r29961 - in /trunk/libio-socket-ssl-perl: Changes README.Win32 SSL.pm debian/changelog
ansgar-guest at users.alioth.debian.org
ansgar-guest at users.alioth.debian.org
Fri Jan 23 20:09:08 UTC 2009
Author: ansgar-guest
Date: Fri Jan 23 20:09:05 2009
New Revision: 29961
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=29961
Log:
New upstream release.
Modified:
trunk/libio-socket-ssl-perl/Changes
trunk/libio-socket-ssl-perl/README.Win32
trunk/libio-socket-ssl-perl/SSL.pm
trunk/libio-socket-ssl-perl/debian/changelog
Modified: trunk/libio-socket-ssl-perl/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/Changes?rev=29961&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/Changes (original)
+++ trunk/libio-socket-ssl-perl/Changes Fri Jan 23 20:09:05 2009
@@ -1,10 +1,17 @@
+
+v1.21 2009.01.22
+- auto verification of name in certificate created circular reference between
+ SSL and CTX object with the verify_callback, which caused the objects to be
+ destroyed only at program end. Fix it be no longer access $self from inside
+ the callback.
+ Thanks to odenbach[AT]uni-paderborn[DOT]de for reporting
v1.20 2009.01.15
- only changes on test suite to make it ready for win32
(tested with strawberry perl 5.8.8)
v1.19 2008.12.31
-- fix verfycn_name autodetection from PeerAddr/PeerHost
+- fix verifycn_name autodetection from PeerAddr/PeerHost
v1.18 2008.11.17
- fixed typo in argument: wildcars_in_cn -> wildcards_in_cn
Modified: trunk/libio-socket-ssl-perl/README.Win32
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/README.Win32?rev=29961&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/README.Win32 (original)
+++ trunk/libio-socket-ssl-perl/README.Win32 Fri Jan 23 20:09:05 2009
@@ -4,5 +4,3 @@
non-blocking).
See also http://www.perlmonks.org/?node_id=378675
-Because fork() on Win32 is just an incomplete implementation using threads
-the tests might block, e.g. the test suite will not succeed.
Modified: trunk/libio-socket-ssl-perl/SSL.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/SSL.pm?rev=29961&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/SSL.pm (original)
+++ trunk/libio-socket-ssl-perl/SSL.pm Fri Jan 23 20:09:05 2009
@@ -66,7 +66,7 @@
}) {
@ISA = qw(IO::Socket::INET);
}
- $VERSION = '1.20';
+ $VERSION = '1.21';
$GLOBAL_CONTEXT_ARGS = {};
#Make $DEBUG another name for $Net::SSLeay::trace
@@ -246,31 +246,31 @@
my $vcn_scheme = delete $arg_hash->{SSL_verifycn_scheme};
if ( $vcn_scheme && $vcn_scheme ne 'none' ) {
+ # don't access ${*self} inside callback - this seems to create
+ # circular references from the ssl object to the context and back
+
+ # use SSL_verifycn_name or determine from PeerAddr
+ my $host = $arg_hash->{SSL_verifycn_name};
+ if (not defined($host)) {
+ if ( $host = $arg_hash->{PeerAddr} || $arg_hash->{PeerHost} ) {
+ $host =~s{:\w+$}{};
+ }
+ }
+ $host ||= ref($vcn_scheme) && $vcn_scheme->{callback} && 'unknown';
+ $host or return $self->error( "Cannot determine peer hostname for verification" );
+
my $vcb = $arg_hash->{SSL_verify_callback};
$arg_hash->{SSL_verify_callback} = sub {
- my ($ok,$ctx_store,$cert,$error) = @_;
- $ok = $vcb->($ok,$ctx_store,$cert,$error) if $vcb;
+ my ($ok,$ctx_store,$certname,$error,$cert) = @_;
