@@ -1,6 +1,29 @@
Revision history for Crypt-SSLeay
=================================
+0.59_02 2012-03-08 16:16:03 UTC
+
+- Forgot to update Changes for 0.59_01. The following is a combined list of
+ the more important fixes incorporated in both.
+
+- Bug RT #64054: Handle incomplete reads/writes better
+
+- Bug RT #73754: Add LWP::Protocol::https to PREREQ_PM
+
+- Bug RT #73755: Crypt-SSLeay does not verify hosts (yet). Don't let that
+ cause a failure during tests.
+
+- Streamline t/02-live.t using Try::Tiny and done_testing
+
+- Plus assorted related small changes.
+
+0.58_01 2010-09-08 19:11:39 UTC
+
+- L<text|scheme:...> is not supported in POD for 5.8.5 and earlier.
+- TODOs in POD should stand out
+- Add /boot/common/ssl and some other directories to unix_ssl_dirs (see bug
+ #60936).
+
0.58 2010-08-25 14:06:30 UTC
- Bump version number for Crypt::SSLeay to 0.58 and Net::SSL to 2.85 in
@@ -15,10 +38,10 @@ Revision history for Crypt-SSLeay
- Fix for NO_PROXY support in Net::SSL (bug #57836)
- Bump Net::SSL version number to 2.84_02 after changes
- Fix file/dir permissions (bug #60338)
-- Review warnings when compiling SSLeay.xs against older versions of OpenSSL.
- Warnings are due to OpenSSL.
-- Add clarification regarding $ENV{HTTPS_CA_FILE} and $ENV{HTTPS_CA_DIR} to the
- POD.
+- Review warnings when compiling SSLeay.xs against older versions of
+ OpenSSL: Warnings are due to OpenSSL.
+- Add clarification regarding $ENV{HTTPS_CA_FILE} and $ENV{HTTPS_CA_DIR} to
+ the POD.
- Other POD related changes:
* Remove historic information in README about platforms where the package
was successfully built.
@@ -22,3 +22,4 @@ t/00-basic.t
t/01-connect.t
t/02-live.t
META.yml Module meta-data (added by MakeMaker)
+META.json Module JSON meta-data (added by MakeMaker)
@@ -9,3 +9,4 @@ MANIFEST.bak
Makefile$
Makefile.old
SSLeay\.(bs|c|o)$
+^.gitignore
@@ -0,0 +1,43 @@
+{
+ "abstract" : "OpenSSL support for LWP",
+ "author" : [
+ "A. Sinan Unur <nanis@cpan.org>"
+ ],
+ "dynamic_config" : 1,
+ "generated_by" : "ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.112621",
+ "license" : [
+ "perl_5"
+ ],
+ "meta-spec" : {
+ "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
+ "version" : "2"
+ },
+ "name" : "Crypt-SSLeay",
+ "no_index" : {
+ "directory" : [
+ "t",
+ "inc"
+ ]
+ },
+ "prereqs" : {
+ "build" : {
+ "requires" : {
+ "Test::More" : "0.88",
+ "Try::Tiny" : "0.09"
+ }
+ },
+ "configure" : {
+ "requires" : {
+ "ExtUtils::MakeMaker" : 0
+ }
+ },
+ "runtime" : {
+ "requires" : {
+ "LWP::Protocol::https" : "6.02",
+ "MIME::Base64" : 0
+ }
+ }
+ },
+ "release_status" : "testing",
+ "version" : "0.59_02"
+}
@@ -1,22 +1,24 @@
---- #YAML:1.0
-name: Crypt-SSLeay
-version: 0.58
-abstract: OpenSSL support for LWP
+---
+abstract: 'OpenSSL support for LWP'
author:
- - A. Sinan Unur <nanis@cpan.org>
-license: perl
-distribution_type: module
-configure_requires:
- ExtUtils::MakeMaker: 0
+ - 'A. Sinan Unur <nanis@cpan.org>'
build_requires:
- ExtUtils::MakeMaker: 0
-requires:
- MIME::Base64: 0
-no_index:
- directory:
- - t
- - inc
-generated_by: ExtUtils::MakeMaker version 6.56
+ Test::More: 0.88
