@@ -1,3 +1,24 @@
+2.006 2014/11/22
+- Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead of
+ EAGAIN. While this is the same on UNIX it is different on Windows and socket
+ operations return there (WSA)EWOULDBLOCK and not EAGAIN. Enable non-blocking
+ tests on Windows too.
+- make PublicSuffix::_default_data thread safe
+- update PublicSuffix with latest list from publicsuffix.org
+2.005 2014/11/15
+- next try to fix t/protocol_version.t for OpenSSL w/o SSLv3 support
+2.004 2014/11/15
+- only test fix: fix t/protocol_version.t to deal with OpenSSL installations
+ which are compiled without SSLv3 support.
+2.003 2014/11/14
+- make SSLv3 available even if the SSL library disables it by default in
+ SSL_CTX_new (like done in LibreSSL). Default will stay to disable SSLv3,
+ so this will be only done when setting SSL_version explicitly.
+- fix possible segmentation fault when trying to use an invalid certificate,
+ reported by Nick Andrew.
+- Use only the ICANN part of the default public suffix list and not the
+ private domains. This makes existing exceptions for s3.amazonaws.com and
+ googleapis.com obsolete. Thanks to Gervase Markham from mozilla.org.
2.002 2014/10/21
- fix check for (invalid) IPv4 when validating hostname against certificate. Do
not use inet_aton any longer because it can cause DNS lookups for malformed
@@ -50,6 +50,7 @@ t/mitm.t
t/nonblock.t
t/npn.t
t/plain_upgrade_downgrade.t
+t/protocol_version.t
t/public_suffix_lib_encode_idn.t
t/public_suffix_lib_libidn.t
t/public_suffix_lib.pl
@@ -69,4 +70,5 @@ t/verify_fingerprint.t
t/verify_hostname_standalone.t
t/verify_hostname.t
util/analyze-ssl.pl
-META.yml Module meta-data (added by MakeMaker)
+META.yml Module YAML meta-data (added by MakeMaker)
+META.json Module JSON meta-data (added by MakeMaker)
@@ -0,0 +1,54 @@
+{
+ "abstract" : "Nearly transparent SSL encapsulation for IO::Socket::INET.",
+ "author" : [
+ "Steffen Ullrich <sullr@cpan.org>, Peter Behroozi, Marko Asplund"
+ ],
+ "dynamic_config" : 1,
+ "generated_by" : "ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version 2.120630",
+ "license" : [
+ "perl_5"
+ ],
+ "meta-spec" : {
+ "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
+ "version" : "2"
+ },
+ "name" : "IO-Socket-SSL",
+ "no_index" : {
+ "directory" : [
+ "t",
+ "inc"
+ ]
+ },
+ "prereqs" : {
+ "build" : {
+ "requires" : {
+ "ExtUtils::MakeMaker" : "0"
+ }
+ },
+ "configure" : {
+ "requires" : {
+ "ExtUtils::MakeMaker" : "0"
+ }
+ },
+ "runtime" : {
+ "requires" : {
+ "Net::SSLeay" : "1.46",
+ "Scalar::Util" : "0"
+ }
+ }
+ },
+ "release_status" : "stable",
+ "resources" : {
+ "bugtracker" : {
+ "web" : "https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL"
+ },
+ "homepage" : "https://github.com/noxxi/p5-io-socket-ssl",
+ "license" : [
+ "http://dev.perl.org/licenses/"
+ ],
+ "repository" : {
+ "url" : "https://github.com/noxxi/p5-io-socket-ssl"
+ }
+ },
+ "version" : "2.006"
+}
@@ -1,28 +1,28 @@
---- #YAML:1.0
-name: IO-Socket-SSL
-version: 2.002
-abstract: Nearly transparent SSL encapsulation for IO::Socket::INET.
+---
+abstract: 'Nearly transparent SSL encapsulation for IO::Socket::INET.'
author:
- - Steffen Ullrich <sullr@cpan.org>, Peter Behroozi, Marko Asplund
-license: perl
-distribution_type: module
-configure_requires:
- ExtUtils::MakeMaker: 0
+ - 'Steffen Ullrich <sullr@cpan.org>, Peter Behroozi, Marko Asplund'
build_requires:
- ExtUtils::MakeMaker: 0
+ ExtUtils::MakeMaker: '0'
+configure_requires:
+ ExtUtils::MakeMaker: '0'
+dynamic_config: 1
+generated_by: 'ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version 2.120630'
+license: perl
+meta-spec:
+ url: http://module-build.sourceforge.net/META-spec-v1.4.html
+ version: '1.4'
+name: IO-Socket-SSL
+no_index:
+ directory:
+ - t
+ - inc
requires:
- Net::SSLeay: 1.46
- Scalar::Util: 0
+ Net::SSLeay: '1.46'
+ Scalar::Util: '0'
resources:
- bugtracker: https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL
- homepage: https://github.com/noxxi/p5-io-socket-ssl
- license: http://dev.perl.org/licenses/
- repository: https://github.com/noxxi/p5-io-socket-ssl
-no_index:
- directory:
- - t
- - inc
-generated_by: ExtUtils::MakeMaker version 6.57_05
-meta-spec:
- url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: 1.4
+ bugtracker: https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL
+ homepage: https://github.com/noxxi/p5-io-socket-ssl
+ license: http://dev.perl.org/licenses/
+ repository: https://github.com/noxxi/p5-io-socket-ssl
+version: '2.006'
@@ -61,7 +61,7 @@ sub _ssl_accept {
# setup the client
${*$fdc}{rbuf} = ${*$fdc}{wbuf} = '';
event_new( $fdc, EV_READ, \&_client_read_header )->add;
- } elsif ( $! != EAGAIN ) {
+ } elsif ( $! != EWOULDBLOCK ) {
die "new client failed: $!|$SSL_ERROR";
} else {
DEBUG( "new client need to retry accept: $SSL_ERROR" );
@@ -88,7 +88,7 @@ sub _client_read_header {
my $rbuf_ref = \${*$fdc}{rbuf};
my $n = sysread( $fdc,$$rbuf_ref,8192,length($$rbuf_ref));
if ( !defined($n)) {
- die $! if $! != EAGAIN;
+ die $! if $! != EWOULDBLOCK;
DEBUG( $SSL_ERROR );
if ( $SSL_ERROR == SSL_WANT_WRITE ) {
# retry read once I can write
@@ -130,7 +130,7 @@ sub _client_write_response {
my $fdc = $event->fh;
my $wbuf_ref = \${*$fdc}{wbuf};
my $n = syswrite( $fdc,$$wbuf_ref );
- if ( !defined($n) && $! == EAGAIN) {
