On Fri, 10 Oct 2008 16:49:03 +0200, Frank Lichtenheld wrote: > From my testing it seems that this FTBFS does not occour with > version 1.16 of libio-socket-ssl-perl from unstable.
Same here, the build fails in a lenny cowbuilder chroot with libio-socket-ssl-perl 1.15 and succeeds in a sid cowbuilder chroot with libio-socket-ssl-perl 1.16. > I would > therefor suggest letting the new version into testing. The patch > looks small enough. Additional information: 1) The upstream Changes explicitly says: - change opened() to report -1 if the IO::Handle is open, but the SSL connection failed, needed with HTTP::Daemon::SSL which will send an error mssage over the unencrypted socket 2) Attached is the complete diff between 1.15-1 and 1.16-1, it's really small. Cheers, gregor -- .''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/ `. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/ `- BOFH excuse #390: Increased sunspot activity.
Index: debian/control =================================================================== --- debian/control (revision 24723) +++ debian/control (working copy) @@ -3,7 +3,8 @@ Priority: optional Maintainer: Debian Perl Group <[EMAIL PROTECTED]> Uploaders: Florian Ragwitz <[EMAIL PROTECTED]>, - gregor herrmann <[EMAIL PROTECTED]> + gregor herrmann <[EMAIL PROTECTED]>, + Ansgar Burchardt <[EMAIL PROTECTED]> Build-Depends: debhelper (>= 7) Build-Depends-Indep: perl (>= 5.8.0-7), libnet-ssleay-perl (>= 1.35), netbase, libnet-libidn-perl Index: debian/changelog =================================================================== --- debian/changelog (revision 24723) +++ debian/changelog (working copy) @@ -1,3 +1,10 @@ +libio-socket-ssl-perl (1.16-1) unstable; urgency=low + + * New upstream release. + * Add myself to Uploaders. + + -- Ansgar Burchardt <[EMAIL PROTECTED]> Thu, 02 Oct 2008 00:14:11 +0200 + libio-socket-ssl-perl (1.15-1) unstable; urgency=low * New upstream release. Index: Changes =================================================================== --- Changes (revision 24723) +++ Changes (working copy) @@ -1,3 +1,10 @@ +v1.16 + - change code for SSL_check_crl to use X509_STORE_set_flags instead of + X509_STORE_CTX_set_flags based on bug report from + <tjtoocool[AT]phreaker[DOT]net > + - change opened() to report -1 if the IO::Handle is open, but the + SSL connection failed, needed with HTTP::Daemon::SSL which will send + an error mssage over the unencrypted socket v1.15 - change internal behavior when SSL handshake failed (like when verify callback returned an error) in the hope to fix spurios errors in Index: SSL.pm =================================================================== --- SSL.pm (revision 24723) +++ SSL.pm (working copy) @@ -51,7 +51,7 @@ BEGIN { # Declare @ISA, $VERSION, $GLOBAL_CONTEXT_ARGS @ISA = qw(IO::Socket::INET); - $VERSION = '1.15'; + $VERSION = '1.16'; $GLOBAL_CONTEXT_ARGS = {}; #Make $DEBUG another name for $Net::SSLeay::trace @@ -1178,7 +1178,7 @@ sub opened { my $self = shift; - return IO::Handle::opened($self) && ( ${*$self}{'_SSL_opened'} == 1 ); + return IO::Handle::opened($self) && ${*$self}{'_SSL_opened'}; } sub opening { @@ -1308,7 +1308,7 @@ if ($arg_hash->{'SSL_check_crl'}) { if (Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x0090702f) { - Net::SSLeay::X509_STORE_CTX_set_flags( + Net::SSLeay::X509_STORE_set_flags( Net::SSLeay::CTX_get_cert_store($ctx), Net::SSLeay::X509_V_FLAG_CRL_CHECK() ); @@ -1882,6 +1882,12 @@ get to do anything. But with version 0.98 you are better comparing the global exported variable $SSL_ERROR against the exported symbols SSL_WANT_READ and SSL_WANT_WRITE. +=item B<opened()> + +This returns false if the socket could not be opened, 1 if the socket could be opened +and the SSL handshake was successful done and -1 if the underlying IO::Handle is open, +but the SSL handshake failed. + =item B<< IO::Socket::SSL->start_SSL($socket, ... ) >> This will convert a glob reference or a socket that you provide to an IO::Socket::SSL
signature.asc
Description: Digital signature