here later in production.
Regards,
Steffen
--
Steffen Ullrich
Research, Projects and Products
steffen_ullr...@genua.de
PGP 0x3F84B1A6F7DEAF80
genua GmbH
Domagkstrasse 7, 85551 Kirchheim bei Muenchen
tel +49 89 991950-0, fax -999, www.genua.de
Geschaeftsfuehrer: Matthias Ochs, Marc Tesch
Amtsge
> Ah I see, thanks for the clarification. I thought you meant it could
> yield a deadlock. Aren't temporary failures also possible on plain
> sockets (though of course the extra SSL layer make it strictly more
> likely to happen)? IIRC if the checksum of the incoming packet
> mismatches, which c
On Mon, May 13, 2019 at 03:18:14PM +0200, Guilhem Moulin
wrote:
> On Mon, 13 May 2019 at 06:31:26 +0200, Steffen Ullrich wrote:
> > Applications which relied on blocking I/O in connection with select could
> > also hang before,
>
> Uh, what? “Before” meaning with ≤TLS
On Mon, May 13, 2019 at 01:02:45AM +0200, Guilhem Moulin
wrote:
> Thanks for your analysis, Steffen. Dropping the Debian-specific patch
> is definitely the way to go for libwww/LWP. However I still believe
> IO::Socket::SSL should provide a way to clear SSL_MODE_AUTO_RETRY in
> order to fix app
(from 2003) instead of
introducing yet another patch.
Regards,
Steffen
On Sun, May 12, 2019 at 01:11:45AM +0200, gregor herrmann
wrote:
> On Sat, 11 May 2019 21:56:01 +0200, Steffen Ullrich wrote:
>
> > I think the issue is a bit different than what was analyzed so far.
> […]
&g
I think the issue is a bit different than what was analyzed so far.
As far as I can see it has nothing to do with SSL_MODE_AUTO_RETRY but
instead is caused by expectations on the behavior of select which are wrong
with TLS 1.3.
I've added some more debugging to IO::Socket::SSL and what I saw was:
s the problems you see.
Regards,
Steffen Ullrich, Maintainer IO::Socket::SSL.
Thanks for the analysis that the problem is caused by a change in the
SSLEAY_DIR/OPENSSL_DIR constant with OpenSSL 1.1. I've adapted IO::Socket::SSL
in 2.040 (just released) to try both constants so the problem should hopefully
be solved by simply upgrading to 2.040.
Apart from that the proble
Hi,
This issue is fixed in IO::Socket::SSL version 2.017 or with commit
https://github.com/noxxi/p5-io-socket-ssl/commit/7432b34 in case you want to
backport this change.
Regards,
Steffen Ullrich,
Maintainer IO::Socket::SSL
On Sun, 02 Oct 2016 12:05:23 +0200 Michael Braun
wrote:
Package
deprecated interface so you better
might use 'IO::Socket::SSL->start_SSL($me->{sock})' instead. But I don't know if
it is worth for such an old an since 10 years unmaintained module.
Regards,
Steffen Ullrich, Maintainer IO::Socket::SSL
Hi,
as the maintainer of IO::Socket::SSL I strongly support this bug report.
First, like the author said, this behavior is unexpected and has serious
security implications.
Apart from that, disabling the verification of the hostname is more or less
the same as disabling any kind of certificate
Hi,
this bug describes in effect the same problem as #750646 and can be closed
(verified that the fix for #750646 also fixes this problem).
Regards,
Steffen Ullrich
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
> I was just looking at why lwp is behaving with https like it is,
> and it seems the cipher list being set up is really crappy.
Thanks for the polite introduction.
> I have no idea who selected those ciphers, but that list doesn't
> make any sense. For instance it doesn't contain any DHE cipher
> Thanks! I think the least intrusive thing for now would be to change the
> default of the Makefile.PL prompt if NO_NETWORK_TESTING is set. Would
> that be OK with you?
This check will be included in the next version.
See
https://github.com/noxxi/p5-io-socket-ssl/commit/de1451f5bc2d38fbbed2f3cda
Hi,
I'm the maintainer of IO::Socket::SSL and I've just found your serious
problem report about IO::Socket::SSL doing network connections to external
sites during testing.
IO::Socket::SSL will ask during the build, if the tests should be run and
you can deny running external tests. But, the defaul
On Sun, May 04, 2014 at 08:42:05AM +0200, Salvatore Bonaccorso
wrote:
> Hi Steffen,
>
> On Sat, May 03, 2014 at 11:28:30PM +0200, Steffen Ullrich wrote:
> > https://github.com/libwww-perl/lwp-protocol-https/pull/14
>
> Thanks for the patch, I have commited it to the
https://github.com/libwww-perl/lwp-protocol-https/pull/14
Regards,
Steffen
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
17 matches
Mail list logo