+ if ( !defined($n) && $! == EWOULDBLOCK) {
# retry
DEBUG( $SSL_ERROR );
if ( $SSL_ERROR == SSL_WANT_READ ) {
@@ -292,11 +292,9 @@ sub public_suffix {
my $data;
sub _default_data {
if ( ! defined $data ) {
- $data = do { local $/; <DATA> };
- # known exceptions of behavior of SSL certificates from PSL
- $data .= "!googleapis.com\n";
- $data .= "!s3.amazonaws.com\n"; # RT#99702
-
+ $data = _builtin_data();
+ $data =~s{^// ===END ICANN DOMAINS.*}{}ms
+ or die "cannot find END ICANN DOMAINS";
}
return $data;
}
@@ -311,8 +309,15 @@ sub update_self_from_url {
local $/ = "\n";
while (<$fh>) {
$code .= $_;
- $code =~m{\A__DATA__\r?\n\Z} and last;
+ m{<<\'END_BUILTIN_DATA\'} and last;
+ }
+ my $tail;
+ while (<$fh>) {
+ m{\AEND_BUILTIN_DATA\r?\n} or next;
+ $tail = $_;
+ last;
}
+ $tail .= do { local $/; <$fh> };
close($fh);
require LWP::UserAgent;
@@ -337,11 +342,10 @@ sub update_self_from_url {
}
open( $fh,'>:utf8',$dst ) or die "open $dst: $!";
- print $fh $code;
+ print $fh $code.$tail;
}
-1;
-__DATA__
+sub _builtin_data { return <<'END_BUILTIN_DATA' }
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
@@ -1942,7 +1946,7 @@ jobs
// jp : http://en.wikipedia.org/wiki/.jp
// http://jprs.co.jp/en/jpdomain.html
-// Submitted by registry <info@jprs.jp> 2014-02-28
+// Submitted by registry <info@jprs.jp> 2014-10-30
jp
// jp organizational type names
ac.jp
@@ -1954,7 +1958,7 @@ gr.jp
lg.jp
ne.jp
or.jp
-// jp preficture type names
+// jp prefecture type names
aichi.jp
akita.jp
aomori.jp
@@ -2002,6 +2006,53 @@ wakayama.jp
yamagata.jp
yamaguchi.jp
yamanashi.jp
+xn--4pvxs.jp
+xn--vgu402c.jp
+xn--c3s14m.jp
+xn--f6qx53a.jp
+xn--8pvr4u.jp
+xn--uist22h.jp
+xn--djrs72d6uy.jp
+xn--mkru45i.jp
+xn--0trq7p7nn.jp
+xn--8ltr62k.jp
+xn--2m4a15e.jp
+xn--efvn9s.jp
+xn--32vp30h.jp
+xn--4it797k.jp
+xn--1lqs71d.jp
+xn--5rtp49c.jp
+xn--5js045d.jp
+xn--ehqz56n.jp
+xn--1lqs03n.jp
+xn--qqqt11m.jp
+xn--kbrq7o.jp
+xn--pssu33l.jp
+xn--ntsq17g.jp
+xn--uisz3g.jp
+xn--6btw5a.jp
+xn--1ctwo.jp
+xn--6orx2r.jp
+xn--rht61e.jp
+xn--rht27z.jp
+xn--djty4k.jp
+xn--nit225k.jp
+xn--rht3d.jp
+xn--klty5x.jp
+xn--kltx9a.jp
+xn--kltp7d.jp
+xn--uuwu58a.jp
+xn--zbx025d.jp
+xn--ntso0iqx3a.jp
+xn--elqq16h.jp
+xn--4it168d.jp
+xn--klt787d.jp
+xn--rny31h.jp
+xn--7t0a264c.jp
+xn--5rtq34k.jp
+xn--k7yn95e.jp
+xn--tor131o.jp
+xn--d5qv7z876c.jp
// jp geographic type names
// http://jprs.jp/doc/rule/saisoku-1.html
*.kawasaki.jp
@@ -5600,27 +5651,30 @@ gop.pk
gos.pk
info.pk
-// pl : http://www.dns.pl/english/
+// pl http://www.dns.pl/english/index.html
+// confirmed on 26.09.2014 from Bogna Tchórzewska <partner@dns.pl>
pl
-// NASK functional domains (nask.pl / dns.pl) : http://www.dns.pl/english/dns-funk.html
+com.pl
+net.pl
+org.pl
+info.pl
+waw.pl
+gov.pl
+// pl functional domains (http://www.dns.pl/english/index.html)
aid.pl
agro.pl
atm.pl
auto.pl
biz.pl
-com.pl
edu.pl
gmina.pl
gsm.pl
-info.pl
mail.pl
miasta.pl
media.pl
mil.pl
-net.pl
nieruchomosci.pl
nom.pl
-org.pl
pc.pl
powiat.pl
priv.pl
@@ -5636,12 +5690,7 @@ tm.pl
tourism.pl
travel.pl
turystyka.pl
-// ICM functional domains (icm.edu.pl)
-6bone.pl
-art.pl
-mbone.pl
// Government domains (administred by ippt.gov.pl)
-gov.pl
uw.gov.pl
um.gov.pl
ug.gov.pl
@@ -5651,11 +5700,7 @@ so.gov.pl
sr.gov.pl
po.gov.pl
pa.gov.pl
-// other functional domains
-ngo.pl
-irc.pl
-usenet.pl
-// NASK geographical domains : http://www.dns.pl/english/dns-regiony.html
+// pl regional domains (http://www.dns.pl/english/index.html)
augustow.pl
babia-gora.pl
bedzin.pl
@@ -5741,7 +5786,6 @@ rybnik.pl
rzeszow.pl
sanok.pl
sejny.pl
-siedlce.pl
slask.pl
slupsk.pl
sosnowiec.pl
@@ -5763,7 +5807,6 @@ ustka.pl
walbrzych.pl
warmia.pl
warszawa.pl
-waw.pl
wegrow.pl
wielun.pl
wlocl.pl
@@ -5776,18 +5819,6 @@ zagan.pl
zarow.pl
zgora.pl
zgorzelec.pl
-// TASK geographical domains (www.task.gda.pl/uslugi/dns)
-gda.pl
-gdansk.pl
-gdynia.pl
-med.pl
-sopot.pl
-// other geographical domains
-gliwice.pl
-krakow.pl
-poznan.pl
-wroc.pl
-zakopane.pl
// pm : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf
pm
@@ -5972,7 +6003,7 @@ mari.ru
mari-el.ru
marine.ru
mordovia.ru
-mosreg.ru
+// mosreg.ru Bug 1090800 - removed at request of Aleksey Konstantinov <konstantinovav@mosreg.ru>
msk.ru
murmansk.ru
nalchik.ru
@@ -7097,7 +7128,10 @@ xxx
*.zw
-// List of new gTLDs imported from https://newgtlds.icann.org/newgtlds.csv on 2014-09-02T12:02:06Z
+// List of new gTLDs imported from https://newgtlds.icann.org/newgtlds.csv on 2014-11-03T18:02:06Z
+
+// abb : 2014-10-24 ABB Ltd
+abb
// abbott : 2014-07-24 Abbott Laboratories, Inc.
abbott
@@ -7120,6 +7154,12 @@ active
// actor : 2013-12-12 United TLD Holdco Ltd.
actor
+// adult : 2014-10-16 ICM Registry AD LLC
+adult
+
+// afl : 2014-10-02 Australian Football League
+afl
+
// africa : 2014-03-24 ZA Central Registry NPC trading as Registry.Africa
africa
@@ -7129,6 +7169,9 @@ agency
// airforce : 2014-03-06 United TLD Holdco Ltd.
airforce
+// airtel : 2014-10-24 Bharti Airtel Limited
+airtel
+
// allfinanz : 2014-07-03 Allfinanz Deutsche Vermögensberatung Aktiengesellschaft
allfinanz
@@ -7153,10 +7196,10 @@ army
// associates : 2014-03-06 Baxter Hill, LLC
associates
-// attorney : 2014-03-20 undefined
+// attorney : 2014-03-20
attorney
-// auction : 2014-03-20 undefined
+// auction : 2014-03-20
auction
// audio : 2014-03-20 Uniregistry, Corp.
