[Net-ssleay-devel] Net-SSLeay-1.33_01 X509_get_subjectAltNames segfaults on test.eonis.net:443

Steffen Ullrich Steffen_Ullrich at genua.de
Thu Jul 24 06:37:01 UTC 2008 

Hi,

Now that was fast.
Seems like 1.34 was released once you wrote this mail or shortly
before. The good thing is that IO::Socket::SSL 1.14 was also
released a few days ago and makes use of the features in 1.34.

Once I got 1.34 (it's so new, that I had to try some mirrors
to get it) it seems to work fine with IO::Socket::SSL 1.14,
but there are problems with the tests:

 | t/local/20_autoload............You tried to plan twice!  Second plan at t/local/20_autoload.t line 9
 | # Looks like your test died before it could output anything.
 | t/local/20_autoload............dubious
 |         Test returned status 255 (wstat 65280, 0xff00)
 | DIED. FAILED tests 1-6
 |         Failed 6/6 tests, 0.00% okay
 | t/local/31_rsa_generate_key....Can't locate Test/Exception.pm in @INC ...
 | BEGIN failed--compilation aborted at t/local/31_rsa_generate_key.t line 6.
 | # Looks like your test died before it could output anything.

If I install Test::Exception both tests work fine, so it's probably
a missing  or badly applied requirement (20_autoload first declares the plan
with 'use Test::More tests => 6' and later changes it to 'plan skip_all')

And then I would like to have
http://rt.cpan.org/Ticket/Display.html?id=35754
fixed, it's simple and I've even included the patch.

Regards,
Steffen


On Wed, Jul 23, 2008 at 09:39:50PM +0200, Christopher Odenbach <christopher at odenbachs.de> wrote:
> 
> Hi,
> 
> on the German Perl workshop 2008 we talked to Florian about some 
> Net::SSLeay bugs. The last thing I heard was:
> 
> Mike McCauley schrieb:
> >On Wednesday 20 February 2008 16:41, Steffen Ullrich wrote:
> >>It looks like that I did not make clear that I already send the bug report
> >>to Florian Ragwitz and that he is on it.
> >>Sorry for the duplicate bug report.
> >
> >OK, well, I have checked in a fix now.
> >I hope FR is not working on it too. Florian?
> 
> And that was it since February. Is there any progress going on? Some of 
> the bugs in 1.32 are quite serious and security related (e.g. perl 
> applications which use Net::LDAP are in _NO_ way able to verify the 
> hostname of the certificate against the name they are connecting to). So 
> we are waiting for an upcoming release which contains at least these bug 
> fixes (especially around X509_get_subjectAltNames).
> 
> Regards and thanks for the work,
> 
> Christopher

-- 
GeNUA Gesellschaft für Netzwerk - und Unix-Administration mbH
Domagkstr. 7, D-85551 Kirchheim. http://www.genua.de
Tel: (089) 99 19 50-0, Fax: (089) 99 10 50 - 999

Geschäftsführer: Dr. Magnus Harlander, Dr. Michaela Harlander,
Bernhard Schneck. Amtsgericht München HRB 98238

More information about the Net-ssleay-devel mailing list