+ $ok = $vcb->($ok,$ctx_store,$certname,$error,$cert) if $vcb;
$ok or return;
my $depth = Net::SSLeay::X509_STORE_CTX_get_error_depth($ctx_store);
return $ok if $depth != 0;
- # use SSL_peer_hostname or determine from PeerAddr
- my $arg_hash = ${*$self}{_SSL_arguments};
- my $host = $arg_hash->{SSL_verifycn_name};
- if (not defined($host)) {
- if ( $host = $arg_hash->{PeerAddr} || $arg_hash->{PeerHost} ) {
- $host =~s{:\w+$}{};
- }
- }
- $host ||= ref($vcn_scheme) && $vcn_scheme->{callback} && 'unknown';
- $host or return $self->error( "Cannot determine peer hostname for verification" );
-
# verify name
- my $x509 = Net::SSLeay::X509_STORE_CTX_get_current_cert($ctx_store);
- my $rv = verify_hostname_of_cert( $host,$x509,$vcn_scheme );
+ my $rv = verify_hostname_of_cert( $host,$cert,$vcn_scheme );
# just do some code here against optimization because x509 has no
# increased reference and CRYPTO_add is not available from Net::SSLeay
- DEBUG(99999,"don't to anything with $x509" );
return $rv;
};
}
@@ -948,8 +948,8 @@
{
my %dispatcher = (
- issuer => sub { Net::SSLeay::X509_NAME_oneline( Net::SSLeay::X509_get_issuer_name( shift )) },
- subject => sub { Net::SSLeay::X509_NAME_oneline( Net::SSLeay::X509_get_subject_name( shift )) },
+ issuer => sub { Net::SSLeay::X509_NAME_oneline( Net::SSLeay::X509_get_issuer_name( shift )) },
+ subject => sub { Net::SSLeay::X509_NAME_oneline( Net::SSLeay::X509_get_subject_name( shift )) },
);
if ( $Net::SSLeay::VERSION >= 1.30 ) {
# I think X509_NAME_get_text_by_NID got added in 1.30
@@ -1410,16 +1410,16 @@
my $verify_cb = $arg_hash->{SSL_verify_callback};
my $verify_callback = $verify_cb && sub {
my ($ok, $ctx_store) = @_;
- my ($cert, $error);
+ my ($certname,$cert,$error);
if ($ctx_store) {
$cert = Net::SSLeay::X509_STORE_CTX_get_current_cert($ctx_store);
$error = Net::SSLeay::X509_STORE_CTX_get_error($ctx_store);
- $cert &&= Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert)).
+ $certname = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert)).
Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_subject_name($cert));
$error &&= Net::SSLeay::ERR_error_string($error);
}
DEBUG(3, "ok=$ok cert=$cert" );
- return $verify_cb->($ok, $ctx_store, $cert, $error);
+ return $verify_cb->($ok,$ctx_store,$certname,$error,$cert);
};
Net::SSLeay::CTX_set_verify($ctx, $verify_mode, $verify_callback);
Modified: trunk/libio-socket-ssl-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/debian/changelog?rev=29961&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/debian/changelog (original)
+++ trunk/libio-socket-ssl-perl/debian/changelog Fri Jan 23 20:09:05 2009
@@ -1,12 +1,12 @@
-libio-socket-ssl-perl (1.20-1) UNRELEASED; urgency=low
-
- [ Ansgar Burchardt ]
- * NOTE: 1.20 has only changes to t/*. No upload needed.
+libio-socket-ssl-perl (1.21-1) unstable; urgency=low
[ Rene Mayorga ]
* debian/control: update my email address.
- -- Rene Mayorga <rmayorga at debian.org> Tue, 20 Jan 2009 01:27:41 -0600
+ [ Ansgar Burchardt ]
+ * New upstream release.
+
+ -- Ansgar Burchardt <ansgar at 43-1.org> Fri, 23 Jan 2009 21:08:24 +0100
libio-socket-ssl-perl (1.19-1) unstable; urgency=low
More information about the Pkg-perl-cvs-commits
mailing list