@@ -7168,9 +7211,12 @@ autos
// axa : 2013-12-19 AXA SA
axa
-// band : 2014-06-12 Auburn Hollow, LLC
+// band : 2014-06-12
band
+// bank : 2014-09-25 fTLD Registry Services LLC
+bank
+
// bar : 2013-12-12 Punto 2012 Sociedad Anonima Promotora de Inversion de Capital Variable
bar
@@ -7186,6 +7232,9 @@ bauhaus
// bayern : 2014-01-23 Bayern Connect GmbH
bayern
+// bbva : 2014-10-02 BANCO BILBAO VIZCAYA ARGENTARIA, S.A.
+bbva
+
// bcn : 2014-07-24 Municipi de Barcelona
bcn
@@ -7225,6 +7274,9 @@ bloomberg
// blue : 2013-11-07 Afilias Limited
blue
+// bms : 2014-10-30 Bristol-Myers Squibb Company
+bms
+
// bmw : 2014-01-09 Bayerische Motoren Werke Aktiengesellschaft
bmw
@@ -7234,6 +7286,9 @@ bnl
// bnpparibas : 2014-05-29 BNP Paribas
bnpparibas
+// bom : 2014-10-16 Núcleo de Informação e Coordenação do Ponto BR - NIC.br
+bom
+
// bond : 2014-06-05 Bond University Limited
bond
@@ -7279,6 +7334,9 @@ camp
// cancerresearch : 2014-05-15 Australian Cancer Research Foundation
cancerresearch
+// canon : 2014-09-12 Canon Inc.
+canon
+
// capetown : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry
capetown
@@ -7336,6 +7394,9 @@ channel
// cheap : 2013-11-14 Sand Cover, LLC
cheap
+// chloe : 2014-10-16 Richemont DNS Inc.
+chloe
+
// christmas : 2013-11-21 Uniregistry, Corp.
christmas
@@ -7369,6 +7430,9 @@ clothing
// club : 2013-11-08 .CLUB DOMAINS, LLC
club
+// coach : 2014-10-09 Koko Island, LLC
+coach
+
// codes : 2013-10-31 Puff Willow, LLC
codes
@@ -7399,7 +7463,7 @@ condos
// construction : 2013-09-16 Fox Dynamite, LLC
construction
-// consulting : 2013-12-05 undefined
+// consulting : 2013-12-05
consulting
// contractors : 2013-09-10 Magic Woods, LLC
@@ -7411,6 +7475,9 @@ cooking
// cool : 2013-11-14 Koko Lake, LLC
cool
+// corsica : 2014-09-25 Collectivité Territoriale de Corse
+corsica
+
// country : 2013-12-19 Top Level Domain Holdings Limited
country
@@ -7420,12 +7487,21 @@ credit
// creditcard : 2014-03-20 Binky Frostbite, LLC
creditcard
+// cricket : 2014-10-09 dot Cricket Limited
+cricket
+
+// crown : 2014-10-24 Crown Equipment Corporation
+crown
+
// crs : 2014-04-03 Federated Co-operatives Limited
crs
// cruises : 2013-12-05 Spring Way, LLC
cruises
+// csc : 2014-09-25 Alliance-One Services, Inc.
+csc
+
// cuisinella : 2014-04-03 SALM S.A.S.
cuisinella
@@ -7453,21 +7529,30 @@ day
// deals : 2014-05-22 Sand Sunset, LLC
deals
-// degree : 2014-03-06 undefined
+// degree : 2014-03-06
degree
+// delivery : 2014-09-11 Steel Station, LLC
+delivery
+
+// dell : 2014-10-24 Dell Inc.
+dell
+
// democrat : 2013-10-24 United TLD Holdco Ltd.
democrat
// dental : 2014-03-20 Tin Birch, LLC
dental
-// dentist : 2014-03-20 undefined
+// dentist : 2014-03-20
dentist
// desi : 2013-11-14 Desi Networks LLC
desi
+// dev : 2014-10-16 Charleston Road Registry Inc.
+dev
+
// diamonds : 2013-09-22 John Edge, LLC
diamonds
@@ -7489,6 +7574,12 @@ discount
// dnp : 2013-12-13 Dai Nippon Printing Co., Ltd.
dnp
+// docs : 2014-10-16 Charleston Road Registry Inc.
+docs
+
+// doha : 2014-09-18 Communications Regulatory Authority (CRA)
+doha
+
// domains : 2013-10-17 Sugar Cross, LLC
domains
@@ -7513,6 +7604,9 @@ email
// emerck : 2014-04-03 Merck KGaA
emerck
+// energy : 2014-09-11 Binky Birch, LLC
+energy
+
// engineer : 2014-03-06 United TLD Holdco Ltd.
engineer
@@ -7558,7 +7652,7 @@ exposed
// fail : 2014-03-06 Atomic Pipe, LLC
fail
-// fan : 2014-03-06 undefined
+// fan : 2014-03-06
fan
// farm : 2013-11-07 Just Maple, LLC
@@ -7570,6 +7664,9 @@ fashion
// feedback : 2013-12-19 Top Level Spectrum, Inc.
feedback
+// final : 2014-10-16 Núcleo de Informação e Coordenação do Ponto BR - NIC.br
+final
+
// finance : 2014-03-20 Cotton Cypress, LLC
finance
@@ -7594,6 +7691,9 @@ flights
// florist : 2013-11-07 Half Cypress, LLC
florist
+// flowers : 2014-10-09 Uniregistry, Corp.
+flowers
+
// flsmidth : 2014-07-24 FLSmidth A/S
flsmidth
@@ -7603,7 +7703,7 @@ fly
// foo : 2014-01-23 Charleston Road Registry Inc.
foo
-// forsale : 2014-05-22 undefined
+// forsale : 2014-05-22
forsale
// foundation : 2013-12-05 John Dale, LLC
@@ -7621,7 +7721,7 @@ fund
// furniture : 2014-03-20 Lone Fields, LLC
furniture
-// futbol : 2013-09-20 undefined
+// futbol : 2013-09-20
futbol
// gal : 2013-11-07 Asociación puntoGAL
@@ -7711,7 +7811,7 @@ guru
// hamburg : 2014-02-20 Hamburg Top-Level-Domain GmbH
hamburg
-// haus : 2013-12-05 undefined
+// haus : 2013-12-05
haus
// healthcare : 2014-06-12 Silver Glen, LLC
@@ -7729,6 +7829,9 @@ hermes
// hiphop : 2014-03-06 Uniregistry, Corp.
hiphop
+// hitachi : 2014-10-31 Hitachi, Ltd.
+hitachi
+
// hiv : 2014-03-13 dotHIV gemeinnuetziger e.V.
hiv
@@ -7756,9 +7859,15 @@ house
// how : 2014-01-23 Charleston Road Registry Inc.
how
+// hsbc : 2014-10-24 HSBC Holdings PLC
+hsbc
+
// ibm : 2014-07-31 International Business Machines Corporation
ibm
+// ice : 2014-10-30 IntercontinentalExchange, Inc.
+ice
+
// ifm : 2014-01-30 ifm electronic gmbh
ifm
@@ -7807,6 +7916,9 @@ ist
// istanbul : 2014-08-28 Istanbul Metropolitan Municipality
istanbul
+// itau : 2014-10-02 Itau Unibanco Holding S.A.
+itau
+
// iwc : 2014-06-23 Richemont DNS Inc.
iwc
@@ -7819,12 +7931,18 @@ jetzt
// joburg : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry
joburg
+// jprs : 2014-09-18 Japan Registry Services Co., Ltd.
+jprs
+
// juegos : 2014-03-20 Uniregistry, Corp.
juegos
// kaufen : 2013-11-07 United TLD Holdco Ltd.
kaufen
+// kddi : 2014-09-12 KDDI CORPORATION
+kddi
+
// kim : 2013-09-23 Afilias Limited
kim
@@ -7849,10 +7967,13 @@ lacaixa
// land : 2013-09-10 Pine Moon, LLC
land
+// lat : 2014-10-16 ECOM-LAC Federaciòn de Latinoamèrica y el Caribe para Internet y el Comercio Electrònico
+lat
+
// latrobe : 2014-06-16 La Trobe University
latrobe
-// lawyer : 2014-03-20 undefined
+// lawyer : 2014-03-20
lawyer
// lds : 2014-03-20 IRI Domain Management, LLC (\
@@ -7864,9 +7985,18 @@ lease
// leclerc : 2014-08-07 A.C.D. LEC Association des Centres Distributeurs Edouard Leclerc
leclerc
+// legal : 2014-10-16 Blue Falls, LLC
+legal
+
// lgbt : 2014-05-08 Afilias Limited
lgbt
+// liaison : 2014-10-02 Liaison Technologies, Incorporated
+liaison
+
+// lidl : 2014-09-18 Schwarz Domains und Services GmbH & Co. KG
+lidl
+
// life : 2014-02-06 Trixy Oaks, LLC
life
@@ -7891,6 +8021,9 @@ london
// lotto : 2014-04-10 Afilias Limited
lotto
+// ltd : 2014-09-25 Over Corner, LLC
+ltd
+
// ltda : 2014-04-17 DOMAIN ROBOT SERVICOS DE HOSPEDAGEM NA INTERNET LTDA
ltda
@@ -7903,6 +8036,9 @@ luxury
// madrid : 2014-05-01 Comunidad de Madrid
madrid
+// maif : 2014-10-02 Mutuelle Assurance Instituteur France (MAIF)
+maif
+
// maison : 2013-12-05 Victor Frostbite, LLC
maison
@@ -7912,12 +8048,15 @@ management
// mango : 2013-10-24 PUNTO FA S.L.
mango
-// market : 2014-03-06 undefined
+// market : 2014-03-06
market
// marketing : 2013-11-07 Fern Pass, LLC
marketing
+// marriott : 2014-10-09 Marriott Worldwide Corporation
+marriott
+
// media : 2014-03-06 Grand Glen, LLC
media
@@ -7930,6 +8069,9 @@ melbourne
// meme : 2014-01-30 Charleston Road Registry Inc.
meme
+// memorial : 2014-10-16 Dog Beach, LLC
+memorial
+
// menu : 2013-09-11 Wedding TLD2, LLC
menu
@@ -7948,13 +8090,16 @@ moe
// monash : 2013-09-30 Monash University
monash
+// money : 2014-10-16 Outer McCook, LLC
+money
+
// montblanc : 2014-06-23 Richemont DNS Inc.
montblanc
// mormon : 2013-12-05 IRI Domain Management, LLC (\
mormon
-// mortgage : 2014-03-20 undefined
+// mortgage : 2014-03-20
mortgage
// moscow : 2013-12-19 Foundation for Assistance for Internet Technologies and Infrastructure Development (FAITID)
@@ -7966,6 +8111,9 @@ motorcycles
// mov : 2014-01-30 Charleston Road Registry Inc.
mov
+// movistar : 2014-10-16 Telefónica S.A.
+movistar
+
// nagoya : 2013-10-24 GMO Registry, Inc.
nagoya
@@ -7999,16 +8147,25 @@ ninja
// nissan : 2014-03-27 NISSAN MOTOR CO., LTD.
nissan
+// nowruz : 2014-09-04 Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.
+nowruz
+
// nra : 2014-05-22 NRA Holdings Company, INC.
nra
// nrw : 2013-11-21 Minds + Machines GmbH
nrw
+// ntt : 2014-10-31 NIPPON TELEGRAPH AND TELEPHONE CORPORATION
+ntt
+
// nyc : 2014-01-23 The City of New York by and through the New York City Department of Information Technology & Telecommunications
nyc
-// okinawa : 2013-12-05 BusinessRalliart inc.
+// obi : 2014-09-25 OBI Group Holding SE & Co. KGaA
+obi
+
+// okinawa : 2013-12-05 BusinessRalliart Inc.
okinawa
// ong : 2014-03-06 Public Interest Registry
@@ -8026,6 +8183,9 @@ oracle
// organic : 2014-03-27 Afilias Limited
organic
+// osaka : 2014-09-04 Interlink Co., Ltd.
+osaka
+
// otsuka : 2013-10-11 Otsuka Holdings Co., Ltd.
otsuka
@@ -8035,12 +8195,18 @@ ovh
// paris : 2014-01-30 City of Paris
paris
+// pars : 2014-09-04 Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.
+pars
+
// partners : 2013-12-05 Magic Glen, LLC
partners
// parts : 2013-12-05 Sea Goodbye, LLC
parts
+// party : 2014-09-11 Blue Sky Registry Limited
+party
+
// pharmacy : 2014-06-19 National Association of Boards of Pharmacy
pharmacy
@@ -8056,6 +8222,9 @@ photos
// physio : 2014-05-01 PhysBiz Pty Ltd
physio
+// piaget : 2014-10-16 Richemont DNS Inc.
+piaget
+
// pics : 2013-11-14 Uniregistry, Corp.
pics
@@ -8083,6 +8252,9 @@ pohl
// poker : 2014-07-03 Afilias Domains No. 5 Limited
poker
+// porn : 2014-10-16 ICM Registry PN LLC
+porn
+
// praxi : 2013-12-05 Praxi S.p.A.
praxi
@@ -8122,6 +8294,9 @@ recipes
// red : 2013-11-07 Afilias Limited
red
+// redstone : 2014-10-31 Redstone Haute Couture Co., Ltd.
+redstone
+
// rehab : 2014-03-06 United TLD Holdco Ltd.
rehab
@@ -8131,6 +8306,9 @@ reise
// reisen : 2014-03-06 New Cypress, LLC
reisen
+// reit : 2014-09-04 National Association of Real Estate Investment Trusts, Inc.
+reit
+
// ren : 2013-12-12 Beijing Qianxiang Wangjing Technology Development Co., Ltd.
ren
@@ -8152,7 +8330,7 @@ rest
// restaurant : 2014-07-03 Snow Avenue, LLC
restaurant
-// reviews : 2013-09-13 undefined
+// reviews : 2013-09-13
reviews
// rich : 2013-11-21 I-Registry Ltd.
@@ -8164,7 +8342,7 @@ rio
// rip : 2014-07-10 United TLD Holdco Ltd.
rip
-// rocks : 2013-11-14 undefined
+// rocks : 2013-11-14
rocks
// rodeo : 2013-12-19 Top Level Domain Holdings Limited
@@ -8176,21 +8354,30 @@ rsvp
// ruhr : 2013-10-02 regiodot GmbH & Co. KG
ruhr
-// ryukyu : 2014-01-09 BusinessRalliart inc.