+ Try::Tiny: 0.09
+configure_requires:
+ ExtUtils::MakeMaker: 0
+dynamic_config: 1
+generated_by: 'ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.112621'
+license: perl
meta-spec:
- url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: 1.4
+ url: http://module-build.sourceforge.net/META-spec-v1.4.html
+ version: 1.4
+name: Crypt-SSLeay
+no_index:
+ directory:
+ - t
+ - inc
+requires:
+ LWP::Protocol::https: 6.02
+ MIME::Base64: 0
+version: 0.59_02
@@ -53,7 +53,12 @@ WriteMakefile(
LIBS => ["@LIB_FLAGS"],
INC => "@INC_FLAGS",
NEEDS_LINKING => 1,
+ BUILD_REQUIRES => {
+ 'Try::Tiny' => '0.09',
+ 'Test::More' => '0.88',
+ },
PREREQ_PM => {
+ 'LWP::Protocol::https' => '6.02',
'MIME::Base64' => 0, # for Net::SSL
},
clean => {
@@ -270,15 +275,25 @@ sub vms_ssl_dirs {
);
}
+sub beos_ssl_dirs {
+ return qw(
+ /boot/common
+ /boot/common/openssl
+ /boot/common/ssl
+ );
+}
+
sub unix_ssl_dirs {
return qw(
- /local
- /local/ssl
- /opt/ssl
/usr
/usr/local
/usr/local/ssl
/usr/local/openssl
+ /local
+ /local/openssl
+ /local/ssl
+ /opt/openssl
+ /opt/ssl
);
}
@@ -356,6 +371,7 @@ sub possible_ssl_dirs {
}
return win32_ssl_dirs() if $^O eq 'MSWin32';
return vms_ssl_dirs() if $^O eq 'VMS';
+ return beos_ssl_dirs() if $^O eq 'haiku';
# Unix and the rest
return unix_ssl_dirs();
@@ -2,7 +2,7 @@ package Crypt::SSLeay;
use strict;
use vars '$VERSION';
-$VERSION = '0.58';
+$VERSION = '0.59_02';
eval {
require XSLoader;
@@ -290,8 +290,9 @@ L<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>
There is no sample CA cert file at this time for testing,
but you may configure F<eg/net-ssl-test> to use your CA cert
-with the -CAfile option. (TODO: then what is the F<./certs>
-directory in the distribution?)
+with the -CAfile option.
+
+(TODO: then what is the F<./certs> directory in the distribution?)
=head2 Creating a test certificate
@@ -314,8 +315,9 @@ The directives for enabling use of PKCS12 certificates is:
$ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
Use of this type of certificate takes precedence over previous
-certificate settings described. (TODO: unclear? Meaning "the
-presence of this type of certificate"?)
+certificate settings described.
+
+(TODO: unclear? Meaning "the presence of this type of certificate"?)
=head1 SSL versions
@@ -410,7 +412,7 @@ this distribution).
=item Net::SSLeay
-L<Net::SSLeay|Net::SSLeay> provides access to the OpenSSL API directly
+L<Net::SSLeay> provides access to the OpenSSL API directly
from Perl. See L<http://search.cpan.org/dist/Net-SSLeay/>.
=item OpenSSL binary packages for Windows
@@ -422,14 +424,13 @@ See L<http://www.openssl.org/related/binaries.html>.
=head1 SUPPORT
For use of Crypt::SSLeay & Net::SSL with Perl's LWP, please
-send email to L<libwww@perl.org|mailto:libwww@perl.org>.
+send email to L<mailto:libwww@perl.org>.
For OpenSSL or general SSL support, including issues associated with
building and installing OpenSSL on your system, please email the OpenSSL
-users mailing list at
-L<openssl-users@openssl.org|mailto:openssl-users@openssl.org>. See
-L<http://www.openssl.org/support/community.html> for other mailing lists
-and archives.
+users mailing list at L<mailto:openssl-users@openssl.org>. See
+L<http://www.openssl.org/support/community.html> for other mailing lists and
+archives.
Please report all bugs at
L<"http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay">.
@@ -129,9 +129,15 @@ SSL_CTX_new(packname, ssl_version)
ctx = SSL_CTX_new(SSLv3_client_method());
}
else {
- /* v2 is the default */
+#ifndef OPENSSL_NO_SSL2
+ /* v2 is the default */
ctx = SSL_CTX_new(SSLv2_client_method());
+#else
+ /* v3 is the default */
+ ctx = SSL_CTX_new(SSLv3_client_method());
+#endif
}
+
SSL_CTX_set_options(ctx,SSL_OP_ALL|0);
SSL_CTX_set_default_verify_paths(ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
@@ -282,7 +288,7 @@ SSL_write(ssl, buf, ...)
STRLEN blen;
int len;
int offset = 0;
- int n;
+ int keep_trying_to_write = 1;
INPUT:
char* buf = SvPV(ST(1), blen);
CODE:
@@ -304,12 +310,32 @@ SSL_write(ssl, buf, ...)
else {
len = blen;
}
- n = SSL_write(ssl, buf+offset, len);
- if (n >= 0) {
- RETVAL = newSViv(n);
- }
- else {
- RETVAL = &PL_sv_undef;
+
+ /* try to handle incomplete writes properly
+ * see RT #64054
+ */
+ while (keep_trying_to_write) {
+ int n = SSL_write(ssl, buf+offset, len);
+ if (n >= 0) {
+ keep_trying_to_write = 0;
+ RETVAL = newSViv(n);
+ }
+ else {
+ int x = SSL_get_error(ssl, n);
+ switch (x) {
+ case SSL_ERROR_ZERO_RETURN:
+ keep_trying_to_write = 0;
+ RETVAL = newSViv(n);
+ break;
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ break;
+ default:
+ keep_trying_to_write = 0;
+ RETVAL = &PL_sv_undef;
+ break;
+ }
+ }
}
OUTPUT:
RETVAL
@@ -322,7 +348,7 @@ SSL_read(ssl, buf, len,...)
char *buf;
STRLEN blen;
int offset = 0;
- int n;
+ int keep_trying_to_read = 1;
INPUT:
SV* sv = ST(1);
CODE:
@@ -349,15 +375,34 @@ SSL_read(ssl, buf, len,...)
SvGROW(sv, offset + len + 1);
buf = SvPVX(sv); /* it might have been relocated */
- n = SSL_read(ssl, buf+offset, len);
-
- if (n >= 0) {
- SvCUR_set(sv, offset + n);
- buf[offset + n] = '\0';
- RETVAL = newSViv(n);
- }
- else {
- RETVAL = &PL_sv_undef;
+ /* try to handle incomplete reads properly
+ * see RT #64054
+ */
+
+ while (keep_trying_to_read) {
+ int n = SSL_read(ssl, buf+offset, len);
+ if (n > 0) {
+ SvCUR_set(sv, offset + n);
+ buf[offset + n] = '\0';
+ keep_trying_to_read = 0;
+ RETVAL = newSViv(n);
+ }
+ else {
+ int x = SSL_get_error(ssl, n);
+ switch (x) {
+ case SSL_ERROR_ZERO_RETURN:
+ keep_trying_to_read = 0;
+ RETVAL = newSViv(n);
+ break;
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ break;
+ default:
+ keep_trying_to_read = 0;
+ RETVAL = &PL_sv_undef;
+ break;
+ }
+ }
}
OUTPUT:
RETVAL
diff --git a/var/tmp/source/NANIS/Crypt-SSLeay-0.58/Crypt-SSLeay-0.58/eg/lwp-ssl-test b/var/tmp/source/NANIS/Crypt-SSLeay-0.59_02/Crypt-SSLeay-0.59_02/eg/lwp-ssl-test
old mode 100644
new mode 100755
diff --git a/var/tmp/source/NANIS/Crypt-SSLeay-0.58/Crypt-SSLeay-0.58/eg/net-ssl-test b/var/tmp/source/NANIS/Crypt-SSLeay-0.59_02/Crypt-SSLeay-0.59_02/eg/net-ssl-test
