Package: libio-socket-ssl-perl
Version: 0.998-1
Severity: important

After some recent unstable upgrades, one of my perl programs could no
longer connect to SSL servers.  The problem appears to be an interaction
between IO::Socket::INET, IO::Socket::SSL, and Net::HTTPS.  I believe it
was a change in IO::Socket::SSL that triggered it, so I'm filing the bug
here (even if IO::Socket::SSL is not necessarily to blame) to make you
aware of it.  I suppose you can either work around the issue or pass the
buck to libww-perl.

First, here is a test program that demonstrates the problem:

    #!/usr/bin/perl

    use IO::Socket::SSL ();
    use Net::HTTPS ();

    my $s = Net::HTTPS->new(
                PeerAddr        => "localhost:443",
            )
        or die "problem connecting";

This program will die without even trying to connect.  Here is a
backtrace just before the failure:

    $ = Net::HTTPS::blocking(ref(Net::HTTPS), 1) called from file 
`/usr/lib/perl/5.8/IO/Socket/INET.pm' line 150
    $ = IO::Socket::INET::configure(ref(Net::HTTPS), ref(HASH)) called from 
file `/usr/share/perl5/IO/Socket/SSL.pm' line 97
    $ = IO::Socket::SSL::configure(ref(Net::HTTPS), ref(HASH)) called from file 
`/usr/share/perl5/Net/HTTPS.pm' line 43
    $ = Net::HTTPS::http_connect(ref(Net::HTTPS), ref(HASH)) called from file 
`/usr/share/perl5/Net/HTTP/Methods.pm' line 49
    $ = Net::HTTP::Methods::http_configure(ref(Net::HTTPS), ref(HASH)) called 
from file `/usr/share/perl5/Net/HTTPS.pm' line 38
    $ = Net::HTTPS::configure(ref(Net::HTTPS), ref(HASH)) called from file 
`/usr/lib/perl/5.8/IO/Socket.pm' line 48
    $ = IO::Socket::new('Net::HTTPS', 'PeerAddr', 'localhost:443', 'Proto', 
'tcp') called from file `/usr/lib/perl/5.8/IO/Socket/INET.pm' line 32
    $ = IO::Socket::INET::new('Net::HTTPS', 'PeerAddr', 'localhost:443', 
'Proto', 'tcp') called from file `try' line 6

Note that in IO::Socket::SSL::configure line 93 forces the socket to be
blocking:

    $arg_hash->{Blocking} = 1;

IO::Socket::INET::configure line 149 takes this to mean

    if (defined $arg->{Blocking}) {
        defined $sock->blocking($arg->{Blocking})
            or return _error($sock, $!, "$!");
    }

Unfortunately, Net::HTTPS::blocking does not return a defined value.
Net::HTTP is probably broken here, but I'm giving IO::Socket::SSL the
bug first because setting the socket to blocking in
IO::Socket::SSL::configure appears to be new behavior.  You can reassign
to libwww-perl if you'd like.

Oh, there is an additional twist:  IO::Socket::SSL must be loaded before
Net::HTTPS, or the latter will prefer to use Net::SSL instead.

I am using libwww-perl (Net::HTTPS) 5.805-1 and perl-base
(IO::Socket::INET) 5.8.8-6.1.  I have upgraded many packages since my
program was known to work.  I believe it was working with perl-base
5.8.8-6, libio-socket-ssl-perl 0.97-2, and the same libwww-perl.  It
looks like the relevant code in IO::Socket::INET did not change.
However, the blocking setting was not in IO::Socket::SSL 0.97-2.

Oh dear, I just discovered that further complications arise from the
same problem.  In IO::Socket::SSL::write, the call to $self->blocking
goes very wrong, because it is made in list context and
Net::HTTPS::blocking returns an empty list.  Well, after making
Net::HTTPS::blocking return 0, my program is working again.  But it's
not clear that this is a complete solution.

Andrew

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (800, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libio-socket-ssl-perl depends on:
ii  libnet-ssleay-perl            1.30-1     Perl module for Secure Sockets Lay
ii  netbase                       4.25       Basic TCP/IP networking system
ii  perl                          5.8.8-6.1  Larry Wall's Practical Extraction 

libio-socket-ssl-perl recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to