net::SSLeay::ssl_read_all($ssl,1); # one by one
last if print_errs('SSL_read');
debug_read(\$reply, \$got) if $trace>1;
last if $got eq '';
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
index 74e317a..7f19027 100644
--- a/t/local/07_sslecho.t
+++ b/t/local/07_sslecho.t
@@ -134,10 +134,10 @@ my @results;
push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ];
- push @results, [ Net::SSLeay::write($ssl, $msg), 'write' ];
+ push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ];
shutdown($s, 1);
- my ($got) = Net::SSLeay::read($ssl);
+ my $got = Net::SSLeay::ssl_read_all($ssl);
push @results, [ $got eq uc($msg), 'read' ];
Net::SSLeay::free($ssl);
@@ -177,7 +177,7 @@ my @results;
Net::SSLeay::set_fd($ssl, fileno($s));
Net::SSLeay::connect($ssl);
- Net::SSLeay::write($ssl, $msg);
+ Net::SSLeay::ssl_write_all($ssl, $msg);
shutdown $s, 2;
close $s;
@@ -231,15 +231,15 @@ my @results;
Net::SSLeay::set_fd($ssl3, $s3);
Net::SSLeay::connect($ssl1);
- Net::SSLeay::write($ssl1, $msg);
+ Net::SSLeay::ssl_write_all($ssl1, $msg);
shutdown $s1, 2;
Net::SSLeay::connect($ssl2);
- Net::SSLeay::write($ssl2, $msg);
+ Net::SSLeay::ssl_write_all($ssl2, $msg);
shutdown $s2, 2;
Net::SSLeay::connect($ssl3);
- Net::SSLeay::write($ssl3, $msg);
+ Net::SSLeay::ssl_write_all($ssl3, $msg);
shutdown $s3, 2;
close $s1;
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index 2837288..b04be13 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -252,8 +252,9 @@ sub client {
Net::SSLeay::set_fd($ssl, $cl);
Net::SSLeay::connect($ssl);
my $end = "end";
- Net::SSLeay::write($ssl, $end);
- ok($end eq Net::SSLeay::read($ssl), 'Successful termination');
+ Net::SSLeay::ssl_write_all($ssl, $end);
+ Net::SSLeay::shutdown($ssl);
+ ok($end eq Net::SSLeay::ssl_read_all($ssl), 'Successful termination');
return;
}
@@ -291,10 +292,10 @@ sub run_server
next unless $ret == 1;
# Termination request or other message from client
- my $msg = Net::SSLeay::read($ssl);
+ my $msg = Net::SSLeay::ssl_read_all($ssl);
if (defined $msg and $msg eq 'end')
{
- Net::SSLeay::write($ssl, 'end');
+ Net::SSLeay::ssl_write_all($ssl, 'end');
exit (0);
}
}
--
2.14.4

70
Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
View File

@ -1,70 +0,0 @@
From 122c80853a9bd66f21699fc79a689b3028d00d3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 17 Aug 2018 13:08:44 +0200
Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
write_partial()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/nonblock.t test
because it tests non-blocking socket operations and expects to see
SSL_ERROR_WANT_WRITE errors and to handle them byt itself.
This patch purifies Net::SSLeay::write_partial() to behave exactly as
underlying OpenSSL SSL_write() function. The retry is already
presented in Net::SSLeay::ssl_write_all().
All applications should implement the retry themsleves or use
ssl_*_all() instead.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
SSLeay.xs | 16 ++--------------
lib/Net/SSLeay.pod | 3 ++-
2 files changed, 4 insertions(+), 15 deletions(-)
diff --git a/SSLeay.xs b/SSLeay.xs
index 7cb6eab..fc7677f 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -2089,20 +2089,8 @@ SSL_write_partial(s,from,count,buf)
if (len < 0) {
croak("from beyound end of buffer");
RETVAL = -1;
- } else {
- int ret;
- int err;
-
- do {
- ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
- if (ret > 0)
- break;
- err = SSL_get_error(s, ret);
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
- break;
- } while (1);
- RETVAL = ret;
- }
+ } else
+ RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
OUTPUT:
RETVAL
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
index bca7be4..8b5f738 100644
--- a/lib/Net/SSLeay.pod
+++ b/lib/Net/SSLeay.pod
@@ -4819,7 +4819,8 @@ Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_write.html|http://www.op
B<NOTE:> Does not exactly correspond to any low level API function
-Writes a fragment of data in $data from the buffer $data into the specified $ssl connection.
+Writes a fragment of data in $data from the buffer $data into the specified
+$ssl connection. This is a non-blocking function like L<Net::SSLeay::write()>.
my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data);
# $ssl - value corresponding to openssl's SSL structure
--
2.14.4

