[Net-ssleay-devel] IO::Socket::SSL failures caused by Net::SSLeay
linked against openssl 0.9.8
Florian Ragwitz
rafl at debian.org
Fri Dec 9 00:51:39 UTC 2005
Sorry for the delay, thanks for the reminder.
On Sat, Dec 03, 2005 at 04:33:56PM +1000, Mike McCauley wrote:
> Hello again Florian,
>
> On Saturday 03 December 2005 13:36, Mike McCauley wrote:
> > Hello Florian.
> >
> > On Thursday 01 December 2005 22:35, Florian Ragwitz wrote:
> > > On Thu, Dec 01, 2005 at 04:59:57PM +1000, Mike McCauley wrote:
> > > > Hello Florian,
> > > >
> > > > On Thursday 01 December 2005 12:09, Florian Ragwitz wrote:
> > > > > On Thu, Dec 01, 2005 at 09:54:29AM +1000, Mike McCauley wrote:
> > > > > > Hmmm, tested OK here with
> > > > > >
> > > > > > Debian 3.1r0a
> > > > > > perl, v5.8.4 part of default deb install
> > > > > > openssl 0.9.8a compiled locally with all defaults
> > > > > > Net_SSLeay 1.25 compiled locally with all defaults
> > > > > > IO-Socket-SSL 0.97 compiled locally with all defaults:
> > > > >
> > > > > That's stable. Please try unstable with the packages for all those
> > > > > modules.
> > > >
> > > > OK, I have tried with latest etch beta1 i386, using the prepackaged
> > > > perl 5.8.7
> > >
> > > Well, it doesn't matter what installer you use. Simply change the
> > > sarge(stable) or etch(testing) in /etc/apt/sources.list to unstable and
> > > run apt-get update; apt-get dist-upgrade;
> > >
> > > Then you're on the development version.
> >
> > OK, I can reproduce this problem now.
> >
> > The problem seems to be in the code inside the fork in IO::Socket::SSL
> > t/compatibility.t
> >
> > The code expects $class to be of type MyClass, but on this deb, it ends up
> > as class IO::Socket::INET (which does not know about issuer_name.
> >
> > I cant yet see why it doesnt work on deb unstable (actually I cant even see
> > why it does work on other platforms :-)
> > Il keep looking.
>
> Getting closer now.
>
> IO::Socket::SSL::connect_SSL fails to connect to the test server with an
> error:
> SSL connect attempt failederror:140943FC:SSL routines:SSL3_READ_BYTES:sslv3
> alert bad record mac
That's what I found as well when enabling tracing. The first error in
core.t is something like "wrong version number".
> This causes IO::Socket::SSL::start_SSL to not bless the socket, which causes
> t/compatibility.t to get an error trying to call a virual function on a class
> that is not inherited from IO::Socket::SSL.
>
> So, the reason why connect_SSL fails?
>
> I dont know, but if I compile openssl 0.9.8 or 0.9.8a from official openssl
> source on this box, then build Net_SSLeay against it, there are no errors
> with IO::Socket::SSL
>
> Therefore I suspect its some sort of problem in the debian package of
> openssl0.9.8a.
I'll try that out tomorrow and will contact the openssl maintainer if
necessary.
Regards,
Flo
--
BOFH excuse #343:
The ATM board has run out of 10 pound notes. We are having a whip round
to refill it, care to contribute ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/net-ssleay-devel/attachments/20051209/ef0fadfd/attachment.pgp
More information about the Net-ssleay-devel
mailing list