+// ryukyu : 2014-01-09 BusinessRalliart Inc.
ryukyu
// saarland : 2013-12-12 dotSaarland GmbH
saarland
+// sale : 2014-10-16 Half Bloom, LLC
+sale
+
// samsung : 2014-04-03 SAMSUNG SDS CO., LTD
samsung
+// sanofi : 2014-10-09 Sanofi
+sanofi
+
// sap : 2014-03-27 SAP AG
sap
// sarl : 2014-07-03 Delta Orchard, LLC
sarl
+// saxo : 2014-10-31 Saxo Bank A/S
+saxo
+
// sca : 2014-03-13 SVENSKA CELLULOSA AKTIEBOLAGET SCA (publ)
sca
@@ -8206,12 +8393,24 @@ scholarships
// schule : 2014-03-06 Outer Moon, LLC
schule
+// schwarz : 2014-09-18 Schwarz Domains und Services GmbH & Co. KG
+schwarz
+
+// science : 2014-09-11 dot Science Limited
+science
+
+// scor : 2014-10-31 SCOR SE
+scor
+
// scot : 2014-01-23 Dot Scot Registry Limited
scot
// seat : 2014-05-22 SEAT, S.A. (Sociedad Unipersonal)
seat
+// sener : 2014-10-24 Sener Ingeniería y Sistemas, S.A.
+sener
+
// services : 2014-02-27 Fox Castle, LLC
services
@@ -8224,6 +8423,9 @@ sexy
// sharp : 2014-05-01 Sharp Corporation
sharp
+// shia : 2014-09-04 Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.
+shia
+
// shiksha : 2013-11-14 Afilias Limited
shiksha
@@ -8242,7 +8444,7 @@ sky
// social : 2013-11-07 United TLD Holdco Ltd.
social
-// software : 2014-03-20 undefined
+// software : 2014-03-20
software
// sohu : 2013-12-19 Sohu.com Limited
@@ -8263,6 +8465,12 @@ space
// spiegel : 2014-02-05 SPIEGEL-Verlag Rudolf Augstein GmbH & Co. KG
spiegel
+// stc : 2014-10-09 Saudi Telecom Company
+stc
+
+// stcgroup : 2014-10-09 Saudi Telecom Company
+stcgroup
+
// supplies : 2013-12-19 Atomic Fields, LLC
supplies
@@ -8281,6 +8489,12 @@ surgery
// suzuki : 2014-02-20 SUZUKI MOTOR CORPORATION
suzuki
+// swiss : 2014-10-16 Swiss Confederation
+swiss
+
+// sydney : 2014-09-18 State of New South Wales, Department of Premier and Cabinet
+sydney
+
// systems : 2013-11-07 Dash Cypress, LLC
systems
@@ -8296,9 +8510,15 @@ tattoo
// tax : 2014-03-20 Storm Orchard, LLC
tax
+// tci : 2014-09-12 Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.
+tci
+
// technology : 2013-09-13 Auburn Falls
technology
+// telefonica : 2014-10-16 Telefónica S.A.
+telefonica
+
// temasek : 2014-08-07 Temasek Holdings (Private) Limited
temasek
@@ -8338,6 +8558,9 @@ trade
// training : 2013-11-07 Wild Willow, LLC
training
+// trust : 2014-10-16
+trust
+
// tui : 2014-07-03 TUI AG
tui
@@ -8362,18 +8585,30 @@ ventures
// versicherung : 2014-03-20 dotversicherung-registry GmbH
versicherung
-// vet : 2014-03-06 undefined
+// vet : 2014-03-06
vet
// viajes : 2013-10-17 Black Madison, LLC
viajes
+// video : 2014-10-16 Lone Tigers, LLC
+video
+
// villas : 2013-12-05 New Sky, LLC
villas
+// virgin : 2014-09-25 Virgin Enterprises Limited
+virgin
+
// vision : 2013-12-05 Koko Station, LLC
vision
+// vista : 2014-09-18 Vistaprint Limited
+vista
+
+// vistaprint : 2014-09-18 Vistaprint Limited
+vistaprint
+
// vlaanderen : 2014-02-06 DNS.be vzw
vlaanderen
@@ -8443,6 +8678,9 @@ wtc
// wtf : 2014-03-06 Hidden Way, LLC
wtf
+// xerox : 2014-10-24 Xerox DNHC LLC
+xerox
+
// xn--1qqw23a : 2014-01-09 Guangzhou YU Wei Information Technology Co., Ltd.
xn--1qqw23a
@@ -8536,6 +8774,9 @@ xn--kput3i
// xn--mgbab2bd : 2013-10-31 CORE Association
xn--mgbab2bd
+// xn--mgbt3dhd : 2014-09-04 Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.
+xn--mgbt3dhd
+
// xn--mxtq1m : 2014-03-06 Net-Chinese Co., Ltd.
xn--mxtq1m
@@ -8575,6 +8816,9 @@ xn--vermgensberatung-pwb
// xn--vhquv : 2013-08-27 Dash McCook, LLC
xn--vhquv
+// xn--vuq861b : 2014-10-16 Beijing Tele-info Network Technology Co., Ltd.
+xn--vuq861b
+
// xn--xhq521b : 2013-11-14 Guangzhou YU Wei Information Technology Co., Ltd.
xn--xhq521b
@@ -9047,6 +9291,7 @@ ro.com
// Google, Inc.
// Submitted by Eduardo Vela <evn@google.com> 2012-10-24
appspot.com
+blogspot.ae
blogspot.be
blogspot.bj
blogspot.ca
@@ -9061,6 +9306,7 @@ blogspot.com.ar
blogspot.com.au
blogspot.com.br
blogspot.com.es
+blogspot.com.tr
blogspot.cv
blogspot.cz
blogspot.de
@@ -9082,6 +9328,7 @@ blogspot.no
blogspot.pt
blogspot.re
blogspot.ro
+blogspot.ru
blogspot.se
blogspot.sg
blogspot.sk
@@ -9134,6 +9381,14 @@ operaunite.com
// Submitted by Duarte Santos <domain-admin@outsystemscloud.com> 2014-03-11
outsystemscloud.com
+// .pl domains (grandfathered)
+art.pl
+gliwice.pl
+krakow.pl
+poznan.pl
+wroc.pl
+zakopane.pl
+
// Red Hat, Inc. OpenShift : https://openshift.redhat.com/
// Submitted by Tim Kramer <tkramer@rhcloud.com> 2012-10-24
rhcloud.com
@@ -9146,6 +9401,13 @@ service.gov.uk
// Submitted by registry <lendl@nic.at> 2008-06-09
priv.at
+// TASK geographical domains (www.task.gda.pl/uslugi/dns)
+gda.pl
+gdansk.pl
+gdynia.pl
+med.pl
+sopot.pl
+
// Yola : https://www.yola.com/
// Submitted by Stefano Rivera <stefano@yola.com> 2014-07-09
yolasite.com
@@ -9156,3 +9418,5 @@ za.net
za.org
// ===END PRIVATE DOMAINS===
+END_BUILTIN_DATA
+1;
@@ -13,13 +13,13 @@
package IO::Socket::SSL;
-our $VERSION = '2.002';
+our $VERSION = '2.006';
use IO::Socket;
use Net::SSLeay 1.46;
use IO::Socket::SSL::PublicSuffix;
use Exporter ();
-use Errno qw( EAGAIN ETIMEDOUT );
+use Errno qw( EWOULDBLOCK ETIMEDOUT EINTR );
use Carp;
use strict;
@@ -217,13 +217,23 @@ for(qw( SSLv2 SSLv3 TLSv1 TLSv1_1 TLSv11:TLSv1_1 TLSv1_2 TLSv12:TLSv1_2 )) {
$SSL_OP_NO{$k} = eval { no strict 'refs'; &$sub } || 0;
}
+# Make SSL_CTX_clear_options accessible through SSL_CTX_ctrl unless it is
+# already implemented in Net::SSLeay
+if (!defined &Net::SSLeay::CTX_clear_options) {
+ *Net::SSLeay::CTX_clear_options = sub {
+ my ($ctx,$opt) = @_;
+ # 77 = SSL_CTRL_CLEAR_OPTIONS
+ Net::SSLeay::CTX_ctrl($ctx,77,$opt,0);
+ };
+}
+
our $DEBUG;
use vars qw(@ISA $SSL_ERROR @EXPORT);
{
# These constants will be used in $! at return from SSL_connect,
# SSL_accept, _generic_(read|write), thus notifying the caller
- # the usual way of problems. Like with EAGAIN, EINPROGRESS..