44
perl-Net-SSLeay.spec
View File

@ -6,27 +6,17 @@
# Provides/Requires filtering is different from rpm 4.9 onwards
%global rpm49 %(rpm --version | perl -p -e 's/^.* (\\d+)\\.(\\d+).*/sprintf("%d.%03d",$1,$2) ge 4.009 ? 1 : 0/e' 2>/dev/null || echo 0)
%global cpan_version 1.86_09
Name: perl-Net-SSLeay
Version: 1.85
Release: 10%{?dist}
Version: 1.86
Release: 0.1.09%{?dist}
Summary: Perl extension for using OpenSSL
License: Artistic 2.0
URL: https://metacpan.org/release/Net-SSLeay
Source0: https://cpan.metacpan.org/authors/id/M/MI/MIKEM/Net-SSLeay-%{version}.tar.gz
# Adapt to OpenSSL 1.1.1, bug #1614884, CPAN RT#125218
Patch0: Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
Source0: https://cpan.metacpan.org/authors/id/C/CH/CHRISN/Net-SSLeay-%{cpan_version}.tar.gz
# Adapt tests to system-wide crypto policy, bug #1614884
Patch1: Net-SSLeay-1.85-Adapt-CTX_get_min_proto_version-tests-to-system-wide.patch
# Avoid SIGPIPE in t/local/36_verify.t, bug #1614884, CPAN RT#125218
Patch2: Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
# Revert retry in Net::SSLeay::{read,write}(), bug #1614884, CPAN RT#125218
Patch3: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
# Revert retry in Net::SSLeay::write_partial(), bug #1614884, CPAN RT#125218
Patch4: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
# Expose SSL_CTX_set_post_handshake_auth (#1630391)
# https://github.com/radiator-software/p5-net-ssleay/pull/68
Patch5: Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
Patch0: Net-SSLeay-1.85-Adapt-CTX_get_min_proto_version-tests-to-system-wide.patch
# =========== Module Build ===========================
BuildRequires: coreutils
BuildRequires: findutils
@ -39,8 +29,10 @@ BuildRequires: perl-generators
BuildRequires: perl-interpreter
BuildRequires: perl(Cwd)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(ExtUtils::MM)
BuildRequires: perl(File::Basename)
BuildRequires: perl(File::Path)
BuildRequires: perl(lib)
BuildRequires: perl(Symbol)
# =========== Module Runtime =========================
BuildRequires: perl(AutoLoader)
BuildRequires: perl(Carp)
@ -54,6 +46,8 @@ BuildRequires: perl(File::Spec)
BuildRequires: perl(HTTP::Tiny)
BuildRequires: perl(IO::Handle)
BuildRequires: perl(IO::Socket::INET)
BuildRequires: perl(lib)
BuildRequires: perl(Storable)
BuildRequires: perl(strict)
BuildRequires: perl(Test::More) >= 0.61
BuildRequires: perl(threads)
@ -61,8 +55,10 @@ BuildRequires: perl(warnings)
# =========== Optional Test Suite ====================
%if %{with perl_Net_SSLeay_enables_optional_test}
BuildRequires: perl(Test::Exception)
# Test::Kwalitee 1.00 not used
BuildRequires: perl(Test::NoWarnings)
BuildRequires: perl(Test::Pod) >= 1.0
# Test::Pod::Coverage 1.00 not used
BuildRequires: perl(Test::Warn)
%endif
# =========== Module Runtime =========================
@ -81,13 +77,8 @@ clients, and finally access to the SSL API of SSLeay/OpenSSL package
so you can write servers or clients for more complicated applications.
%prep
%setup -q -n Net-SSLeay-%{version}
%setup -q -n Net-SSLeay-%{cpan_version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
# Fix permissions in examples to avoid bogus doc-file dependencies
chmod -c 644 examples/*
@ -99,9 +90,10 @@ chmod -c 644 examples/*
%endif
%build
unset OPENSSL_PREFIX
PERL_MM_USE_DEFAULT=1 perl Makefile.PL \
INSTALLDIRS=vendor \
OPTIMIZE="%{optflags}"
OPTIMIZE="%{optflags}" </dev/null
make %{?_smp_mflags}
%install
@ -114,6 +106,7 @@ find %{buildroot} -type f -name '*.bs' -empty -delete
rm -f %{buildroot}%{perl_vendorarch}/Net/ptrtstrun.pl
%check
unset RELEASE_TESTING
make test
%files
@ -122,7 +115,7 @@ make test
%else
%doc LICENSE
%endif
%doc Changes Credits QuickRef README examples/
%doc Changes CONTRIBUTING.md Credits QuickRef README examples/
%{perl_vendorarch}/auto/Net/
%dir %{perl_vendorarch}/Net/
%{perl_vendorarch}/Net/SSLeay/
@ -132,6 +125,9 @@ make test
%{_mandir}/man3/Net::SSLeay::Handle.3*
%changelog
* Wed Mar 20 2019 Petr Pisar <ppisar@redhat.com> - 1.86-0.1.09
- Update to 1.86_09 (see Changes file for details)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.85-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (Net-SSLeay-1.85.tar.gz) = 74e0f2f56b707f1ff845c78c1fa7ce26a71b8f943bb99e994d4e065d1f42259fe4cd1a6a17d333459727534158f9541f116dbc8515122380807d9450b0faa26b
SHA512 (Net-SSLeay-1.86_09.tar.gz) = 5f878169075dac9b0e5f9aabec732a5034858a414a8344d16928fe8ec614277872d3af75295ac065ef5a7511c0f5ca22fc3f5cd040f0009d2a8119314da54727