Accepting request 633282 from devel:languages:perl

OBS-URL: https://build.opensuse.org/request/show/633282 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-Net-SSLeay?expand=0&rev=28
2018-09-11 15:13:42 +00:00 · 2018-09-11 15:13:42 +00:00 · 4ace84fa93
commit 4ace84fa93
parent aa39593505 f7b5300fb7
8 changed files with 634 additions and 23 deletions
--- a/Net-SSLeay-1.81.tar.gz
+++ b/Net-SSLeay-1.81.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:00cbb6174e628b42178e1445c9fd5a3c5ae2cfd6a5a43e03610ba14786f21b7d
 size 396631
--- a/Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
+++ b/Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
@ -0,0 +1,237 @@
 From b01291bf88dd84529c93973da7c275e0ffe5cc1f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
 Date: Fri, 3 Aug 2018 14:30:22 +0200
 Subject: [PATCH] Adapt to OpenSSL 1.1.1
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 OpenSSL 1.1.1 defaults to TLS 1.3 that handles session tickets and
 session shutdowns differently. This leads to failing various Net-SSLeay
 tests that exhibits use cases that are not possible with OpenSSL 1.1.1
 anymore or where the library behaves differently.
 Since Net-SSLeay is a low-level wrapper, Net-SSLeay will be corrected
 in tests. Higher-level code as IO::Socket::SSL and other Net::SSLeay
 applications need to be adjusted on case-to-case basis.
 This patche changes:
 - Retry SSL_read() and SSL_write() (by sebastian [...] breakpoint.cc)
 - Disable session tickets in t/local/07_sslecho.t.
 - Adaps t/local/36_verify.t to a session end when Net::SSLeay::read()
  returns undef.
 https://rt.cpan.org/Public/Bug/Display.html?id=125218
 https://github.com/openssl/openssl/issues/5637
 https://github.com/openssl/openssl/issues/6904
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 SSLeay.xs            | 56 ++++++++++++++++++++++++++++++++++++++++++++++++----
 lib/Net/SSLeay.pod   | 46 ++++++++++++++++++++++++++++++++++++++++++
 t/local/07_sslecho.t | 15 ++++++++++++--
 t/local/36_verify.t  |  2 +-
 4 files changed, 112 insertions(+), 7 deletions(-)
 diff --git a/SSLeay.xs b/SSLeay.xs
 index bf148c0..5aed4d7 100644
 --- a/SSLeay.xs
 +++ b/SSLeay.xs
@@ -1999,7 +1999,17 @@ SSL_read(s,max=32768)
 	int got;
     PPCODE:
 	New(0, buf, max, char);
 -	got = SSL_read(s, buf, max);
 +
 +	do {
 +		int err;
 +
 +		got = SSL_read(s, buf, max);
 +		if (got > 0)
 +			break;
 +		err = SSL_get_error(s, got);
 +		if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
 +			break;
 +	} while (1);
 	/* If in list context, return 2-item list:
 	 *   first return value:  data gotten, or undef on error (got<0)
@@ -2051,10 +2061,20 @@ SSL_write(s,buf)
      SSL *   s
      PREINIT:
      STRLEN len;
 +     int err;
 +     int ret;
      INPUT:
      char *  buf = SvPV( ST(1), len);
      CODE:
 -     RETVAL = SSL_write (s, buf, (int)len);
 +     do {
 +	     ret = SSL_write (s, buf, (int)len);
 +	     if (ret > 0)
 +		     break;
 +	     err = SSL_get_error(s, ret);
 +	     if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
 +		     break;
 +     } while (1);
 +     RETVAL = ret;
      OUTPUT:
      RETVAL
@@ -2083,8 +2103,20 @@ SSL_write_partial(s,from,count,buf)
      if (len < 0) {
        croak("from beyound end of buffer");
        RETVAL = -1;
 -     } else
 -       RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
 +     } else {
 +	     int ret;
 +	     int err;
 +
 +	     do {
 +		     ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
 +		     if (ret > 0)
 +			     break;
 +		     err = SSL_get_error(s, ret);
 +		     if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
 +			     break;
 +	     } while (1);
 +	     RETVAL = ret;
 +     }
      OUTPUT:
      RETVAL
@@ -6957,4 +6989,20 @@ SSL_export_keying_material(ssl, outlen, label, p)
 #endif
 +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
 +
 +int
 +SSL_CTX_set_num_tickets(SSL_CTX *ctx,size_t num_tickets)
 +
 +size_t
 +SSL_CTX_get_num_tickets(SSL_CTX *ctx)
 +
 +int
 +SSL_set_num_tickets(SSL *ssl,size_t num_tickets)
 +
 +size_t
 +SSL_get_num_tickets(SSL *ssl)
 +
 +#endif
 +
 #define REM_EOF "/* EOF - SSLeay.xs */"
 diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
 index 2e1aae3..bca7be4 100644
 --- a/lib/Net/SSLeay.pod
 +++ b/lib/Net/SSLeay.pod
@@ -4437,6 +4437,52 @@ getticket($ssl,$ticket,$data) -> $return_value
 This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb.
