Hi Kurt, On Sun, Jan 31, 2016 at 08:34:44PM +0100, Kurt Roeckx wrote: > On Sat, Jan 30, 2016 at 10:51:06PM +0100, Salvatore Bonaccorso wrote: > > Hi Niko, > > > > On Sat, Jan 30, 2016 at 09:24:26PM +0200, Niko Tyni wrote: > > > On Sat, Jan 30, 2016 at 12:03:27PM +0200, Niko Tyni wrote: > > > > Package: libio-socket-ssl-perl > > > > Version: 2.022-1 > > > > Severity: serious > > > > X-Debbugs-Cc: open...@packages.debian.org > > > > > > > > The libio-socket-ssl-perl started hanging in its test suite > > > > with libssl1.0.2 upgrade from 1.0.2e-1 to 1.0.2f-2. > > > > > > > > The hanging test is t/startssl-failed.t, and running it > > > > manually shows > > > > > > > > perl t/startssl-failed.t > > > > 1..9 > > > > ok #Server Initialization > > > > ok #client tcp connect > > > > ok #tcp accept > > > > ok #send non-ssl data > > > > > > It's looping in IO::Socket::SSL::stop_SSL, repeatedly getting 0 from > > > Net::SSLeay::shutdown(), which seems to be just a thin wrapper for > > > the libssl SSL_shutdown(). > > > > > > Reverting > > > > > > https://github.com/openssl/openssl/commit/f73c737c7ac908c5d6407c419769123392a3b0a9 > > > makes things work again. > > > > > > Kurt, which one do you think is wrong? > > > > FTR, Upstream has released a new version (I have imported in our git > > repo already): > > > > 2.023 2016/01/30 > > - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS > > connection > > was not fully established (commit: > > f73c737c7ac908c5d6407c419769123392a3b0a9). > > This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep > > trying) > > which caused an endless loop. It will now ignore this result in case the > > TLS > > connection was not yet established and consider the TLS connection closed > > instead. > > > > But this does not seem to fully resolve the issue yet. When I try to > > build the testsuite still get stuck. > > So as I understand it, the problem is that the client just sends > crap, the server tells the client it sends crap, but then waits > for the client to properly terminate the question which it never > does? > > It's at least not behaviour I can reproducing using s_server, the > server actually closes the connection for me.
JFTR, the additional problem is unrelated to the OpenSSL change. I (and as well Gregor) was able to reproduce it in the pbuilder setup when using the default USENETWORK=no (but not if switching to USENETWORK=yes). So #813189 on its own can be considered resolved. Should openssl maybe have a Breaks for the older libio-socket-ssl-perl version? Regards, Salvatore
