Bug 1253454 - [Rebase] Perl Net-SSLeay > 1.53 for authentication with Mac and ios
[Rebase] Perl Net-SSLeay > 1.53 for authentication with Mac and ios
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: perl-Net-SSLeay (Show other bugs)
6.7
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: perl-maint-list
BaseOS QE Security Team
: Rebase
Depends On:
Blocks: 1172231
  Show dependency treegraph
 
Reported: 2015-08-13 13:32 EDT by Piyush Bhoot
Modified: 2015-09-23 09:10 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-23 09:10:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Piyush Bhoot 2015-08-13 13:32:32 EDT
Description of problem:

MacOSX 10.11 and iOS9 use TLS1.2/EAP for authentication to Radiator servers. Radiator depends on the perl-Net-SSLeay package. and RHEL6.7 the Net::SSLeay is version 1.35. 
To correctly handle TLS1.2/EAP you need Net::SSLeay > 1.53.

Issue is on RHEL 6.7 with Radiator 4.15
Comment 2 Petr Pisar 2015-08-24 09:25:07 EDT
Red Hat usually does not rebase packages. Especially when the difference between the delivered and requested version is so big (only the changelog difference has more than a thousand of lines).

Could you please be more specific which functionality from <http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.53/Changes> are you interested in? We can try to port it back.

Is it the support for OpenSSL's SSL_export_keying_material()?
Comment 3 Arjan Dekker 2015-08-26 05:33:20 EDT
we have the same problem. Radiator does not support TLS v1.2 thanks to the old version of Net::SSLeay. I think that this is what we need:
Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version

From: http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.66/Changes
Comment 4 Petr Pisar 2015-08-26 07:28:18 EDT
(In reply to Arjan Dekker from comment #3)
> we have the same problem. Radiator does not support TLS v1.2 thanks to the
> old version of Net::SSLeay. I think that this is what we need:
> Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version
> 
The feature you described is about forcing TLS version that is useful when OpenSSL's negotiation does not work. It was added in upstream's 1.59 version. Hence I think this is a different issue.

If you think you need it, then please contact Red Hat support with your request for adding support for $Net::SSLeay::ssl_version to recognize values 11 (TLSv1.1) and 12 (TLSv1.2).

I don't have Radiator sources to determine whether the feature is or is not needed.
Comment 8 Petr Pisar 2015-09-23 09:10:34 EDT
We are not going to rebase this package. If you need a specific feature, please file a new request for the feature.

Note You need to log in before you can comment on or make changes to this bug.