Bug 750793
Summary: | LWP::UserAgent 'timeout' parameter does not work for HTTPS URLs | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ingo van Lil <inguin> |
Component: | perl-libwww-perl | Assignee: | Petr Pisar <ppisar> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 15 | CC: | mmaslano, ppisar, vasmith |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | perl-Net-HTTP-6.02-1.fc17 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-07 20:22:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ingo van Lil
2011-11-02 11:48:59 UTC
I think this is not related to this update. The time-out issue is known since year 2003 (https://rt.cpan.org/Public/Bug/Display.html?id=3316). You're right, the bug was already present before the update. The update triggered the bug, though, because LWP now prefers IO::Socket::SSL (which somehow causes this issue) over Net::SSL (which works as expected but doesn't support host name verification). Part of the problem appears to be the overwritten blocking() method in Net/HTTPS.pm: Net::SSL cannot deal with non-blocking sockets, so they replace the method with a NOP. IO::Socket::SSL on the other hand supports non-blocking sockets, and actually depends on it for the timeout feature, so in that case the blocking() method should not be a NOP. Unfortunately that change alone doesn't fix the problem, though. Since F16, HTTPS is implemented by perl-Net-HTTP package. Upstream decided to remove the no-op redefinition in Net-HTTP-6.02. (https://rt.cpan.org/Public/Bug/Display.html?id=72580). I think it's better to have one good implementation instead of two half-broken, so I will try removing the redefinition too in older Fedoras too. Fixed in F17 by perl-Net-HTTP-6.02-1.fc17. perl-Net-HTTP-6.02-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/perl-Net-HTTP-6.02-1.fc16 Package perl-Net-HTTP-6.02-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing perl-Net-HTTP-6.02-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-16283/perl-Net-HTTP-6.02-1.fc16 then log in and leave karma (feedback). After installing the updated package the described test case fails using either socket implementation: - Net::SSL cannot deal with non-blocking sockets, so lwp-request fails immediately. - Using IO::Socket::SSL the request still blocks indefinitely. "strace" shows that the socket is indeed correctly set to non-blocking but the read is simply retried in 100ms intervals. The endless polling loop is in Net::HTTP::Methods::my_readline(), but I'm not sure if the problem should be fixed there or in LWP::Protocol::https (or both). I will file a bug report at the Net-HTTP tracker, maybe the author has an idea what should be done. But did you talk about F15? Because I performed tests in F17 and F16 and it works for both implementations: $ rpm -q perl-libwww-perl perl-Net-HTTP perl-libwww-perl-6.02-3.fc16.noarch perl-Net-HTTP-6.02-1.fc16.noarch # iptables -I OUTPUT -o lo -p tcp --dport 443 -j DROP $ lwp-request -t 2 'https://127.0.0.1:443/' Can't connect to 127.0.0.1:443 (timeout) LWP::Protocol::https::Socket: connect: timeout at /usr/share/perl5/LWP/Protocol/http.pm line 51. $ LANG=en_US.UTF-8 PERL_LWP_SSL_VERIFY_HOSTNAME=0 PERL_NET_HTTPS_SSL_SOCKET_CLASS=Net::SSL lwp-request -t 2 'https://127.0.0.1:443/' Connect failed: connect: timeout; Connection timed out at /usr/share/perl5/LWP/Protocol/http.pm line 31 $ LANG=en_US.UTF-8 PERL_LWP_SSL_VERIFY_HOSTNAME=0 PERL_NET_HTTPS_SSL_SOCKET_CLASS=IO::Socket::SSL lwp-request -t 2 'https://127.0.0.1:443/' Can't connect to 127.0.0.1:443 (timeout) LWP::Protocol::https::Socket: connect: timeout at /usr/share/perl5/LWP/Protocol/http.pm line 51. I was talking about F16. The difference between our test cases is that in your case the timeout occurs early during establishing the connection, while in my case the SSL connection is successfully established but the server takes too much time to handle the HTTP request. The IO::Socket::SSL::connect_SSL() method correctly handles the timeout, but Net::HTTP::Methods::my_readline(), invoked by read_response_headers(), does not. perl-Net-HTTP-6.02-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. This message is a notice that Fedora 15 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 15. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '15' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 15 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |