On Fri, 10 Oct 2008 16:49:03 +0200, Frank Lichtenheld wrote: > From my testing it seems that this FTBFS does not occour with > version 1.16 of libio-socket-ssl-perl from unstable.
Same here, the build fails in a lenny cowbuilder chroot with
libio-socket-ssl-perl 1.15 and succeeds in a sid cowbuilder chroot
with libio-socket-ssl-perl 1.16.
> I would
> therefor suggest letting the new version into testing. The patch
> looks small enough.
Additional information:
1) The upstream Changes explicitly says:
- change opened() to report -1 if the IO::Handle is open, but the
SSL connection failed, needed with HTTP::Daemon::SSL which will send
an error mssage over the unencrypted socket
2) Attached is the complete diff between 1.15-1 and 1.16-1, it's
really small.
Cheers,
gregor
--
.''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/
`. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
`- BOFH excuse #390: Increased sunspot activity.
Index: debian/control
===================================================================
--- debian/control (revision 24723)
+++ debian/control (working copy)
@@ -3,7 +3,8 @@
Priority: optional
Maintainer: Debian Perl Group <[EMAIL PROTECTED]>
Uploaders: Florian Ragwitz <[EMAIL PROTECTED]>,
- gregor herrmann <[EMAIL PROTECTED]>
+ gregor herrmann <[EMAIL PROTECTED]>,
+ Ansgar Burchardt <[EMAIL PROTECTED]>
Build-Depends: debhelper (>= 7)
Build-Depends-Indep: perl (>= 5.8.0-7), libnet-ssleay-perl (>= 1.35), netbase,
libnet-libidn-perl
Index: debian/changelog
===================================================================
--- debian/changelog (revision 24723)
+++ debian/changelog (working copy)
@@ -1,3 +1,10 @@
+libio-socket-ssl-perl (1.16-1) unstable; urgency=low
+
+ * New upstream release.
+ * Add myself to Uploaders.
+
+ -- Ansgar Burchardt <[EMAIL PROTECTED]> Thu, 02 Oct 2008 00:14:11 +0200
+
libio-socket-ssl-perl (1.15-1) unstable; urgency=low
* New upstream release.
Index: Changes
===================================================================
--- Changes (revision 24723)
+++ Changes (working copy)
@@ -1,3 +1,10 @@
+v1.16
+ - change code for SSL_check_crl to use X509_STORE_set_flags instead of
+ X509_STORE_CTX_set_flags based on bug report from
+ <tjtoocool[AT]phreaker[DOT]net >
+ - change opened() to report -1 if the IO::Handle is open, but the
+ SSL connection failed, needed with HTTP::Daemon::SSL which will send
+ an error mssage over the unencrypted socket
v1.15
- change internal behavior when SSL handshake failed (like when verify
callback returned an error) in the hope to fix spurios errors in
Index: SSL.pm
===================================================================
--- SSL.pm (revision 24723)
+++ SSL.pm (working copy)
@@ -51,7 +51,7 @@
BEGIN {
# Declare @ISA, $VERSION, $GLOBAL_CONTEXT_ARGS
@ISA = qw(IO::Socket::INET);
- $VERSION = '1.15';
+ $VERSION = '1.16';
$GLOBAL_CONTEXT_ARGS = {};
#Make $DEBUG another name for $Net::SSLeay::trace
@@ -1178,7 +1178,7 @@
sub opened {
my $self = shift;
- return IO::Handle::opened($self) && ( ${*$self}{'_SSL_opened'} == 1 );
+ return IO::Handle::opened($self) && ${*$self}{'_SSL_opened'};
}
sub opening {
@@ -1308,7 +1308,7 @@
if ($arg_hash->{'SSL_check_crl'}) {
if (Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x0090702f) {
- Net::SSLeay::X509_STORE_CTX_set_flags(
+ Net::SSLeay::X509_STORE_set_flags(
Net::SSLeay::CTX_get_cert_store($ctx),
Net::SSLeay::X509_V_FLAG_CRL_CHECK()
);
@@ -1882,6 +1882,12 @@
get to do anything. But with version 0.98 you are better comparing the global exported
variable $SSL_ERROR against the exported symbols SSL_WANT_READ and SSL_WANT_WRITE.
+=item B<opened()>
+
+This returns false if the socket could not be opened, 1 if the socket could be opened
+and the SSL handshake was successful done and -1 if the underlying IO::Handle is open,
+but the SSL handshake failed.
+
=item B<< IO::Socket::SSL->start_SSL($socket, ... ) >>
This will convert a glob reference or a socket that you provide to an IO::Socket::SSL
signature.asc
Description: Digital signature
