Your message dated Thu, 09 Dec 2010 15:32:18 +0000
with message-id <[email protected]>
and subject line Bug#606249: fixed in libio-socket-ssl-perl 1.37-1
has caused the Debian Bug report #606249,
regarding libio-socket-ssl-perl: verify_callback invoked 3 times per connection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
606249: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606249
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libio-socket-ssl-perl
Version: 1.35-1
Severity: normal
If i supply a verify_callback, i find it gets invoked three times for
a single connection, if the callback is approved each time (if the
callback ever fails, it looks like it shortcuts the repeated verify
attempts). This is surprising to me. if it is intentional, i think
it should be better-documented at least.
If it is not intentional, it's possible that the bug is in
Net::SSLeay, or even further down in the stack. Feel free to
re-assign as you see fit.
Attached is a simple test case if you want to verify for yourself.
when i run it i get:
0 d...@pip:~/tmp$ ./demoproblem.pl
DEBUG: .../IO/Socket/SSL.pm:1461: new ctx 163340976
DEBUG: .../IO/Socket/SSL.pm:332: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:334: socket connected
DEBUG: .../IO/Socket/SSL.pm:347: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:1453: ok=0 cert=163571568
verify called (7 ok)
DEBUG: .../IO/Socket/SSL.pm:1453: ok=0 cert=163571568
verify called (7 ok)
DEBUG: .../IO/Socket/SSL.pm:1453: ok=1 cert=163146456
verify called (7 ok)
DEBUG: .../IO/Socket/SSL.pm:390: Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:445: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:1497: free ctx 163340976 open=163340976
DEBUG: .../IO/Socket/SSL.pm:1502: free ctx 163340976 callback
DEBUG: .../IO/Socket/SSL.pm:1505: OK free ctx 163340976
got 8271 characters
0 d...@pip:~/tmp$
thanks for maintaining IO::Socket::SSL in debian!
--dkg
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.36-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libio-socket-ssl-perl depends on:
ii libnet-ssleay-perl 1.36-1 Perl module for Secure Sockets Lay
ii netbase 4.43 Basic TCP/IP networking system
ii perl 5.10.1-16 Larry Wall's Practical Extraction
Versions of packages libio-socket-ssl-perl recommends:
ii libnet-libidn-perl 0.12.ds-1+b1 Perl bindings for GNU Libidn
Versions of packages libio-socket-ssl-perl suggests:
pn libio-socket-inet6-perl <none> (no description available)
-- no debconf information
#!/usr/bin/perl
use IO::Socket::SSL 1.35 qw(debug3);
use Net::SSLeay;
use LWP::Simple;
use warnings;
use strict;
# perversely reject connections 10% of the time, based on the wall clock:
sub verify {
my $x = (time() % 10);
if ($x > 0) {
printf("verify called (%d ok)\n", $x);
return 1;
} else {
printf("verify called (%d nope)\n", $x);
return 0;
}
}
IO::Socket::SSL::set_ctx_defaults(
verify_callback => sub { return verify(@_); },
verify_mode => 0x03,
# this argument is irrelevant, but currently required -- see http://bugs.debian.org/606243
ca_path => '.',
);
my $content = LWP::Simple::get('https://encrypted.google.com/');
if (defined($content)) {
printf("got %d characters\n", length($content));
} else {
printf("connection failed\n");
}
--- End Message ---
--- Begin Message ---
Source: libio-socket-ssl-perl
Source-Version: 1.37-1
We believe that the bug you reported is fixed in the latest version of
libio-socket-ssl-perl, which is due to be installed in the Debian FTP archive:
libio-socket-ssl-perl_1.37-1.debian.tar.gz
to main/libi/libio-socket-ssl-perl/libio-socket-ssl-perl_1.37-1.debian.tar.gz
libio-socket-ssl-perl_1.37-1.dsc
to main/libi/libio-socket-ssl-perl/libio-socket-ssl-perl_1.37-1.dsc
libio-socket-ssl-perl_1.37-1_all.deb
to main/libi/libio-socket-ssl-perl/libio-socket-ssl-perl_1.37-1_all.deb
libio-socket-ssl-perl_1.37.orig.tar.gz
to main/libi/libio-socket-ssl-perl/libio-socket-ssl-perl_1.37.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated
libio-socket-ssl-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 09 Dec 2010 16:20:10 +0100
Source: libio-socket-ssl-perl
Binary: libio-socket-ssl-perl
Architecture: source all
Version: 1.37-1
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libio-socket-ssl-perl - Perl module implementing object oriented interface to
SSL sockets
Closes: 606243 606248 606249
Changes:
libio-socket-ssl-perl (1.37-1) unstable; urgency=low
.
