Bug 1253454

Summary: [Rebase] Perl Net-SSLeay > 1.53 for authentication with Mac and ios
Product: Red Hat Enterprise Linux 6 Reporter: Piyush Bhoot <pbhoot>
Component: perl-Net-SSLeayAssignee: perl-maint-list
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.7CC: a.dekker, ppisar, psabata
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-23 09:10:34 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1172231    

Description Piyush Bhoot 2015-08-13 13:32:32 EDT
Description of problem:

MacOSX 10.11 and iOS9 use TLS1.2/EAP for authentication to Radiator servers. Radiator depends on the perl-Net-SSLeay package. and RHEL6.7 the Net::SSLeay is version 1.35. 
To correctly handle TLS1.2/EAP you need Net::SSLeay > 1.53.

Issue is on RHEL 6.7 with Radiator 4.15
Comment 2 Petr Pisar 2015-08-24 09:25:07 EDT
Red Hat usually does not rebase packages. Especially when the difference between the delivered and requested version is so big (only the changelog difference has more than a thousand of lines).

Could you please be more specific which functionality from <http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.53/Changes> are you interested in? We can try to port it back.

Is it the support for OpenSSL's SSL_export_keying_material()?
Comment 3 Arjan Dekker 2015-08-26 05:33:20 EDT
we have the same problem. Radiator does not support TLS v1.2 thanks to the old version of Net::SSLeay. I think that this is what we need:
Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version

From: http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.66/Changes
Comment 4 Petr Pisar 2015-08-26 07:28:18 EDT
(In reply to Arjan Dekker from comment #3)
> we have the same problem. Radiator does not support TLS v1.2 thanks to the
> old version of Net::SSLeay. I think that this is what we need:
> Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version
> 
The feature you described is about forcing TLS version that is useful when OpenSSL's negotiation does not work. It was added in upstream's 1.59 version. Hence I think this is a different issue.

If you think you need it, then please contact Red Hat support with your request for adding support for $Net::SSLeay::ssl_version to recognize values 11 (TLSv1.1) and 12 (TLSv1.2).

I don't have Radiator sources to determine whether the feature is or is not needed.
Comment 8 Petr Pisar 2015-09-23 09:10:34 EDT
We are not going to rebase this package. If you need a specific feature, please file a new request for the feature.