Package: libnet-ssleay-perl
Version: 1.85-1
Severity: important
There is openssl 1.1.1-pre4 in experimental right now and
libnet-ssleay-perl fails the testsuite with it. I was playing with it
for the last month or so and already figured out a few things. This is
t/local/07_sslecho.t I refer here to.
The SSL_read() and SSL_write() wrapper need to handle a possible retry.
The man-page for both function [0] says that it might need to be retried
with the same arguments. With the following hunk:
diff --git a/SSLeay.xs b/SSLeay.xs
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -1999,7 +1999,17 @@ SSL_read(s,max=32768)
int got;
PPCODE:
New(0, buf, max, char);
- got = SSL_read(s, buf, max);
+
+ do {
+ int err;
+
+ got = SSL_read(s, buf, max);
+ if (got > 0)
+ break;
+ err = SSL_get_error(s, got);
+ if (err != SSL_ERROR_WANT_READ)
+ break;
+ } while (1);
/* If in list context, return 2-item list:
* first return value: data gotten, or undef on error (got<0)
@@ -2051,10 +2061,20 @@ SSL_write(s,buf)
SSL * s
PREINIT:
STRLEN len;
+ int err;
+ int ret;
INPUT:
char * buf = SvPV( ST(1), len);
CODE:
- RETVAL = SSL_write (s, buf, (int)len);
+ do {
+ ret = SSL_write (s, buf, (int)len);
+ if (ret > 0)
+ break;
+ err = SSL_get_error(s, ret);
+ if (err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
+ RETVAL = ret;
OUTPUT:
RETVAL
@@ -2083,8 +2103,20 @@ SSL_write_partial(s,from,count,buf)
if (len < 0) {
croak("from beyound end of buffer");
RETVAL = -1;
- } else
- RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
+ } else {
+ int ret;
+ int err;
+
+ do {
+ ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
+ if (ret > 0)
+ break;
+ err = SSL_get_error(s, ret);
+ if (err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
+ RETVAL = ret;
+ }
OUTPUT:
RETVAL
I was able to let the test-suite continue a little further. As per
upstream [1] this was always the case it worked by coincidence before.
The next thing is that step 24 within 07_sslecho.t blocks forever. As it
turns out one side does "shutdown $s, 2;" (around line 170) while the
other does a read+write operation. In "older" openssl is seems to just
work but in the newer one SIGPIPE is received and this seems to
stall/block the test case. By adding:
index 5e16b04b55ea..c60afccc0051 100644
--- a/t/local/07_sslecho.t
+++ b/t/local/07_sslecho.t
@@ -14,6 +14,7 @@ BEGIN {
}
plan tests => 78;
+$SIG{'PIPE'} = 'IGNORE';
my $sock;
my $pid;
(
it does not stall anymore but complains about the return value from
write:
ok 21 - get_cipher
ok 22 - get_shared_ciphers
ok 23 - ssl_read_all
not ok 24 - ssl_write_all
# Failed test 'ssl_write_all'
# at t/local/07_sslecho.t line 88.
ok 25 - new
This should be okay since the other side never reads anything and just
shutdowns the socket.
Could you please take a look and forward it upstream?
[0] https://manpages.debian.org/stretch/libssl-doc/SSL_read.3ssl.en.html#WARNING
[1] https://github.com/openssl/openssl/issues/5637#issuecomment-381364019
Sebastian