 +=item * CTX_set_num_tickets
 +
 +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
 +
 +Set number of session tickets that will be sent to a client.
 +
 + my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets);
 + # $ctx  - value corresponding to openssl's SSL_CTX structure
 + # $number_of_tickets - number of tickets to send
 + # returns: 1 on success, 0 on failure
 +
 +Set to zero if you do not no want to support a session resumption.
 +
 +=item * CTX_get_num_tickets
 +
 +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
 +
 +Get number of session tickets that will be sent to a client.
 +
 + my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx);
 + # $ctx  - value corresponding to openssl's SSL_CTX structure
 + # returns: number of tickets to send
 +
 +=item * set_num_tickets
 +
 +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
 +
 +Set number of session tickets that will be sent to a client.
 +
 + my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets);
 + # $ssl  - value corresponding to openssl's SSL structure
 + # $number_of_tickets - number of tickets to send
 + # returns: 1 on success, 0 on failure
 +
 +Set to zero if you do not no want to support a session resumption.
 +
 +=item * get_num_tickets
 +
 +B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
 +
 +Get number of session tickets that will be sent to a client.
 +
 + my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx);
 + # $ctx  - value corresponding to openssl's SSL structure
 + # returns: number of tickets to send
 +
 =item * set_shutdown
 Sets the shutdown state of $ssl to $mode.
 diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
 index 5e16b04..5dc946a 100644
 --- a/t/local/07_sslecho.t
 +++ b/t/local/07_sslecho.t
@@ -13,7 +13,8 @@ BEGIN {
   plan skip_all => "fork() not supported on $^O" unless $Config{d_fork};
 }
 -plan tests => 78;
 +plan tests => 79;
 +$SIG{'PIPE'} = 'IGNORE';
 my $sock;
 my $pid;
@@ -61,6 +62,16 @@ Net::SSLeay::library_init();
     ok(Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'), 'CTX_set_cipher_list');
     my ($dummy, $errs) = Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
     ok($errs eq '', "set_cert_and_key: $errs");
 +    SKIP: {
 +        skip 'Disabling session tickets requires OpenSSL >= 1.1.1', 1
 +            unless (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f);
 +        # TLS 1.3 server sends session tickets after a handhake as part of
 +        # the SSL_accept(). If a client finishes all its job including closing
 +        # TCP connectino before a server sends the tickets, SSL_accept() fails
 +        # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
 +        # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
 +        ok(Net::SSLeay::CTX_set_num_tickets($ctx, 0), 'Session tickets disabled');
 +    }
     $pid = fork();
     BAIL_OUT("failed to fork: $!") unless defined $pid;
@@ -351,7 +362,7 @@ waitpid $pid, 0;
 push @results, [ $? == 0, 'server exited with 0' ];
 END {
 -    Test::More->builder->current_test(51);
 +    Test::More->builder->current_test(52);
     for my $t (@results) {
         ok( $t->[0], $t->[1] );
     }
 diff --git a/t/local/36_verify.t b/t/local/36_verify.t
 index 92afc52..e55b138 100644
 --- a/t/local/36_verify.t
 +++ b/t/local/36_verify.t
@@ -282,7 +282,7 @@ sub run_server
 	# Termination request or other message from client
 	my $msg = Net::SSLeay::read($ssl);
 -	if ($msg eq 'end')
 +	if (defined $msg and $msg eq 'end')
 	{
 	    Net::SSLeay::write($ssl, 'end');
 	    exit (0);
 -- 
 2.14.4
--- a/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
+++ b/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
@ -0,0 +1,57 @@
 From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
 Date: Tue, 14 Aug 2018 16:55:52 +0200
 Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 t/local/36_verify.t fails randomly with OpenSSL 1.1.1:
