Re: Test failures and libwww-perl 6.0.3

2011-11-30 Thread Kaspar Brand 
On 29.11.2011 23:23, Stefan Fritsch wrote:
 On Tuesday 29 November 2011, Kaspar Brand wrote:
 I have committed the patches in r1207758 (for Apache::Test) and
 r1207759 (adjustments to the t/ssl tests).
 
 Nice, works here now. Thanks.

FYI: Torsten pointed out a potential problem with the solution in
r1207758, so I have committed a less intrusive approach for
set_client_cert() in r1208506. Shouldn't make a difference then running
the tests - otherwise let me know.

Kaspar

Re: Test failures and libwww-perl 6.0.3

2011-11-29 Thread Stefan Fritsch 
On Tuesday 29 November 2011, Kaspar Brand wrote:
 On 23.11.2011 15:06, Joe Orton wrote:
  On Wed, Nov 23, 2011 at 08:37:31AM +0100, Kaspar Brand wrote:
  There are two approaches to fix 1): a) turn off verify_hostname
  where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
  right now) or b) specify the CA cert (generated in
  t/conf/ca/...) to make verification work/succeed.
  
  (b) sounds better; I presume it doesn't break with older versions
  of LWP?
 
 LWP::UserAgent  6 will warn when supplying unrecognized options to
 its constructor, so I made the changes depend on $LWP::VERSION.
 
 I have committed the patches in r1207758 (for Apache::Test) and
 r1207759 (adjustments to the t/ssl tests).

Nice, works here now. Thanks.

Re: Test failures and libwww-perl 6.0.3

2011-11-28 Thread Kaspar Brand 
On 23.11.2011 15:06, Joe Orton wrote:
 On Wed, Nov 23, 2011 at 08:37:31AM +0100, Kaspar Brand wrote:
 There are two approaches to fix 1): a) turn off verify_hostname
 where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
 right now) or b) specify the CA cert (generated in t/conf/ca/...)
 to make verification work/succeed.
 
 (b) sounds better; I presume it doesn't break with older versions of 
 LWP?

LWP::UserAgent  6 will warn when supplying unrecognized options to its
constructor, so I made the changes depend on $LWP::VERSION.

I have committed the patches in r1207758 (for Apache::Test) and r1207759
(adjustments to the t/ssl tests).

Kaspar

Re: Test failures and libwww-perl 6.0.3

2011-11-23 Thread Joe Orton 
On Wed, Nov 23, 2011 at 08:37:31AM +0100, Kaspar Brand wrote:
 There are two approaches to fix 1): a) turn off verify_hostname
 where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
 right now) or b) specify the CA cert (generated in t/conf/ca/...)
 to make verification work/succeed.

(b) sounds better; I presume it doesn't break with older versions of 
LWP?

Regards, Joe

Re: Test failures and libwww-perl 6.0.3

2011-11-22 Thread Kaspar Brand 
On 18.11.2011 22:21, Stefan Fritsch wrote:
 in case any of you also have lots of test failures with libwww-perl 6.0.3, 
 setting these env vars fixes most of them for me:
 
  PERL_NET_HTTPS_SSL_SOCKET_CLASS=Net::SSL
  PERL_LWP_SSL_VERIFY_HOSTNAME=0
 
 No idea why Net::SSL works but IO::Socket::SSL doesn't.

The SSL test failures are a combination of two changes in LWP 6:

1) verify_hostname has been changed to default to on

2) by default, IO::Socket:SSL is used (instead of Net:SSL from
   Crypt::SSLeay), and IO::Socket:SSL doesn't honor the
   HTTPS_CERT_FILE and HTTPS_CERT_KEY environment variables
   when it comes to specifying a client cert

There are two approaches to fix 1): a) turn off verify_hostname
where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
right now) or b) specify the CA cert (generated in t/conf/ca/...)
to make verification work/succeed.

For 2), set_client_cert in TestRequest.pm needs to be enhanced,
e.g. like so:

Index: lib/Apache/TestRequest.pm
===
--- lib/Apache/TestRequest.pm   (revision 1205312)
+++ lib/Apache/TestRequest.pm   (working copy)
@@ -620,6 +620,9 @@ sub set_client_cert {
 if ($name) {
 $ENV{HTTPS_CERT_FILE} = $dir/certs/$name.crt;
 $ENV{HTTPS_KEY_FILE}  = $dir/keys/$name.pem;
+user_agent(reset = 1,
+   ssl_opts = { SSL_cert_file = $dir/certs/$name.crt,
+ SSL_key_file  = $dir/keys/$name.pem });
 }
 else {
 for (qw(CERT KEY)) {


Depending on how 1) is going to be addressed, set_client_cert also
needs to turn off verify_hostname at the same time, or it can
supply an SSL_ca_file as an additional ssl_opts argument.

What fix should be chosen for 1), a) or b)?

Kaspar

Test failures and libwww-perl 6.0.3

2011-11-18 Thread Stefan Fritsch 

Hi,

in case any of you also have lots of test failures with libwww-perl 6.0.3, 
setting these env vars fixes most of them for me:


PERL_NET_HTTPS_SSL_SOCKET_CLASS=Net::SSL
PERL_LWP_SSL_VERIFY_HOSTNAME=0

No idea why Net::SSL works but IO::Socket::SSL doesn't.  The remaining 
failures are:


t/modules/proxy.t (Wstat: 0 Tests: 15 Failed: 2)
  Failed tests:  9-10

# testing : reverse proxy to nph-102
# expected: 200
# received: 102
not ok 9
# testing : reverse proxy 102 response
# expected: this is nph-stdout
# received:
not ok 10

These seem to be caused by LWP only handling code 100 specially, not code 
1xx. If I replace in LWP/Protocol/http.pm at


($code, $mess, @h) = $socket-read_response_headers(laxed = 1, junk_out = 
\@junk)
if $code eq 100;

the 'eq 100' with '=~ /^1\d\d$/ ', t/modules/proxy.t passes. If anyone 
knows how to fix the test framework with this info, please go ahead.


Cheers,
Stefan