[Net-ssleay-devel] IO::Socket::SSL failures caused by Net::SSLeay
linked against openssl 0.9.8
Mike McCauley
mikem at open.com.au
Sat Dec 3 06:33:56 UTC 2005
Hello again Florian,
On Saturday 03 December 2005 13:36, Mike McCauley wrote:
> Hello Florian.
>
> On Thursday 01 December 2005 22:35, Florian Ragwitz wrote:
> > On Thu, Dec 01, 2005 at 04:59:57PM +1000, Mike McCauley wrote:
> > > Hello Florian,
> > >
> > > On Thursday 01 December 2005 12:09, Florian Ragwitz wrote:
> > > > On Thu, Dec 01, 2005 at 09:54:29AM +1000, Mike McCauley wrote:
> > > > > Hmmm, tested OK here with
> > > > >
> > > > > Debian 3.1r0a
> > > > > perl, v5.8.4 part of default deb install
> > > > > openssl 0.9.8a compiled locally with all defaults
> > > > > Net_SSLeay 1.25 compiled locally with all defaults
> > > > > IO-Socket-SSL 0.97 compiled locally with all defaults:
> > > >
> > > > That's stable. Please try unstable with the packages for all those
> > > > modules.
> > >
> > > OK, I have tried with latest etch beta1 i386, using the prepackaged
> > > perl 5.8.7
> >
> > Well, it doesn't matter what installer you use. Simply change the
> > sarge(stable) or etch(testing) in /etc/apt/sources.list to unstable and
> > run apt-get update; apt-get dist-upgrade;
> >
> > Then you're on the development version.
>
> OK, I can reproduce this problem now.
>
> The problem seems to be in the code inside the fork in IO::Socket::SSL
> t/compatibility.t
>
> The code expects $class to be of type MyClass, but on this deb, it ends up
> as class IO::Socket::INET (which does not know about issuer_name.
>
> I cant yet see why it doesnt work on deb unstable (actually I cant even see
> why it does work on other platforms :-)
> Il keep looking.
Getting closer now.
IO::Socket::SSL::connect_SSL fails to connect to the test server with an
error:
SSL connect attempt failederror:140943FC:SSL routines:SSL3_READ_BYTES:sslv3
alert bad record mac
This causes IO::Socket::SSL::start_SSL to not bless the socket, which causes
t/compatibility.t to get an error trying to call a virual function on a class
that is not inherited from IO::Socket::SSL.
So, the reason why connect_SSL fails?
I dont know, but if I compile openssl 0.9.8 or 0.9.8a from official openssl
source on this box, then build Net_SSLeay against it, there are no errors
with IO::Socket::SSL
Therefore I suspect its some sort of problem in the debian package of
openssl0.9.8a.
>
> BTW this email from you was delayed for 3 days. I only got it on Saturday.
> I wonder why?
>
> Cheers.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
More information about the Net-ssleay-devel
mailing list