From 79c418d3ca5935dc440a2c246b28e339901763c2884b1a42b4a73f71db8da232 Mon Sep 17 00:00:00 2001 From: Dirk Stoecker Date: Mon, 27 Aug 2018 12:27:14 +0000 Subject: [PATCH 1/2] Accepting request 631723 from home:scarabeus_iv:branches:devel:languages:perl - Version update to 1.85: * Removal of many deprecated calls from 1.1.x series - Add dependency over zlib-devel, previously added by openssl devel - Make sure all tests are run OBS-URL: https://build.opensuse.org/request/show/631723 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=39 --- Net-SSLeay-1.81.tar.gz | 3 --- Net-SSLeay-1.85.tar.gz | 3 +++ perl-Net-SSLeay.changes | 12 ++++++++++++ perl-Net-SSLeay.spec | 32 ++++++++++++-------------------- 4 files changed, 27 insertions(+), 23 deletions(-) delete mode 100644 Net-SSLeay-1.81.tar.gz create mode 100644 Net-SSLeay-1.85.tar.gz diff --git a/Net-SSLeay-1.81.tar.gz b/Net-SSLeay-1.81.tar.gz deleted file mode 100644 index 575ec82..0000000 --- a/Net-SSLeay-1.81.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:00cbb6174e628b42178e1445c9fd5a3c5ae2cfd6a5a43e03610ba14786f21b7d -size 396631 diff --git a/Net-SSLeay-1.85.tar.gz b/Net-SSLeay-1.85.tar.gz new file mode 100644 index 0000000..d956539 --- /dev/null +++ b/Net-SSLeay-1.85.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9d8188b9fb1cae3bd791979c20554925d5e94a138d00414f1a6814549927b0c8 +size 418349 diff --git a/perl-Net-SSLeay.changes b/perl-Net-SSLeay.changes index f8afad8..215cb62 100644 --- a/perl-Net-SSLeay.changes +++ b/perl-Net-SSLeay.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Aug 27 09:35:57 UTC 2018 - tchvatal@suse.com + +- Version update to 1.85: + * Removal of many deprecated calls from 1.1.x series + +------------------------------------------------------------------- +Mon Aug 27 09:31:53 UTC 2018 - tchvatal@suse.com + +- Add dependency over zlib-devel, previously added by openssl devel +- Make sure all tests are run + ------------------------------------------------------------------- Mon Aug 21 09:18:18 UTC 2017 - vcizek@suse.com diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec index d58e562..5ee01ad 100644 --- a/perl-Net-SSLeay.spec +++ b/perl-Net-SSLeay.spec @@ -1,7 +1,7 @@ # # spec file for package perl-Net-SSLeay # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,31 +16,26 @@ # -%bcond_with test - -Name: perl-Net-SSLeay -Version: 1.81 -Release: 0 %define cpan_name Net-SSLeay +Name: perl-Net-SSLeay +Version: 1.85 +Release: 0 Summary: Perl extension for using OpenSSL License: Artistic-2.0 Group: Development/Libraries/Perl -Url: http://search.cpan.org/dist/Net-SSLeay/ +URL: http://search.cpan.org/dist/Net-SSLeay/ Source: http://www.cpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz BuildRequires: libopenssl-devel BuildRequires: openssl BuildRequires: perl BuildRequires: perl-macros -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: zlib-devel %{perl_requires} -%if %{with test} BuildRequires: perl(Test::Exception) BuildRequires: perl(Test::NoWarnings) BuildRequires: perl(Test::Pod) >= 1.00 BuildRequires: perl(Test::Pod::Coverage) BuildRequires: perl(Test::Warn) -%endif -# %description Net::SSLeay module contains perl bindings to openssl (http://www.openssl.org) library. @@ -52,11 +47,11 @@ Net::SSLeay module basically comprise of: %prep %setup -q -n %{cpan_name}-%{version} # replace rest of /usr/local/bin/perl with /usr/bin/perl -for f in $(find . -type f -exec grep -l "/usr/local/bin/perl" {} \; ); do - sed -i -e "s@/usr/local/bin/perl@perl@g" $f +for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do + sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f done # delete .orig files created by patches -find . -type f -name "*.orig" -delete +find . -type f -name "*.orig" -delete # fix perm pushd examples chmod 0644 *.pl @@ -68,7 +63,7 @@ make %{?_smp_mflags} %check %if ! 0%{?qemu_user_space_build} -make test +make %{?_smp_mflags} test %endif %install @@ -76,11 +71,8 @@ make test %perl_process_packlist %perl_gen_filelist -%clean -rm -rf %{buildroot} - %files -f %{name}.files -%defattr(-,root,root,-) -%doc Changes Credits LICENSE QuickRef README examples +%license LICENSE +%doc Changes Credits QuickRef README examples %changelog From f7b5300fb75e125cd4d65e3303cbfa581ceaa4411a83f8c54e081e962626bc9e Mon Sep 17 00:00:00 2001 From: Dirk Stoecker Date: Wed, 5 Sep 2018 08:29:59 +0000 Subject: [PATCH 2/2] Accepting request 633049 from home:vitezslav_cizek:branches:devel:languages:perl - Add patches to support openssl 1.1.1 from Fedora * Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch * Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch OBS-URL: https://build.opensuse.org/request/show/633049 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=40 --- Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch | 237 ++++++++++++++++++ ...Avoid-SIGPIPE-in-t-local-36_verify.t.patch | 57 +++++ ...ANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch | 225 +++++++++++++++++ ..._WANT_WRITE-retry-from_write_partial.patch | 70 ++++++ perl-Net-SSLeay.changes | 9 + perl-Net-SSLeay.spec | 9 + 6 files changed, 607 insertions(+) create mode 100644 Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch create mode 100644 Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch create mode 100644 Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch create mode 100644 Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch diff --git a/Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch b/Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch new file mode 100644 index 0000000..a65d01b --- /dev/null +++ b/Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch @@ -0,0 +1,237 @@ +From b01291bf88dd84529c93973da7c275e0ffe5cc1f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 3 Aug 2018 14:30:22 +0200 +Subject: [PATCH] Adapt to OpenSSL 1.1.1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +OpenSSL 1.1.1 defaults to TLS 1.3 that handles session tickets and +session shutdowns differently. This leads to failing various Net-SSLeay +tests that exhibits use cases that are not possible with OpenSSL 1.1.1 +anymore or where the library behaves differently. + +Since Net-SSLeay is a low-level wrapper, Net-SSLeay will be corrected +in tests. Higher-level code as IO::Socket::SSL and other Net::SSLeay +applications need to be adjusted on case-to-case basis. + +This patche changes: + +- Retry SSL_read() and SSL_write() (by sebastian [...] breakpoint.cc) +- Disable session tickets in t/local/07_sslecho.t. +- Adaps t/local/36_verify.t to a session end when Net::SSLeay::read() + returns undef. + +https://rt.cpan.org/Public/Bug/Display.html?id=125218 +https://github.com/openssl/openssl/issues/5637 +https://github.com/openssl/openssl/issues/6904 +Signed-off-by: Petr Písař +--- + SSLeay.xs | 56 ++++++++++++++++++++++++++++++++++++++++++++++++---- + lib/Net/SSLeay.pod | 46 ++++++++++++++++++++++++++++++++++++++++++ + t/local/07_sslecho.t | 15 ++++++++++++-- + t/local/36_verify.t | 2 +- + 4 files changed, 112 insertions(+), 7 deletions(-) + +diff --git a/SSLeay.xs b/SSLeay.xs +index bf148c0..5aed4d7 100644 +--- a/SSLeay.xs ++++ b/SSLeay.xs +@@ -1999,7 +1999,17 @@ SSL_read(s,max=32768) + int got; + PPCODE: + New(0, buf, max, char); +- got = SSL_read(s, buf, max); ++ ++ do { ++ int err; ++ ++ got = SSL_read(s, buf, max); ++ if (got > 0) ++ break; ++ err = SSL_get_error(s, got); ++ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) ++ break; ++ } while (1); + + /* If in list context, return 2-item list: + * first return value: data gotten, or undef on error (got<0) +@@ -2051,10 +2061,20 @@ SSL_write(s,buf) + SSL * s + PREINIT: + STRLEN len; ++ int err; ++ int ret; + INPUT: + char * buf = SvPV( ST(1), len); + CODE: +- RETVAL = SSL_write (s, buf, (int)len); ++ do { ++ ret = SSL_write (s, buf, (int)len); ++ if (ret > 0) ++ break; ++ err = SSL_get_error(s, ret); ++ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) ++ break; ++ } while (1); ++ RETVAL = ret; + OUTPUT: + RETVAL + +@@ -2083,8 +2103,20 @@ SSL_write_partial(s,from,count,buf) + if (len < 0) { + croak("from beyound end of buffer"); + RETVAL = -1; +- } else +- RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len); ++ } else { ++ int ret; ++ int err; ++ ++ do { ++ ret = SSL_write (s, &(buf[from]), (count<=len)?count:len); ++ if (ret > 0) ++ break; ++ err = SSL_get_error(s, ret); ++ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) ++ break; ++ } while (1); ++ RETVAL = ret; ++ } + OUTPUT: + RETVAL + +@@ -6957,4 +6989,20 @@ SSL_export_keying_material(ssl, outlen, label, p) + + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x1010100fL ++ ++int ++SSL_CTX_set_num_tickets(SSL_CTX *ctx,size_t num_tickets) ++ ++size_t ++SSL_CTX_get_num_tickets(SSL_CTX *ctx) ++ ++int ++SSL_set_num_tickets(SSL *ssl,size_t num_tickets) ++ ++size_t ++SSL_get_num_tickets(SSL *ssl) ++ ++#endif ++ + #define REM_EOF "/* EOF - SSLeay.xs */" +diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod +index 2e1aae3..bca7be4 100644 +--- a/lib/Net/SSLeay.pod ++++ b/lib/Net/SSLeay.pod +@@ -4437,6 +4437,52 @@ getticket($ssl,$ticket,$data) -> $return_value + + This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb. + ++=item * CTX_set_num_tickets ++ ++B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 ++ ++Set number of session tickets that will be sent to a client. ++ ++ my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets); ++ # $ctx - value corresponding to openssl's SSL_CTX structure ++ # $number_of_tickets - number of tickets to send ++ # returns: 1 on success, 0 on failure ++ ++Set to zero if you do not no want to support a session resumption. ++ ++=item * CTX_get_num_tickets ++ ++B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 ++ ++Get number of session tickets that will be sent to a client. ++ ++ my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx); ++ # $ctx - value corresponding to openssl's SSL_CTX structure ++ # returns: number of tickets to send ++ ++=item * set_num_tickets ++ ++B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 ++ ++Set number of session tickets that will be sent to a client. ++ ++ my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets); ++ # $ssl - value corresponding to openssl's SSL structure ++ # $number_of_tickets - number of tickets to send ++ # returns: 1 on success, 0 on failure ++ ++Set to zero if you do not no want to support a session resumption. ++ ++=item * get_num_tickets ++ ++B not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1 ++ ++Get number of session tickets that will be sent to a client. ++ ++ my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx); ++ # $ctx - value corresponding to openssl's SSL structure ++ # returns: number of tickets to send ++ + =item * set_shutdown + + Sets the shutdown state of $ssl to $mode. +diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t +index 5e16b04..5dc946a 100644 +--- a/t/local/07_sslecho.t ++++ b/t/local/07_sslecho.t +@@ -13,7 +13,8 @@ BEGIN { + plan skip_all => "fork() not supported on $^O" unless $Config{d_fork}; + } + +-plan tests => 78; ++plan tests => 79; ++$SIG{'PIPE'} = 'IGNORE'; + + my $sock; + my $pid; +@@ -61,6 +62,16 @@ Net::SSLeay::library_init(); + ok(Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'), 'CTX_set_cipher_list'); + my ($dummy, $errs) = Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + ok($errs eq '', "set_cert_and_key: $errs"); ++ SKIP: { ++ skip 'Disabling session tickets requires OpenSSL >= 1.1.1', 1 ++ unless (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f); ++ # TLS 1.3 server sends session tickets after a handhake as part of ++ # the SSL_accept(). If a client finishes all its job including closing ++ # TCP connectino before a server sends the tickets, SSL_accept() fails ++ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives ++ # SIGPIPE signal. ++ ok(Net::SSLeay::CTX_set_num_tickets($ctx, 0), 'Session tickets disabled'); ++ } + + $pid = fork(); + BAIL_OUT("failed to fork: $!") unless defined $pid; +@@ -351,7 +362,7 @@ waitpid $pid, 0; + push @results, [ $? == 0, 'server exited with 0' ]; + + END { +- Test::More->builder->current_test(51); ++ Test::More->builder->current_test(52); + for my $t (@results) { + ok( $t->[0], $t->[1] ); + } +diff --git a/t/local/36_verify.t b/t/local/36_verify.t +index 92afc52..e55b138 100644 +--- a/t/local/36_verify.t ++++ b/t/local/36_verify.t +@@ -282,7 +282,7 @@ sub run_server + + # Termination request or other message from client + my $msg = Net::SSLeay::read($ssl); +- if ($msg eq 'end') ++ if (defined $msg and $msg eq 'end') + { + Net::SSLeay::write($ssl, 'end'); + exit (0); +-- +2.14.4 + diff --git a/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch b/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch new file mode 100644 index 0000000..044d4b2 --- /dev/null +++ b/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch @@ -0,0 +1,57 @@ +From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Tue, 14 Aug 2018 16:55:52 +0200 +Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +t/local/36_verify.t fails randomly with OpenSSL 1.1.1: + + # Failed test 'Verify callback result and get_verify_result are equal' + # at t/local/36_verify.t line 111. + # got: '-1' + # expected: '0' + # Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY' + # at t/local/36_verify.t line 118. + # got: '-1' + # expected: '43' + Bailout called. Further testing stopped: failed to connect to server: Connection refused + FAILED--Further testing stopped: failed to connect to server: Connection refused + +I believe this because TLSv1.3 server can generate SIGPIPE if a client +disconnects too soon. + +Signed-off-by: Petr Písař +--- + t/local/36_verify.t | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/t/local/36_verify.t b/t/local/36_verify.t +index e55b138..2837288 100644 +--- a/t/local/36_verify.t ++++ b/t/local/36_verify.t +@@ -266,10 +266,20 @@ sub run_server + + return if $pid != 0; + ++ $SIG{'PIPE'} = 'IGNORE'; + my $ctx = Net::SSLeay::CTX_new(); + Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); + my $ret = Net::SSLeay::CTX_check_private_key($ctx); + BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1; ++ if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) { ++ # TLS 1.3 server sends session tickets after a handhake as part of ++ # the SSL_accept(). If a client finishes all its job including closing ++ # TCP connectino before a server sends the tickets, SSL_accept() fails ++ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives ++ # SIGPIPE signal. ++ my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0); ++ BAIL_OUT("Session tickets disabled") unless $ret; ++ } + + while (1) + { +-- +2.14.4 + diff --git a/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch b/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch new file mode 100644 index 0000000..24a72a0 --- /dev/null +++ b/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch @@ -0,0 +1,225 @@ +From e0b42b0120b941b5675e4071445424dc8a1230e1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Wed, 15 Aug 2018 14:46:52 +0200 +Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from + read()/write() up +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/core.t test +because it tests non-blocking socket operations and expects to see +SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE errors and to handle them +byt itself. + +This patch purifies Net::SSLeay::{read,write}() to behave exactly as +underlying OpenSSL functions. The retry is moved to +Net::SSLeay::ssl_read_all. All relevant Net::SSLeay::{read,write}() calls in +tests are changed into Net::SSLea::ssl_{read,write}_all(). + +All applications should implement the retry themsleves or use +ssl_*_all() instead. + +Signed-off-by: Petr Písař +--- + SSLeay.xs | 28 +++++++--------------------- + lib/Net/SSLeay.pm | 22 +++++++++++++++------- + t/local/07_sslecho.t | 12 ++++++------ + t/local/36_verify.t | 9 +++++---- + 4 files changed, 33 insertions(+), 38 deletions(-) + +diff --git a/SSLeay.xs b/SSLeay.xs +index 5aed4d7..7cb6eab 100644 +--- a/SSLeay.xs ++++ b/SSLeay.xs +@@ -1997,19 +1997,13 @@ SSL_read(s,max=32768) + PREINIT: + char *buf; + int got; ++ int succeeded = 1; + PPCODE: + New(0, buf, max, char); + +- do { +- int err; +- +- got = SSL_read(s, buf, max); +- if (got > 0) +- break; +- err = SSL_get_error(s, got); +- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) +- break; +- } while (1); ++ got = SSL_read(s, buf, max); ++ if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got)) ++ succeeded = 0; + + /* If in list context, return 2-item list: + * first return value: data gotten, or undef on error (got<0) +@@ -2017,13 +2011,13 @@ SSL_read(s,max=32768) + */ + if (GIMME_V==G_ARRAY) { + EXTEND(SP, 2); +- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0))); ++ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); + PUSHs(sv_2mortal(newSViv(got))); + + /* If in scalar or void context, return data gotten, or undef on error. */ + } else { + EXTEND(SP, 1); +- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0))); ++ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0))); + } + + Safefree(buf); +@@ -2066,15 +2060,7 @@ SSL_write(s,buf) + INPUT: + char * buf = SvPV( ST(1), len); + CODE: +- do { +- ret = SSL_write (s, buf, (int)len); +- if (ret > 0) +- break; +- err = SSL_get_error(s, ret); +- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) +- break; +- } while (1); +- RETVAL = ret; ++ RETVAL = SSL_write (s, buf, (int)len); + OUTPUT: + RETVAL + +diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm +index 3adf12c..afc6c8f 100644 +--- a/lib/Net/SSLeay.pm ++++ b/lib/Net/SSLeay.pm +@@ -579,14 +579,22 @@ sub debug_read { + sub ssl_read_all { + my ($ssl,$how_much) = @_; + $how_much = 2000000000 unless $how_much; +- my ($got, $errs); ++ my ($got, $rv, $errs); + my $reply = ''; + + while ($how_much > 0) { +- $got = Net::SSLeay::read($ssl, ++ ($got, $rv) = Net::SSLeay::read($ssl, + ($how_much > 32768) ? 32768 : $how_much + ); +- last if $errs = print_errs('SSL_read'); ++ if (! defined $got) { ++ my $err = Net::SSLeay::get_error($ssl, $rv); ++ if ($err != Net::SSLeay::ERROR_WANT_READ() and ++ $err != Net::SSLeay::ERROR_WANT_WRITE()) { ++ $errs = print_errs('SSL_read'); ++ last; ++ } ++ next; ++ } + $how_much -= blength($got); + debug_read(\$reply, \$got) if $trace>1; + last if $got eq ''; # EOF +@@ -839,14 +847,14 @@ sub ssl_read_until ($;$$) { + $found = index($match, $delim); + + if ($found > -1) { +- #$got = Net::SSLeay::read($ssl, $found+$len_delim); ++ #$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim); + #read up to the end of the delimiter +- $got = Net::SSLeay::read($ssl, ++ $got = Net::SSLeay::ssl_read_all($ssl, + $found + $len_delim + - ((blength($match)) - (blength($got)))); + $done = 1; + } else { +- $got = Net::SSLeay::read($ssl, $peek_length); ++ $got = Net::SSLeay::ssl_read_all($ssl, $peek_length); + $done = 1 if ($peek_length == $max_length - blength($reply)); + } + +@@ -857,7 +865,7 @@ sub ssl_read_until ($;$$) { + } + } else { + while (!defined $max_length || length $reply < $max_length) { +- $got = Net::SSLeay::read($ssl,1); # one by one ++ $got = Net::SSLeay::ssl_read_all($ssl,1); # one by one + last if print_errs('SSL_read'); + debug_read(\$reply, \$got) if $trace>1; + last if $got eq ''; +diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t +index 74e317a..7f19027 100644 +--- a/t/local/07_sslecho.t ++++ b/t/local/07_sslecho.t +@@ -134,10 +134,10 @@ my @results; + + push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ]; + +- push @results, [ Net::SSLeay::write($ssl, $msg), 'write' ]; ++ push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ]; + shutdown($s, 1); + +- my ($got) = Net::SSLeay::read($ssl); ++ my $got = Net::SSLeay::ssl_read_all($ssl); + push @results, [ $got eq uc($msg), 'read' ]; + + Net::SSLeay::free($ssl); +@@ -177,7 +177,7 @@ my @results; + Net::SSLeay::set_fd($ssl, fileno($s)); + Net::SSLeay::connect($ssl); + +- Net::SSLeay::write($ssl, $msg); ++ Net::SSLeay::ssl_write_all($ssl, $msg); + + shutdown $s, 2; + close $s; +@@ -231,15 +231,15 @@ my @results; + Net::SSLeay::set_fd($ssl3, $s3); + + Net::SSLeay::connect($ssl1); +- Net::SSLeay::write($ssl1, $msg); ++ Net::SSLeay::ssl_write_all($ssl1, $msg); + shutdown $s1, 2; + + Net::SSLeay::connect($ssl2); +- Net::SSLeay::write($ssl2, $msg); ++ Net::SSLeay::ssl_write_all($ssl2, $msg); + shutdown $s2, 2; + + Net::SSLeay::connect($ssl3); +- Net::SSLeay::write($ssl3, $msg); ++ Net::SSLeay::ssl_write_all($ssl3, $msg); + shutdown $s3, 2; + + close $s1; +diff --git a/t/local/36_verify.t b/t/local/36_verify.t +index 2837288..b04be13 100644 +--- a/t/local/36_verify.t ++++ b/t/local/36_verify.t +@@ -252,8 +252,9 @@ sub client { + Net::SSLeay::set_fd($ssl, $cl); + Net::SSLeay::connect($ssl); + my $end = "end"; +- Net::SSLeay::write($ssl, $end); +- ok($end eq Net::SSLeay::read($ssl), 'Successful termination'); ++ Net::SSLeay::ssl_write_all($ssl, $end); ++ Net::SSLeay::shutdown($ssl); ++ ok($end eq Net::SSLeay::ssl_read_all($ssl), 'Successful termination'); + return; + } + +@@ -291,10 +292,10 @@ sub run_server + next unless $ret == 1; + + # Termination request or other message from client +- my $msg = Net::SSLeay::read($ssl); ++ my $msg = Net::SSLeay::ssl_read_all($ssl); + if (defined $msg and $msg eq 'end') + { +- Net::SSLeay::write($ssl, 'end'); ++ Net::SSLeay::ssl_write_all($ssl, 'end'); + exit (0); + } + } +-- +2.14.4 + diff --git a/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch b/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch new file mode 100644 index 0000000..b57bd2b --- /dev/null +++ b/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch @@ -0,0 +1,70 @@ +From 122c80853a9bd66f21699fc79a689b3028d00d3b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 17 Aug 2018 13:08:44 +0200 +Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from + write_partial() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/nonblock.t test +because it tests non-blocking socket operations and expects to see +SSL_ERROR_WANT_WRITE errors and to handle them byt itself. + +This patch purifies Net::SSLeay::write_partial() to behave exactly as +underlying OpenSSL SSL_write() function. The retry is already +presented in Net::SSLeay::ssl_write_all(). + +All applications should implement the retry themsleves or use +ssl_*_all() instead. + +Signed-off-by: Petr Písař +--- + SSLeay.xs | 16 ++-------------- + lib/Net/SSLeay.pod | 3 ++- + 2 files changed, 4 insertions(+), 15 deletions(-) + +diff --git a/SSLeay.xs b/SSLeay.xs +index 7cb6eab..fc7677f 100644 +--- a/SSLeay.xs ++++ b/SSLeay.xs +@@ -2089,20 +2089,8 @@ SSL_write_partial(s,from,count,buf) + if (len < 0) { + croak("from beyound end of buffer"); + RETVAL = -1; +- } else { +- int ret; +- int err; +- +- do { +- ret = SSL_write (s, &(buf[from]), (count<=len)?count:len); +- if (ret > 0) +- break; +- err = SSL_get_error(s, ret); +- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE) +- break; +- } while (1); +- RETVAL = ret; +- } ++ } else ++ RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len); + OUTPUT: + RETVAL + +diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod +index bca7be4..8b5f738 100644 +--- a/lib/Net/SSLeay.pod ++++ b/lib/Net/SSLeay.pod +@@ -4819,7 +4819,8 @@ Check openssl doc L Does not exactly correspond to any low level API function + +-Writes a fragment of data in $data from the buffer $data into the specified $ssl connection. ++Writes a fragment of data in $data from the buffer $data into the specified ++$ssl connection. This is a non-blocking function like L. + + my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data); + # $ssl - value corresponding to openssl's SSL structure +-- +2.14.4 + diff --git a/perl-Net-SSLeay.changes b/perl-Net-SSLeay.changes index 215cb62..9a78d1e 100644 --- a/perl-Net-SSLeay.changes +++ b/perl-Net-SSLeay.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Sep 4 14:44:25 UTC 2018 - Vítězslav Čížek + +- Add patches to support openssl 1.1.1 from Fedora + * Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch + * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch + * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch + * Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch + ------------------------------------------------------------------- Mon Aug 27 09:35:57 UTC 2018 - tchvatal@suse.com diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec index 5ee01ad..843ee00 100644 --- a/perl-Net-SSLeay.spec +++ b/perl-Net-SSLeay.spec @@ -25,6 +25,14 @@ License: Artistic-2.0 Group: Development/Libraries/Perl URL: http://search.cpan.org/dist/Net-SSLeay/ Source: http://www.cpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz +# Adapt to OpenSSL 1.1.1, bug RH#1614884, CPAN RT#125218 +Patch0: Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch +# Avoid SIGPIPE in t/local/36_verify.t, CPAN RT#125218 +Patch2: Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch +# Revert retry in Net::SSLeay::{read,write}(), CPAN RT#125218 +Patch3: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch +# Revert retry in Net::SSLeay::write_partial(), CPAN RT#125218 +Patch4: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch BuildRequires: libopenssl-devel BuildRequires: openssl BuildRequires: perl @@ -46,6 +54,7 @@ Net::SSLeay module basically comprise of: %prep %setup -q -n %{cpan_name}-%{version} +%autopatch -p1 # replace rest of /usr/local/bin/perl with /usr/bin/perl for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f