* New upstream release (Closes: #606243, #606248, #606249).
Checksums-Sha1:
2393f4d99e885a1313a1fdae84c2991742fcf2cc 2285 libio-socket-ssl-perl_1.37-1.dsc
ff68bd379643c2551b94a5a35e79363613d82e9c 67834
libio-socket-ssl-perl_1.37.orig.tar.gz
507a7d01720a489038dc346ca8d82e42e1d02fb8 4528
libio-socket-ssl-perl_1.37-1.debian.tar.gz
ac10688e0caedd894ae5abbe378167d9ceb0eaec 59136
libio-socket-ssl-perl_1.37-1_all.deb
Checksums-Sha256:
fa8e029e3e7bd3f21f9a218b44eeb8d395aa06ab0a8329ddda59d2ae175e7095 2285
libio-socket-ssl-perl_1.37-1.dsc
3abf56638ea697bb2566d41e605c5726d826ee341119e520689c6f68ad3fdcd7 67834
libio-socket-ssl-perl_1.37.orig.tar.gz
621785f64f9b67207096ae4791969240baaeafede78031d3c3ac8157a6ea81b6 4528
libio-socket-ssl-perl_1.37-1.debian.tar.gz
1914f3b9633131b80d654fcca1330b2cbc41da55288c592d0d4691085d7deb64 59136
libio-socket-ssl-perl_1.37-1_all.deb
Files:
ddb425e367da90146a7a81c908c5021f 2285 perl optional
libio-socket-ssl-perl_1.37-1.dsc
a75c962ce989865213ca4320766fdb77 67834 perl optional
libio-socket-ssl-perl_1.37.orig.tar.gz
e356ae0764d8e49106400a90a4355d46 4528 perl optional
libio-socket-ssl-perl_1.37-1.debian.tar.gz
0b7124a725c01acd0b1ec73e78ff271e 59136 perl optional
libio-socket-ssl-perl_1.37-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNAPR/AAoJEHidbwV/2GP+wj0QALa5N8HN3Bd5SKHoC4NysUvg
bc8pyrO2bre0jdDPQDf8G9OqmPWiFxQQ93VV8ZV61nlcv8IXZaydsdvGuGGurmVE
ob/aftDtZyplY3svO75JiQCT+kyvVFSFO7S/xA34j0Wo23d2uEnQmOX5WavddyYQ
UxFROLC8AG3XtTEOJ1Q6b5GCOER7uY9slTTtIi3o6j0AxdXYlffgsEaUzvNXXinR
IR3YFnzs3DB3zRoTjuHXmPyUx3kUgsa/4N+widRAXckssl9dnh/gnuKEyrw5kubM
jxnlhzYdwFRfah+WAq8SOUHu1/b1UOhyNb4S3e5ZTPnsWB0v7C2mICwpIY7FV7V9
dR/LKGHyInBypPIYaeyXp9LoOKi9Aha9nKOl5LwdZAzG0gWly0TqypRqvPP4ZDuM
5AwrMD5oDgjbtWAvYeWGk6HCHMCI8AWd6CHGzfq9sCOe0q8OLnuXmcq/CAsLDNX0
tpLTwEl1/WQgzRHVIbBJ40a5wdmQX7+9l7LH3a/dRjhqgJcdbaTRPLErtftV4Koa
mUSXuG08hOYXI6dp989iH9InGBg9Qdl2RbNL6nToFcZXWDOObCftZCgo17Jqqg35
dSu1vNiNRtGr0FdkEhaP1CqEJyU25u3oefHNm8L0oGSGvxevuPrssoop0aasqDGJ
Ycai4wgGTsIrbtWb9rtq
=KkVH
-----END PGP SIGNATURE-----
--- End Message ---
