Re: [blfs-book] [BLFS Trac] #11712: IO-Socket-SSL-2.062 (Perl Module)

[BLFS Trac via blfs-book]

#11712: IO-Socket-SSL-2.062 (Perl Module)
-------------------------+-----------------------
 Reporter:  renodr       |       Owner:  ken@…
     Type:  enhancement  |      Status:  assigned
 Priority:  normal       |   Milestone:  8.4
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+-----------------------

Comment (by ken@…):

 Differences look benign, but a test has changed. Otherwise, updates to
 yml, docs, etc.
 But the URL I used 30 minutes ago (which returns 1.86_06 instead of a
 names version) now fails.

 Still working from firefox. I'm inclined to put this in and see if wget
 works later.

 NB in IO::Socket::SSL one of the test results looks odd:
 {{{
 # tcp connect to www.chksum.de:443 ok
 # fingerprint matches
 # validation with default CA w/o OCSP ok
 # got stapled response as expected
 # validation with default CA with OCSP defaults ok
 # validation with default CA with OCSP full chain ok
 # tcp connect to www.bild.de:443 ok
 # tcp connect to revoked.grc.com:443 ok
 # fingerprint matches
 # validation with default CA w/o OCSP ok
 t/external/ocsp.t ................. ok
 # found 0 CA certs
 t/external/usable_ca.t ............ skipped: no CA certs found
 }}}

 Given my issues in the last few days, I am surprised that mo CA certs were
 found :)

 This appears to be caused by
 {{{
 my %have_ca;
 # some systems seems to have junk in the CA stores
 # so better wrap it into eval
 eval {
     for my $f (
         ( $ca{SSL_ca_file} ? ($ca{SSL_ca_file}) : ()),
         ( $ca{SSL_ca_path} ? glob("$ca{SSL_ca_path}/*") :()),
         ) {
         open( my $fh,'<',$f ) or next;
         my $pem;
         while (<$fh>) {
             if ( m{^--+END} ) {
                 my $cert = PEM_string2cert($pem.$_);
                 $pem = undef;
                 $cert or next;
                 my $hash = Net::SSLeay::X509_subject_name_hash($cert);
                 $have_ca{sprintf("%08x",$hash)} = 1;
             } elsif ( m{^--+BEGIN (TRUSTED |X509 |)CERTIFICATE-+} ) {
                 $pem = $_;
             } elsif ( $pem ) {
                 $pem .= $_;
             }
         }
     }
 };
 }}}
 in that test. I have to assume it does not like the comments in fromt of
 each certificate in our ca-bundle.crt. Note that it (i.e. HTTP::Tiny
 pulled in) does not recommend installing Mozilla::CA so I'm not going to
 get worried by this, particularly since the tests complete and pass.

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11712#comment:7>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page