+ # the usual way of problems. Like with EWOULDBLOCK, EINPROGRESS..
# these are especially important for non-blocking sockets
my $x = Net::SSLeay::ERROR_WANT_READ();
@@ -489,7 +499,7 @@ sub configure_SSL {
# create context
# this will fill in defaults in $arg_hash
- $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash);
+ $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash) || return;
${*$self}{'_SSL_arguments'} = $arg_hash;
${*$self}{'_SSL_ctx'} = $ctx;
@@ -509,7 +519,7 @@ sub _skip_rw_error {
} else {
return $err;
}
- $! ||= EAGAIN;
+ $! ||= EWOULDBLOCK;
${*$self}{'_SSL_last_err'} = $SSL_ERROR if ref($self);
Net::SSLeay::ERR_clear_error();
return 0;
@@ -1009,7 +1019,7 @@ sub _generic_write {
}
if ( !defined($written) ) {
if ( my $err = $self->_skip_rw_error( $ssl,-1 )) {
- $self->error("SSL write error");
+ $self->error("SSL write error ($err)");
}
return;
}
@@ -1064,9 +1074,9 @@ sub readline {
while (1) {
my $rv = $self->sysread($buf,2**16,length($buf));
if ( ! defined $rv ) {
- next if $!{EINTR}; # retry
- last if $!{EAGAIN} || $!{EWOULDBLOCK}; # use everything so far
- return; # return error
+ next if $! == EINTR; # retry
+ last if $! == EWOULDBLOCK; # use everything so far
+ return; # return error
} elsif ( ! $rv ) {
last
}
@@ -1094,9 +1104,9 @@ sub readline {
while ( $size>length($buf)) {
my $rv = $self->sysread($buf,$size-length($buf),length($buf));
if ( ! defined $rv ) {
- next if $!{EINTR}; # retry
- last if $!{EAGAIN} || $!{EWOULDBLOCK}; # use everything so far
- return; # return error
+ next if $! == EINTR; # retry
+ last if $! == EWOULDBLOCK; # use everything so far
+ return; # return error
} elsif ( ! $rv ) {
last
}
@@ -1115,7 +1125,7 @@ sub readline {
# wait until we have more data or eof
my $poke = Net::SSLeay::peek($ssl,1);
if ( ! defined $poke or $poke eq '' ) {
- next if $!{EINTR};
+ next if $! == EINTR;
}
my $skip = 0;
@@ -1153,7 +1163,7 @@ sub readline {
$skip -= length($p);
next;
}
- $!{EINTR} or last;
+ $! == EINTR or last;
}
if ( $eod and ( $delim1 eq '' or $eod < length($buf))) {
@@ -2149,6 +2159,13 @@ WARN
# SSL_OP_CIPHER_SERVER_PREFERENCE
$ssl_op |= 0x00400000 if $arg_hash->{SSL_honor_cipher_order};
+ if ($ver eq 'SSLv23' && !($ssl_op & $SSL_OP_NO{SSLv3})) {
+ # At least LibreSSL disables SSLv3 by default in SSL_CTX_new.
+ # If we really want SSL3.0 we need to explicitly allow it with
+ # SSL_CTX_clear_options.
+ Net::SSLeay::CTX_clear_options($ctx,$SSL_OP_NO{SSLv3});
+ }
+
Net::SSLeay::CTX_set_options($ctx,$ssl_op);
# if we don't set session_id_context if client certificate is expected
@@ -557,8 +557,9 @@ features and usually fewer known bugs.
=head1 Using Non-Blocking Sockets
If you have a non-blocking socket, the expected behavior on read, write, accept
-or connect is to set C<$!> to EAGAIN if the operation can not be completed
-immediately.
+or connect is to set C<$!> to EWOULDBLOCK if the operation can not be completed
+immediately. Note that EWOULDBLOCK is the same as EAGAIN on UNIX systems, but
+is different on Windows.
With SSL handshakes might occure at any time, even within an established
connections. In this cases it is necessary to finish the handshake before
@@ -567,7 +568,7 @@ read but must first finish the write of a handshake or where you want to write
but must first finish a read.
In these cases C<$!> is set to EGAIN like expected, and additionally
C<$SSL_ERROR> is set to either SSL_WANT_READ or SSL_WANT_WRITE.
-Thus if you get EAGAIN on a SSL socket you must check C<$SSL_ERROR> for
+Thus if you get EWOULDBLOCK on a SSL socket you must check C<$SSL_ERROR> for
SSL_WANT_* and adapt your event mask accordingly.
Using readline on non-blocking sockets does not make much sense and I would
@@ -606,7 +607,7 @@ TCP socket in a non-blocking way with C<start_SSL> and C<accept_SSL>.
# next frame.
my $n = sysread( $cl,my $buf,1);
if ( ! defined $n ) {
- die $! if not ${EAGAIN};
+ die $! if not ${EWOULDBLOCK};
next if $SSL_ERROR == SSL_WANT_READ;
if ( $SSL_ERROR == SSL_WANT_WRITE ) {
# need to write data on renegotiation
@@ -911,7 +912,7 @@ All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can
also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires
recent versions of Net::SSLeay and openssl.
-Independend from the handshake format you can limit to set of accepted SSL
+Independent from the handshake format you can limit to set of accepted SSL
versions by adding !version separated by ':'.
The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the
@@ -1605,7 +1606,7 @@ gets the same arguments as close(), in fact close() calls stop_SSL() (but
without downgrading the class).
Will return true if it succeeded and undef if failed. This might be the case for
-non-blocking sockets. In this case $! is set to EAGAIN and the ssl error to
+non-blocking sockets. In this case $! is set to EWOULDBLOCK and the ssl error to
SSL_WANT_READ or SSL_WANT_WRITE. In this case the call should be retried again
with the same arguments once the socket is ready.
@@ -1621,8 +1622,8 @@ These functions should be used to do the relevant handshake, if the socket got
created with C<new> or upgraded with C<start_SSL> and C<SSL_startHandshake> was
set to false.
They will return undef until the handshake succeeded or an error got thrown.
-As long as the function returns undef and $! is set to EAGAIN one could retry
-the call after the socket got readable (SSL_WANT_READ) or writeable
+As long as the function returns undef and $! is set to EWOULDBLOCK one could
+retry the call after the socket got readable (SSL_WANT_READ) or writeable
(SSL_WANT_WRITE).
=item B<ocsp_resolver>
@@ -21,10 +21,7 @@ print "1..15\n";
}
# then try bad non-SSL client
-if ( $^O =~m{mswin32}i ) {
- # skip
- ok( 1, "skip - TODO on win32" ) for(1..7);
-} else {
+{
my ($server,$saddr) = create_listen_socket();
ok(1, "listening \@$saddr" );
my $srv = fork_sub( 'server',$server );
@@ -22,10 +22,7 @@ print "1..16\n";
fd_grep_ok( 'Hi!', $cl );
}
-if ( $^O =~m{mswin32}i ) {
- # skip
- ok( 1, "skip - TODO on win32" ) for(1..7);
-} else {
+{
# then try bad non-SSL client
my ($server,$saddr) = create_listen_socket();
ok( 1, "listening \@$saddr" );
@@ -7,12 +7,12 @@ use warnings;
use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
-use Errno 'EAGAIN';
+use Errno 'EWOULDBLOCK';
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
$|=1;
-my $CAN_NONBLOCK = $^O =~m{mswin32}i ? 0 : eval "use 5.006; use IO::Select; 1";
+my $CAN_NONBLOCK = eval "use 5.006; use IO::Select; 1";
my $CAN_PEEK = &Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x0090601f;
my $numtests = 40;
@@ -332,7 +332,7 @@ if ($CAN_NONBLOCK) {
$client = $server->accept;
while ( ! $client ) {
#DEBUG( "$!,$SSL_ERROR" );
- if ( $! == EAGAIN ) {
+ if ( $! == EWOULDBLOCK ) {
if ( $SSL_ERROR == SSL_WANT_WRITE ) {
IO::Select->new( $server->opening )->can_write(30);
} else {
@@ -16,8 +16,11 @@ do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
# itself if it is available
unless( IO::Socket::SSL->CAN_IPV6 eq "IO::Socket::IP" ) {
# not available or IO::Socket::SSL forgot to load it
- if ( ! eval { require IO::Socket::IP; IO::Socket::IP->VERSION(0.20) } ) {
- print "1..0 # Skipped: no IO::Socket::IP 0.20 available\n";
+ if ( ! eval {
+ require IO::Socket::IP;
+ IO::Socket::IP->VERSION(0.20) && IO::Socket::IP->VERSION != 0.30;
+ }) {
+ print "1..0 # Skipped: usuable IO::Socket::IP is not available\n";
} else {
print "1..1\nnot ok # automatic use of IO::Socket::IP\n";
}
@@ -8,7 +8,6 @@ use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
use IO::Select;
-use Errno qw(EAGAIN EINPROGRESS );
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
if ( grep { $^O =~m{$_}i } qw( MacOS VOS vmesa riscos amigaos mswin32) ) {
@@ -9,7 +9,7 @@ use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
use IO::Select;
-use Errno qw( EAGAIN EINPROGRESS EPIPE ECONNRESET );
+use Errno qw( EWOULDBLOCK EINPROGRESS EPIPE ECONNRESET );
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
if ( ! eval "use 5.006; use IO::Select; return 1" ) {
@@ -17,13 +17,6 @@ if ( ! eval "use 5.006; use IO::Select; return 1" ) {
exit;
}
-
-
-if ( $^O =~m{mswin32}i ) {
- print "1..0 # Skipped: nonblocking does not work on Win32\n";
- exit
-}
-
$SIG{PIPE} = 'IGNORE'; # use EPIPE not signal handler
$|=1;
@@ -73,7 +66,7 @@ if ( $pid == 0 ) {
IO::Select->new( $to_server )->can_write(30) && next;
print "not ";
last;
- } elsif ( $!{EALREADY} ) {
+ } elsif ( $!{EWOULDBLOCK} ) {
diag( 'connect not yet completed');
# just wait
select(undef,undef,undef,0.1);
@@ -101,7 +94,7 @@ if ( $pid == 0 ) {
while ( $pmsg ne '' ) {
my $w = syswrite( $to_server,$pmsg );
if ( ! defined $w ) {
- if ( ! $!{EAGAIN} ) {
+ if ( ! $!{EWOULDBLOCK} ) {
diag("syswrite failed with $!");
print "not ";
last;
@@ -167,7 +160,7 @@ if ( $pid == 0 ) {
# we send up to 500000 bytes, server reads first 10 bytes and then sleeps
# before reading more. In total server only reads 30000 bytes
# the sleep will cause the internal buffers to fill up so that the syswrite
- # should return with EAGAIN+SSL_WANT_WRITE.
+ # should return with EWOULDBLOCK+SSL_WANT_WRITE.
# the socket close should cause EPIPE or ECONNRESET
my $msg = "1234567890";
@@ -204,7 +197,7 @@ if ( $pid == 0 ) {
my $n = syswrite( $to_server,$msg,length($msg)-$offset,$offset );
if ( !defined($n) ) {
diag( "\$!=$! \$SSL_ERROR=$SSL_ERROR send=$bytes_send" );
- if ( $! == EAGAIN ) {
+ if ( $! == EWOULDBLOCK ) {
if ( $SSL_ERROR == SSL_WANT_WRITE ) {
diag( 'wait for write' );
$can = 'can_write';
@@ -215,11 +208,8 @@ if ( $pid == 0 ) {
} else {
$can = 'can_write';
}
- } elsif ( ( $! == EPIPE || $! == ECONNRESET ) && $bytes_send > 30000 ) {
- diag( "connection closed hard" );
- last WRITE;
- } else {
- print "not ";
+ } elsif ( $bytes_send > 30000 ) {
+ diag( "connection closed" );
last WRITE;
}
next;
@@ -283,7 +273,7 @@ if ( $pid == 0 ) {
my $buf = '';
while ( length($buf) <9 ) {
sysread( $from_client, $buf,9-length($buf),length($buf) ) && next;
- die "sysread failed: $!" if $! != EAGAIN;
+ die "sysread failed: $!" if $! != EWOULDBLOCK;
IO::Select->new( $from_client )->can_read(30);
}
$buf eq 'plaintext' || print "not ";
@@ -338,7 +328,7 @@ if ( $pid == 0 ) {
# reading 10 bytes
# then sleeping so that buffers from client to server gets
- # filled up and clients receives EAGAIN+SSL_WANT_WRITE
+ # filled up and clients receives EWOULDBLOCK+SSL_WANT_WRITE
IO::Select->new( $from_client )->can_read(30);
( sysread( $from_client, $buf,10 ) == 10 ) || print "not ";
@@ -360,7 +350,7 @@ if ( $pid == 0 ) {
my $n = sysread( $from_client,my $buf,$diff );
if ( !defined($n) ) {
diag( "\$!=$! \$SSL_ERROR=$SSL_ERROR" );
- if ( $! == EAGAIN ) {
+ if ( $! == EWOULDBLOCK ) {
if ( $SSL_ERROR == SSL_WANT_READ ) {
$attempts++;
$can = 'can_read';
@@ -0,0 +1,123 @@
+#!perl
+
+use strict;
+use warnings;
+use Test::More;
+use IO::Socket::SSL;
+do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
+
+$|=1;
+
+my $XDEBUG = 0;
+my @versions = qw(SSLv3 TLSv1 TLSv1_1 TLSv1_2);
+
+my $server = IO::Socket::SSL->new(
+ LocalAddr => '127.0.0.1',
+ LocalPort => 0,
+ Listen => 2,
+ SSL_server => 1,
+ SSL_startHandshake => 0,
+ SSL_version => 'SSLv23', # allow SSLv3 too
+ SSL_cert_file => 'certs/server-cert.pem',
+ SSL_key_file => 'certs/server-key.pem',
+) or BAIL_OUT("cannot listen on localhost: $!");
+print "not ok\n", exit if !$server;
+my $saddr = $server->sockhost().':'.$server->sockport();
+$XDEBUG && diag("server at $saddr");
+
+defined( my $pid = fork() ) or BAIL_OUT("fork failed: $!");
+if ($pid == 0) {
+ close($server);
+ my $check = sub {
+ my ($ver,$expect) = @_;
+ $XDEBUG && diag("try $ver, expect $expect");
+ my $cl = IO::Socket::SSL->new(
+ PeerAddr => $saddr,
+ SSL_startHandshake => 0,
+ SSL_verify_mode => 0,
+ SSL_version => $ver,
+ ) or die "TCP connection failed to server: $!";
+ $XDEBUG && diag("TCP connected");
+ print $cl "starttls $ver $expect\n";
+ <$cl>;
+ if (!$cl->connect_SSL) {
+ $XDEBUG && diag("SSL upgrade failed with $ver: $SSL_ERROR");
+ return;
+ }
+ $XDEBUG && diag("SSL connect done");
+ return $cl->get_sslversion();
+ };
+ my $stop = sub {
+ my $cl = IO::Socket::INET->new($saddr) or return;
+ print $cl "quit\n";
+ };
+
+ # find out the best protocol version the server can
+ my %supported;
+ my $ver = $check->('SSLv23','') or die "connect to server failed: $!";
+ $XDEBUG && diag("best protocol version: $ver");
+
+ for (@versions, 'foo') {
+ $supported{$_} = 1;
+ $ver eq $_ and last;
+ }
+ die "best protocol version server supports is $ver" if $supported{foo};
+
+ # Check if the OpenSSL was compiled without SSLv3 support
+ if ( ! $check->('SSLv3','')) {
+ diag("looks like OpenSSL was compiled without SSLv3 support");
+ delete $supported{SSLv3};
+ }
+
+ for my $ver (@versions) {
+ next if ! $supported{$ver};
+ # requesting only this version should be done with this version
+ $check->($ver,$ver);
+ # requesting SSLv23 and disallowing anything better should give $ver too
+ my $sslver = "SSLv23";
+ for(reverse grep { $supported{$_} } @versions) {
+ last if $_ eq $ver;
+ $sslver .= ":!$_";
+ }
+ $check->($sslver,$ver);
+ }
+
+ $stop->();
+ exit(0);
+}
+
+vec( my $vs = '',fileno($server),1) = 1;
+while (select( my $rvs = $vs,undef,undef,15 )) {
+ $XDEBUG && diag("got read event");
+ my $cl = $server->accept or do {
+ $XDEBUG && diag("accept failed: $!");
+ next;
+ };
+ $XDEBUG && diag("TCP accept done");
+ my $cmd = <$cl>;
+ $XDEBUG && diag("got command $cmd");
+ my ($ver,$expect) = $cmd =~m{^starttls (\S+) (\S*)} or do {
+ $XDEBUG && diag("finish");
+ done_testing() if $cmd =~m/^quit/;
+ last;
+ };
+ print $cl "ok\n";
+ $cl->accept_SSL() or do {
+ $XDEBUG && diag("accept_SSL failed: $SSL_ERROR");
+ if ($expect) {
+ fail("accept $ver");
+ } else {
+ diag("failed to accept $ver");
+ }
+ next;
+ };
+ $XDEBUG && diag("SSL accept done");
+ if ($expect) {
+ is($expect,$cl->get_sslversion,"accept $ver with $expect");
+ } else {
+ pass("accept $ver with any, got ".$cl->get_sslversion);
+ }
+ close($cl);
+}
+
+wait;
@@ -30,7 +30,7 @@ sub run_with_lib {
require IO::Socket::SSL::PublicSuffix;
- plan tests => 83;
+ plan tests => 79;
# all one-level, but co.uk two-level
@@ -117,10 +117,14 @@ sub run_with_lib {
is public_suffix('example.com'), 'com';
is public_suffix('b.example.com'), 'com';
is public_suffix('a.b.example.com'), 'com';
- is public_suffix('uk.com'), 'uk.com';
- is public_suffix('example.uk.com'), 'uk.com';
- is public_suffix('b.example.uk.com'), 'uk.com';
- is public_suffix('a.b.example.uk.com'), 'uk.com';
+
+ # uk.com is not in the ICANN part of the list
+ if(0) {
+ is public_suffix('uk.com'), 'uk.com';
+ is public_suffix('example.uk.com'), 'uk.com';
+ is public_suffix('b.example.uk.com'), 'uk.com';
+ is public_suffix('a.b.example.uk.com'), 'uk.com';
+ }
is public_suffix('test.ac'), 'ac';
# TLD with only one (wildcard) rule:
@@ -6,7 +6,6 @@ use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
use IO::Select;
-use Errno qw(EAGAIN EINPROGRESS );
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
$|=1;
@@ -8,7 +8,6 @@ use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
use IO::Select;
-use Errno qw(EAGAIN EINPROGRESS );
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
if ( ! eval "use 5.006; use IO::Select; return 1" ) {
@@ -84,8 +84,6 @@ if ( $pid == 0 ) {
print "not " if $n != 16384;
ok( "partial write in syswrite" );
- # TODO does not work on Win32!!!
- print "ok # TODO(win32): " if $^O=~m{mswin32}i;
# but write should send everything because it does ssl_write_all
$n = $to_server->write( 'x' x 18000 );
#DEBUG( "send $n bytes" );
@@ -28,6 +28,7 @@ my $all_ciphers;
my $show_chain;
my $dump_chain;
my %conf;
+my $max_cipher = 'HIGH:ALL';
GetOptions(
'h|help' => sub { usage() },
'v|verbose:1' => \$verbose,
@@ -44,6 +45,7 @@ GetOptions(
'cert=s' => \$conf{SSL_cert_file},
'key=s' => \$conf{SSL_key_file},
'name=s' => \$conf{SSL_hostname},
+ 'max-cipher=s' => \$max_cipher,
) or usage("bad usage");
@ARGV or usage("no hosts given");
my %default_ca =
@@ -82,6 +84,9 @@ Options:
--key key - use given key for client authentication (default: cert)
--name name - use given name as server name in verification and SNI
instead of host (useful if target is given as IP)
+ --max-cipher set - maximum cipher set to try, default HIGH:ALL.
+ Some servers or middleboxes have problems with this set
+ so it can be reduced.
# what to show
-v|--verbose level - verbose output
@@ -104,8 +109,9 @@ USAGE
my @tests;
for my $host (@ARGV) {
my ($ip,$port);
- $host =~m{^(?:\[(.+)\]|([^:]+))(?::(\w+))?$} or die "invalid dst: $host";
- $host = $1||$2;
+ $host =~m{^(?:\[(\w\.\-\:+)\]|([\w\.\-]+)):(\w+)$|^([\w\.\-:]+)$}
+ or die "invalid dst: $host";
+ $host = $1||$2||$4;
my $st = $starttls{$stls ||''};
$port = $3 || $st->[0] || 443;
if ( $host =~m{:|^[\d\.]+$} ) {
@@ -115,6 +121,7 @@ for my $host (@ARGV) {
push @tests, [ $host||$ip,$port,$conf{SSL_hostname}||$host,$st->[1],$st->[2] || 'default' ];
}
+
my $ioclass = IO::Socket::SSL->can_ipv6 || 'IO::Socket::INET';
for my $test (@tests) {
my ($host,$port,$name,$stls_sub,$scheme) = @$test;
@@ -157,7 +164,7 @@ for my $test (@tests) {
SSLv23:!TLSv1_2
SSLv23
)) {
- for my $ciphers ( '','HIGH:ALL' ) {
+ for my $ciphers ( '',$max_cipher ) {
my $cl = &$tcp_connect;
if ( IO::Socket::SSL->start_SSL($cl,
%conf,
@@ -345,7 +352,7 @@ for my $test (@tests) {
# check out all supported ciphers
my @ciphers;
{
- my $c = 'HIGH:ALL:eNULL';
+ my $c = "$max_cipher:eNULL";
while ($all_ciphers || @ciphers<2 ) {
my $cl = &$tcp_connect;
if ( IO::Socket::SSL->start_SSL($cl,