    #   Failed test 'Verify callback result and get_verify_result are equal'
    #   at t/local/36_verify.t line 111.
    #          got: '-1'
    #     expected: '0'
    #   Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'
    #   at t/local/36_verify.t line 118.
    #          got: '-1'
    #     expected: '43'
    Bailout called.  Further testing stopped:  failed to connect to server: Connection refused
    FAILED--Further testing stopped: failed to connect to server: Connection refused
 I believe this because TLSv1.3 server can generate SIGPIPE if a client
 disconnects too soon.
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 t/local/36_verify.t | 10 ++++++++++
 1 file changed, 10 insertions(+)
 diff --git a/t/local/36_verify.t b/t/local/36_verify.t
 index e55b138..2837288 100644
 --- a/t/local/36_verify.t
 +++ b/t/local/36_verify.t
@@ -266,10 +266,20 @@ sub run_server
     return if $pid != 0;
 +    $SIG{'PIPE'} = 'IGNORE';
     my $ctx = Net::SSLeay::CTX_new();
     Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
     my $ret = Net::SSLeay::CTX_check_private_key($ctx);
     BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1;
 +    if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) {
 +        # TLS 1.3 server sends session tickets after a handhake as part of
 +        # the SSL_accept(). If a client finishes all its job including closing
 +        # TCP connectino before a server sends the tickets, SSL_accept() fails
 +        # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
 +        # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
 +        my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0);
 +        BAIL_OUT("Session tickets disabled") unless $ret;
 +    }
     while (1)
     {
 -- 
 2.14.4
--- a/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
+++ b/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
@ -0,0 +1,225 @@
 From e0b42b0120b941b5675e4071445424dc8a1230e1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
 Date: Wed, 15 Aug 2018 14:46:52 +0200
 Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
 read()/write() up
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/core.t test
 because it tests non-blocking socket operations and expects to see
 SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE errors and to handle them
 byt itself.
 This patch purifies Net::SSLeay::{read,write}() to behave exactly as
 underlying OpenSSL functions. The retry is moved to
 Net::SSLeay::ssl_read_all. All relevant Net::SSLeay::{read,write}() calls in
 tests are changed into Net::SSLea::ssl_{read,write}_all().
 All applications should implement the retry themsleves or use
 ssl_*_all() instead.
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 SSLeay.xs            | 28 +++++++---------------------
 lib/Net/SSLeay.pm    | 22 +++++++++++++++-------
 t/local/07_sslecho.t | 12 ++++++------
 t/local/36_verify.t  |  9 +++++----
 4 files changed, 33 insertions(+), 38 deletions(-)
 diff --git a/SSLeay.xs b/SSLeay.xs
 index 5aed4d7..7cb6eab 100644
 --- a/SSLeay.xs
 +++ b/SSLeay.xs
@@ -1997,19 +1997,13 @@ SSL_read(s,max=32768)
     PREINIT:
 	char *buf;
 	int got;
 +	int succeeded = 1;
     PPCODE:
 	New(0, buf, max, char);
 -	do {
 -		int err;
 -
 -		got = SSL_read(s, buf, max);
 -		if (got > 0)
 -			break;
 -		err = SSL_get_error(s, got);
 -		if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
 -			break;
 -	} while (1);
 +	got = SSL_read(s, buf, max);
 +	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
 +	       succeeded = 0;
 	/* If in list context, return 2-item list:
 	 *   first return value:  data gotten, or undef on error (got<0)
@@ -2017,13 +2011,13 @@ SSL_read(s,max=32768)
 	 */
 	if (GIMME_V==G_ARRAY) {
 	    EXTEND(SP, 2);
 -	    PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
 +	    PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
 	    PUSHs(sv_2mortal(newSViv(got)));
 	/* If in scalar or void context, return data gotten, or undef on error. */
 	} else {
 	    EXTEND(SP, 1);
 -	    PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
 +	    PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
 	}
 	Safefree(buf);
@@ -2066,15 +2060,7 @@ SSL_write(s,buf)
      INPUT:
      char *  buf = SvPV( ST(1), len);
      CODE:
 -     do {
 -	     ret = SSL_write (s, buf, (int)len);
 -	     if (ret > 0)
 -		     break;
 -	     err = SSL_get_error(s, ret);
 -	     if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
 -		     break;
 -     } while (1);
 -     RETVAL = ret;
 +     RETVAL = SSL_write (s, buf, (int)len);
      OUTPUT:
      RETVAL
 diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
 index 3adf12c..afc6c8f 100644
 --- a/lib/Net/SSLeay.pm
 +++ b/lib/Net/SSLeay.pm
@@ -579,14 +579,22 @@ sub debug_read {
 sub ssl_read_all {
     my ($ssl,$how_much) = @_;
     $how_much = 2000000000 unless $how_much;
 -    my ($got, $errs);
 +    my ($got, $rv, $errs);
     my $reply = '';
     while ($how_much > 0) {
 -        $got = Net::SSLeay::read($ssl,
 +        ($got, $rv) = Net::SSLeay::read($ssl,
                 ($how_much > 32768) ? 32768 : $how_much
         );
 -        last if $errs = print_errs('SSL_read');
 +        if (! defined $got) {
 +            my $err = Net::SSLeay::get_error($ssl, $rv);
 +            if ($err != Net::SSLeay::ERROR_WANT_READ() and
 +                    $err != Net::SSLeay::ERROR_WANT_WRITE()) {
 +                $errs = print_errs('SSL_read');
 +                last;
 +            }
 +            next;
 +        }
         $how_much -= blength($got);
         debug_read(\$reply, \$got) if $trace>1;
         last if $got eq '';  # EOF
@@ -839,14 +847,14 @@ sub ssl_read_until ($;$$) {
 	    $found = index($match, $delim);
 	    if ($found > -1) {
 -		#$got = Net::SSLeay::read($ssl, $found+$len_delim);
 +		#$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim);
 		#read up to the end of the delimiter
 -		$got = Net::SSLeay::read($ssl,
 +		$got = Net::SSLeay::ssl_read_all($ssl,
 					 $found + $len_delim
 					 - ((blength($match)) - (blength($got))));
 		$done = 1;
 	    } else {
 -		$got = Net::SSLeay::read($ssl, $peek_length);
 +		$got = Net::SSLeay::ssl_read_all($ssl, $peek_length);
 		$done = 1 if ($peek_length == $max_length - blength($reply));
 	    }
@@ -857,7 +865,7 @@ sub ssl_read_until ($;$$) {
 	}
     } else {
 	while (!defined $max_length || length $reply < $max_length) {
 -	    $got = Net::SSLeay::read($ssl,1);  # one by one
 +	    $got = Net::SSLeay::ssl_read_all($ssl,1);  # one by one
 	    last if print_errs('SSL_read');
 	    debug_read(\$reply, \$got) if $trace>1;
 	    last if $got eq '';
 diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
 index 74e317a..7f19027 100644
 --- a/t/local/07_sslecho.t
 +++ b/t/local/07_sslecho.t
@@ -134,10 +134,10 @@ my @results;
     push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ];
 -    push @results, [ Net::SSLeay::write($ssl, $msg), 'write' ];
 +    push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ];
     shutdown($s, 1);
 -    my ($got) = Net::SSLeay::read($ssl);
 +    my $got = Net::SSLeay::ssl_read_all($ssl);
     push @results, [ $got eq uc($msg), 'read' ];
     Net::SSLeay::free($ssl);
@@ -177,7 +177,7 @@ my @results;
             Net::SSLeay::set_fd($ssl, fileno($s));
             Net::SSLeay::connect($ssl);
 -            Net::SSLeay::write($ssl, $msg);
 +            Net::SSLeay::ssl_write_all($ssl, $msg);
             shutdown $s, 2;
             close $s;
@@ -231,15 +231,15 @@ my @results;
             Net::SSLeay::set_fd($ssl3, $s3);
             Net::SSLeay::connect($ssl1);
 -            Net::SSLeay::write($ssl1, $msg);
 +            Net::SSLeay::ssl_write_all($ssl1, $msg);
             shutdown $s1, 2;
             Net::SSLeay::connect($ssl2);
 -            Net::SSLeay::write($ssl2, $msg);
 +            Net::SSLeay::ssl_write_all($ssl2, $msg);
             shutdown $s2, 2;
             Net::SSLeay::connect($ssl3);
 -            Net::SSLeay::write($ssl3, $msg);
 +            Net::SSLeay::ssl_write_all($ssl3, $msg);
             shutdown $s3, 2;
             close $s1;
 diff --git a/t/local/36_verify.t b/t/local/36_verify.t
 index 2837288..b04be13 100644
 --- a/t/local/36_verify.t
 +++ b/t/local/36_verify.t
@@ -252,8 +252,9 @@ sub client {
     Net::SSLeay::set_fd($ssl, $cl);
     Net::SSLeay::connect($ssl);
     my $end = "end";
 -    Net::SSLeay::write($ssl, $end);
 -    ok($end eq Net::SSLeay::read($ssl),  'Successful termination');
 +    Net::SSLeay::ssl_write_all($ssl, $end);
 +    Net::SSLeay::shutdown($ssl);
 +    ok($end eq Net::SSLeay::ssl_read_all($ssl),  'Successful termination');
     return;
 }
@@ -291,10 +292,10 @@ sub run_server
 	next unless $ret == 1;
 	# Termination request or other message from client
 -	my $msg = Net::SSLeay::read($ssl);
 +	my $msg = Net::SSLeay::ssl_read_all($ssl);
 	if (defined $msg and $msg eq 'end')
 	{
 -	    Net::SSLeay::write($ssl, 'end');
 +	    Net::SSLeay::ssl_write_all($ssl, 'end');
 	    exit (0);
 	}
     }
 -- 
 2.14.4
--- a/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
+++ b/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
@ -0,0 +1,70 @@
 From 122c80853a9bd66f21699fc79a689b3028d00d3b Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
 Date: Fri, 17 Aug 2018 13:08:44 +0200
 Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
 write_partial()
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/nonblock.t test
 because it tests non-blocking socket operations and expects to see
 SSL_ERROR_WANT_WRITE errors and to handle them byt itself.
 This patch purifies Net::SSLeay::write_partial() to behave exactly as
 underlying OpenSSL SSL_write() function. The retry is already
 presented in Net::SSLeay::ssl_write_all().
 All applications should implement the retry themsleves or use
 ssl_*_all() instead.
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 SSLeay.xs          | 16 ++--------------
 lib/Net/SSLeay.pod |  3 ++-
 2 files changed, 4 insertions(+), 15 deletions(-)
 diff --git a/SSLeay.xs b/SSLeay.xs
 index 7cb6eab..fc7677f 100644
 --- a/SSLeay.xs
 +++ b/SSLeay.xs
@@ -2089,20 +2089,8 @@ SSL_write_partial(s,from,count,buf)
      if (len < 0) {
        croak("from beyound end of buffer");
        RETVAL = -1;
 -     } else {
 -	     int ret;
 -	     int err;
 -
 -	     do {
 -		     ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
 -		     if (ret > 0)
 -			     break;
 -		     err = SSL_get_error(s, ret);
 -		     if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
 -			     break;
 -	     } while (1);
 -	     RETVAL = ret;
 -     }
 +     } else
 +       RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
      OUTPUT:
      RETVAL
 diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
 index bca7be4..8b5f738 100644
 --- a/lib/Net/SSLeay.pod
 +++ b/lib/Net/SSLeay.pod
@@ -4819,7 +4819,8 @@ Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_write.html|http://www.op
 B<NOTE:> Does not exactly correspond to any low level API function
 -Writes a fragment of data in $data from the buffer $data into the specified $ssl connection.
 +Writes a fragment of data in $data from the buffer $data into the specified
 +$ssl connection. This is a non-blocking function like L<Net::SSLeay::write()>.
  my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data);
  # $ssl - value corresponding to openssl's SSL structure
 -- 
 2.14.4
--- a/Net-SSLeay-1.85.tar.gz
+++ b/Net-SSLeay-1.85.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9d8188b9fb1cae3bd791979c20554925d5e94a138d00414f1a6814549927b0c8
 size 418349
--- a/perl-Net-SSLeay.changes
+++ b/perl-Net-SSLeay.changes
@ -1,3 +1,24 @@
 -------------------------------------------------------------------
 Tue Sep  4 14:44:25 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
 - Add patches to support openssl 1.1.1 from Fedora
  * Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
  * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
  * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
  * Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
 -------------------------------------------------------------------
 Mon Aug 27 09:35:57 UTC 2018 - tchvatal@suse.com
 - Version update to 1.85:
  * Removal of many deprecated calls from 1.1.x series
 -------------------------------------------------------------------
 Mon Aug 27 09:31:53 UTC 2018 - tchvatal@suse.com
 - Add dependency over zlib-devel, previously added by openssl devel
 - Make sure all tests are run
 -------------------------------------------------------------------
 Mon Aug 21 09:18:18 UTC 2017 - vcizek@suse.com
--- a/perl-Net-SSLeay.spec
+++ b/perl-Net-SSLeay.spec
@ -1,7 +1,7 @@
 #
 # spec file for package perl-Net-SSLeay
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,31 +16,34 @@
 #
 %bcond_with test
 Name:           perl-Net-SSLeay
 Version:        1.81
 Release:        0
 %define cpan_name Net-SSLeay
 Name:           perl-Net-SSLeay
 Version:        1.85
 Release:        0
 Summary:        Perl extension for using OpenSSL
 License:        Artistic-2.0
 Group:          Development/Libraries/Perl
-Url:            http://search.cpan.org/dist/Net-SSLeay/
+URL:            http://search.cpan.org/dist/Net-SSLeay/
 Source:         http://www.cpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz
 # Adapt to OpenSSL 1.1.1, bug RH#1614884, CPAN RT#125218
 Patch0:         Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
 # Avoid SIGPIPE in t/local/36_verify.t, CPAN RT#125218
 Patch2:         Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
 # Revert retry in Net::SSLeay::{read,write}(), CPAN RT#125218
 Patch3:         Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
 # Revert retry in Net::SSLeay::write_partial(), CPAN RT#125218
 Patch4:         Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
 BuildRequires:  libopenssl-devel
 BuildRequires:  openssl
 BuildRequires:  perl
 BuildRequires:  perl-macros
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  zlib-devel
 %{perl_requires}
 %if %{with test}
 BuildRequires:  perl(Test::Exception)
 BuildRequires:  perl(Test::NoWarnings)
 BuildRequires:  perl(Test::Pod) >= 1.00
 BuildRequires:  perl(Test::Pod::Coverage)
 BuildRequires:  perl(Test::Warn)
 %endif
 #
 %description
 Net::SSLeay module contains perl bindings to openssl (http://www.openssl.org) library.
@ -51,12 +54,13 @@ Net::SSLeay module basically comprise of:
 %prep
 %setup -q -n %{cpan_name}-%{version}
 %autopatch -p1
 # replace rest of /usr/local/bin/perl with /usr/bin/perl
-for f in $(find . -type f -exec grep -l "/usr/local/bin/perl" {} \; ); do
+for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do
-  sed -i -e "s@/usr/local/bin/perl@perl@g" $f
+  sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f
 done
 # delete .orig files created by patches
-find . -type f -name "*.orig" -delete 
+find . -type f -name "*.orig" -delete
 # fix perm
 pushd examples
 chmod 0644 *.pl
@ -68,7 +72,7 @@ make %{?_smp_mflags}
 %check
 %if ! 0%{?qemu_user_space_build}
-make test
+make %{?_smp_mflags} test
 %endif
 %install
@ -76,11 +80,8 @@ make test
 %perl_process_packlist
 %perl_gen_filelist
 %clean
 rm -rf %{buildroot}
 %files -f %{name}.files
-%defattr(-,root,root,-)
+%license LICENSE
-%doc Changes Credits LICENSE QuickRef README examples
+%doc Changes Credits QuickRef README examples
 %changelog