perl-IO-Socket-SSL-2.058-1.fc29 fails to build with OpenSSL 1.1.1 because t/core.t test hangs at: $ perl -Iblib/{arch,lib} t/core.t [...] ok - Client Verify-sub Check ok - Client Verify-sub Check ok - