On 18/06/13 01:10, Ken Moffat wrote:
On Mon, Jun 17, 2013 at 08:56:35AM +0200, NP wrote:
On 13-06-17 03:27, Ken Moffat wrote:
[snip]
In the absence of more data (I'm still using perl-5.16 until I
start my next build) I suspect there _might_ be a problem with
building openssl on current perl (5.18).
ĸen
Right. With Perl-5.18, pod2man has decided to enforce more strict
syntax rules. This breaks some packages in BLFS, for instance :
- openssl-1.01e
- wget-1.14
- Wireshark-1.8.3
Mainly, pod2man rejects =ITEM commands followd by a number. To fix
it, just prefix the number with some alpha character.
The =ITEM commands should also been strictly enclosed by =OPEN /
=BREAK commands (one occurrence in openssl package).
I have made a patch for openssl; perhaps you my find it useful.
With best regards.
--
Nico / 13-06-17
diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod openssl-1.0.1e/doc/apps/cms.pod
--- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-02-11 15:26:04.000000000
+0000
+++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-04 18:00:00.358162120 +0000
@@ -450,28 +450,28 @@
=over 4
-=item 0
+=item >0
[ snip ]
I've now installed perl-5.18 (grumpily - I did a manual install,
thought I'd told it to go into /usr/local but it installed in /usr
so I'll be restoring the system from a backup when I've finished
with this and wget.). Yes, I saw the problem during
make INSTALL_PREFIX=/path/to/somewhere ... install
and Nico's patch gets past that problem. But when I looked at the
installed SSL_CTX_use_psk_identity_hint.3ssl I noticed that the
added '>' were appearing in front of the return codes:
RETURN VALUES
SSL_CTX_use_psk_identity_hint() and
SSL_use_psk_identity_hint() return 1 on success, 0
otherwise.
Return values from the server callback are interpreted
as follows:
> 0 PSK identity was found and the server callback has
provided the PSK successfully in parameter psk.
Return value is the length of psk in bytes. It is an
error to return a value greater than max_psk_len.
If the PSK identity was not found but the callback
instructs the protocol to continue anyway, the
callback must provide some random data to psk and
return the length of the random data, so the
connection will fail with decryption_error before it
will be finished completely.
>0 PSK identity was not found. An
"unknown_psk_identity" alert message will be sent
and the connection setup fails.
1.0.1e 2013SSL-CTX_use_psk_identity_hint(3)
The first should be '> 0', the second 0.
And similar lists of return codes as >0 ... >N instead of 0 ... N
throughout the pages. I then looked at fedora - they have recently
added a patch to fix this problem. Unfortunately, they have a whole
raft of other patches, one or more of which already alter the pod
files, probably to put the lists of return codes into a consistent
order (some list 1, for an error, before 0). The end result is that
four hunks had to be fixed up manually, but even after that it still
missed various fixes which Nico had added. The attached version
builds, and almost everything I've looked at now reads correctly.
The one exception is SSL_shutdown (3). Nico's patch lists the
return values as >1, >0, >-1. My amended patch causes them to be
listed as 1, 0, <0 (using E<lt>0 which I noticed in one of the other
pod files). That look reasonable, but in fact the version on my
installed system actually says:
RETURN VALUES
The following return values can occur:
1. The shutdown was successfully completed. The "close
notify" alert was sent and the peer's "close notify"
alert was received.
2. The shutdown is not yet finished. Call
SSL_shutdown() for a second time, if a bidirectional
shutdown shall be performed. The output of
SSL_get_error(3) may be misleading, as an erroneous
SSL_ERROR_SYSCALL may be flagged even though no
error occurred.
3. -1
The shutdown was not successful because a fatal
error occurred either at the protocol level or a
connection failure occurred. It can also occur if
action is need to continue the operation for non-
blocking BIOs. Call SSL_get_error(3) with the
return value ret to find out the reason.
To me, that standard version makes less than zero sense : if 1,2,3
are the order in which possible return codes are listed, what are
the codes being described ?
Anyone got any opinions on SSL_shutdown (3), even just a bare "mine
also says the return values are 1, 2, 3 with -1" ?
Nico - we credit patches with authorship, as well as upstream
status. Can I put you as the author, with myself for changes ?
I note that a slightly different patch is in
http://marc.info/?l=openssl-dev&m=136988464021098&w=2 - for me, as
for Xinglp, it doesn't all apply (possibly, things have already been
changeded in openssl-master). Attempting to fix it up, the first
rejection is in a file which doesn't need to be fixed in our build.
I gave up at that point.
ĸen
Hi
I had the same thing recently and constructed the attached patch based
on the fedora , be interesting to see if there is any difference.
Regards
Martin
diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod openssl-1.0.1e/doc/apps/cms.pod
--- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-06-06 14:35:15.867871879 +0100
+++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-06 14:35:25.791747119 +0100
@@ -450,28 +450,28 @@
=over 4
-=item 0
+=item C<0>
the operation was completely successfully.
-=item 1
+=item C<1>
an error occurred parsing the command options.
-=item 2
+=item C<2>
one of the input files could not be read.
-=item 3
+=item C<3>
an error occurred creating the CMS file or when reading the MIME
message.
-=item 4
+=item C<4>
an error occurred decrypting or verifying the message.
-=item 5
+=item C<5>
the message was verified correctly but an error occurred writing out
the signers certificates.
diff -Naur openssl-1.0.1e.orig/doc/apps/smime.pod openssl-1.0.1e/doc/apps/smime.pod
--- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-06-06 14:35:15.867871879 +0100
+++ openssl-1.0.1e/doc/apps/smime.pod 2013-06-06 14:35:25.794747082 +0100
@@ -308,28 +308,28 @@
=over 4
-=item 0
+=item C<0>
the operation was completely successfully.
-=item 1
+=item C<1>
an error occurred parsing the command options.
-=item 2
+=item C<2>
one of the input files could not be read.
-=item 3
+=item C<3>
an error occurred creating the PKCS#7 file or when reading the MIME
message.
-=item 4
+=item C<4>
an error occurred decrypting or verifying the message.
-=item 5
+=item C<5>
the message was verified correctly but an error occurred writing out
the signers certificates.
diff -Naur openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
--- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:35:15.874871791 +0100
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:37:13.826388940 +0100
@@ -278,6 +278,8 @@
an application specific error. This will never be returned unless explicitly
set by an application.
+=back
+
=head1 NOTES
The above functions should be used instead of directly referencing the fields
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod openssl-1.0.1e/doc/ssl/SSL_accept.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-06-06 14:35:25.796747057 +0100
@@ -44,12 +44,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod openssl-1.0.1e/doc/ssl/SSL_clear.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-06-06 14:35:25.803746969 +0100
@@ -56,12 +56,12 @@
=over 4
-=item 0
+=item C<0>
The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.
-=item 1
+=item C<1>
The SSL_clear() operation was successful.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:25.806746931 +0100
@@ -53,11 +53,11 @@
=over 4
-=item 0
+=item C<0>
The operation succeeded.
-=item 1
+=item C<1>
The operation failed. Check the error queue to find out the reason.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod openssl-1.0.1e/doc/ssl/SSL_connect.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-06-06 14:35:15.869871854 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-06-06 14:35:25.808746906 +0100
@@ -41,12 +41,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:25.816746805 +0100
@@ -52,13 +52,13 @@
=over 4
-=item 0
+=item C<0>
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:25.818746780 +0100
@@ -100,13 +100,13 @@
=over 4
-=item 0
+=item C<0>
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:25.821746742 +0100
@@ -66,11 +66,11 @@
=over 4
-=item 1
+=item C<1>
The operation succeeded.
-=item 0
+=item C<0>
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:25.828746654 +0100
@@ -64,13 +64,13 @@
=over 4
-=item 0
+=item C<0>
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:25.831746617 +0100
@@ -42,11 +42,11 @@
=over 4
-=item 0
+=item C<0>
The new choice failed, check the error stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:36:42.456783309 +0100
@@ -81,6 +81,8 @@
Return values from the server callback are interpreted as follows:
+=over
+
=item > 0
PSK identity was found and the server callback has provided the PSK
@@ -94,9 +96,11 @@
connection will fail with decryption_error before it will be finished
completely.
-=item 0
+=item C<0>
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
+=back
+
=cut
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:15.869871854 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:25.839746516 +0100
@@ -45,12 +45,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_read.pod openssl-1.0.1e/doc/ssl/SSL_read.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-06-06 14:35:25.847746415 +0100
@@ -86,7 +86,7 @@
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
-=item 0
+=item C<0>
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:25.849746390 +0100
@@ -27,11 +27,11 @@
=over 4
-=item 0
+=item C<0>
A new session was negotiated.
-=item 1
+=item C<1>
A session was reused.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:15.869871854 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:25.852746353 +0100
@@ -35,11 +35,11 @@
=over 4
-=item 0
+=item C<0>
The operation failed. Check the error stack to find out why.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod openssl-1.0.1e/doc/ssl/SSL_set_session.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:25.855746315 +0100
@@ -37,11 +37,11 @@
=over 4
-=item 0
+=item C<0>
The operation failed; check the error stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:25.857746290 +0100
@@ -92,12 +92,12 @@
=over 4
-=item 1
+=item C<1>
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item 0
+=item C<0>
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_write.pod openssl-1.0.1e/doc/ssl/SSL_write.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-06-06 14:35:25.865746189 +0100
@@ -79,7 +79,7 @@
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item C<0>
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