old mode 100644
new mode 100755
@@ -367,15 +367,21 @@ sub proxy_connect_helper {
my $timeout;
my $header = '';
+
# See RT #33954
- while ( $header !~ m{HTTP/\d+\.\d+\s+200\s+.*$CRLF$CRLF}s ) {
+ # See also RT #64054
+ # Handling incomplete reads and writes better (for some values of
+ # better) may actually make this problem go away, but either way,
+ # there is no good reason to use \d when checking for 0-9
+
+ while ($header !~ m{HTTP/[0-9][.][0-9]\s+200\s+.*$CRLF$CRLF}) {
$timeout = $self->timeout(5) unless length $header;
my $n = $self->SUPER::sysread($header, 8192, length $header);
last if $n <= 0;
}
$self->timeout($timeout) if defined $timeout;
- my $conn_ok = ($header =~ /HTTP\/\d+\.\d+\s+200\s+/is) ? 1 : 0;
+ my $conn_ok = ($header =~ m{HTTP/[0-9]+[.][0-9]+\s+200\s+}is) ? 1 : 0;
if (not $conn_ok) {
croak("PROXY ERROR HEADER, could be non-SSL URL:\n$header");
@@ -1,119 +1,127 @@
use strict;
+use warnings;
+use Test::More;
+use Try::Tiny;
-use Test::More tests => 4;
+# Bail out early if network tests are not requested
BEGIN {
- # already tested, but no harm done
- use_ok( 'Net::SSL' );
-}
+ my ($filename) = 'test.config';
+ diag("Reading configuration from '$filename' on $^O");
-my $url = 'https://rt.cpan.org/';
+ open my $config, '<', $filename
+ or fail("Cannot open '$filename': $!");
-my @prereq;
+ my $network_tests;
-eval q{ use LWP::UserAgent };
-push @prereq, "LWP::UserAgent" if $@;
+ while (my $entry = <$config>) {
-eval q{ use HTTP::Request };
-push @prereq, "HTTP::Request" if $@;
+ $entry =~ s/^\s+//;
+ $entry =~ s/\s+\z//;
-my $network_tests;
-if (open IN, '<test.config') {
- diag("config on $^O");
- while (<IN>) {
- chomp;
- if (my ($key, $value) = ($_ =~ /\A(\S+)\s+(.*)/)) {
- if ($key eq 'network_tests') {
- $network_tests = $value;
- }
- elsif (grep {$key eq $_} qw(cc inc lib ssl)) {
- diag("$key $value");
- }
+ my ($key, $val) = split /[ \t]+/, $entry, 2;
+ diag("$key : $val");
+
+ if ($key eq 'network_tests') {
+ $network_tests = $val;
}
}
- close IN;
+
+ unless ($network_tests) {
+ plan skip_all => "Network tests disabled";
+ }
}
-my $PROXY_ADDR_PORT = 'localhost:3128';
+# Make sure prerequisites are there
-sub live_connect {
- my $hr = shift;
- local $ENV{HTTPS_PROXY} = $PROXY_ADDR_PORT;
+BEGIN {
+ use_ok('Net::SSL');
+ use_ok('LWP::UserAgent');
+ use_ok('LWP::Protocol::https');
+ use_ok('HTTP::Request');
+}
- # always true if we've been instructed to skip the attempt
- return 1 unless $network_tests;
+use constant URL => 'https://rt.cpan.org/';
+use constant PROXY_ADDR_PORT => 'localhost:3128';
- my $sock = Net::SSL->new(
- PeerAddr => 'rt.cpan.org',
- PeerPort => 443,
- Timeout => 10,
- );
+test_connect_through_proxy(PROXY_ADDR_PORT);
- return defined($sock) ? 1 : 0;
- # $sock will be garbage collected and the connection torn down
-}
+test_connect(URL);
-my $test_name = 'connect through proxy';
-Net::SSL::send_useragent_to_proxy(0);
-eval { live_connect( {chobb => 'schoenmaker'} ) };
-my $err = $@;
-if (length $err == 0) {
- pass( $test_name );
- $err = 0;
-}
-else {
- if ($err =~ /^proxy connect failed: proxy connect to $PROXY_ADDR_PORT failed: / ) {
- pass( "$test_name - no proxy available" );
- }
- else {
- fail( "$test_name - untrapped error" );
- diag($@);
- }
- $err = 1;
-}
+done_testing;
+
+sub test_connect_through_proxy {
+ my ($proxy) = @_;
-SKIP: {
- skip( "no proxy found at $PROXY_ADDR_PORT", 1 )
- if $err;
+ my $test_name = 'connect through proxy';
+ Net::SSL::send_useragent_to_proxy(0);
- Net::SSL::send_useragent_to_proxy(1);
- my $test_name = 'connect through proxy, forward user agent';
- eval { live_connect( {chobb => 'schoenmaker'} ) };
- $err = $@;
+ my $no_proxy;
- TODO: {
- if ($network_tests) {
- local $TODO = "caller stack walk broken (CPAN bug #4759)";
- is( $err, '', "can forward useragent string to proxy" );
+ try {
+ live_connect({ chobb => 'schoenmaker'});
+ }
+ catch {
+ if (/^proxy connect failed: proxy connect to $proxy failed: /) {
+ pass("$test_name - no proxy available");
}
else {
- pass("can forward useragent string to proxy (network tests disabled)" );
+ fail("$test_name - untrapped error");
+ diag($_);
+ }
+ $no_proxy = 1;
+ };
+
+ pass($test_name);
+
+ SKIP: {
+ if ($no_proxy) {
+ skip(sprintf('no proxy found at %s', PROXY_ADDR_PORT), 1);
}
+
+ Net::SSL::send_useragent_to_proxy(1);
+
+ try {
+ live_connect( {chobb => 'schoenmaker'} );
+ }
+ catch {
+ TODO: {
+ local $TODO = "caller stack walk broken (CPAN bug #4759)";
+ is($_, '', "can forward useragent string to proxy");
+ }
+ };
}
+
+ return;
}
-SKIP: {
- my $nr_live_tests = 1;
- skip( "Cannot load prerequisite modules @prereq", $nr_live_tests ) if @prereq;
- skip( "Network tests disabled", $nr_live_tests ) unless $network_tests;
+sub test_connect {
+ my ($url) = @_;
+
+ diag('[RT #73755] Cheat by disabling LWP::UserAgent host verification');
+
+ my $ua = LWP::UserAgent->new(
+ agent => "Crypt-SSLeay $Crypt::SSLeay::VERSION tester",
+ ssl_opts => { verify_hostname => 0 },
+ );
- my $ua = LWP::UserAgent->new;
- $ua->agent('Crypt-SSLeay tester ');
my $req = HTTP::Request->new;
- my $url = 'https://rt.cpan.org/';
$req->method('HEAD');
$req->uri($url);
my $test_name = 'HEAD https://rt.cpan.org/';
my $res;
- eval { $res = $ua->request($req) };
- if ($@) {
- my $err = $@;
- fail($test_name);
- diag("eval error = [$err]");
+
+ try {
+ $res = $ua->request($req);
}
- elsif ($res->is_success) {
+ catch {
+ fail($test_name);
+ diag("Error: '$_'");
+ };
+
+ if ($res->is_success) {
pass($test_name);
}
else {
@@ -121,4 +129,21 @@ SKIP: {
diag("HTTP status = ", $res->status_line);
diag("This may not be the fault of the module, $url may be down");
}
+
+ return;
}
+
+sub live_connect {
+ my $hr = shift;
+
+ local $ENV{HTTPS_PROXY} = PROXY_ADDR_PORT;
+
+ my $socket = Net::SSL->new(
+ PeerAddr => 'rt.cpan.org',
+ PeerPort => 443,
+ Timeout => 10,
+ );
+
+ return defined $socket;
+}
+