Bug 1616198
Summary: | perl-IO-Socket-SSL-2.058-1.fc29 FTBFS with OpenSSL 1.1.1: t/core.t hangs | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Petr Pisar <ppisar> |
Component: | perl-IO-Socket-SSL | Assignee: | Petr Pisar <ppisar> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 29 | CC: | alexl, caillon+fedoraproject, jose.p.oliveira.oss, mbarnes, paul, perl-devel, rhughes, rstrode, sandmann |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | perl-IO-Socket-SSL-2.059-2.fc29 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-08-22 08:10:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petr Pisar
2018-08-15 09:00:15 UTC
This t/core.t hang is triggered by perl-Net-SSLeay patch that hides ERROR_WANT_READ/ERROR_WANT_WRITE SSL_read() errors by retrying instead of propagating them. I have ready patches for IO-Socket-SSL so that all tests pass. I decided not to implement the TLSv1.3 explicit session resumption. The code works in Fedora 30 as well as in Fedora 28 where is old OpenSSL and unpatched Net-SSLeay. Can I push them into Fedora ≥ 29? Sure, please do. Builds are done. My gut feeling is that IO::Socket::SSL::close() should be changed to perform full SSL connection shutdown by default. Now it defaults to plain deallocating SSL data structures and closing TCP directly. That way TLSv1.3 servers may become unhappy because of unexpected failures in accept(). We will see and if that become a real issue I will amend IO::Socket::SSL. Please report any issues. |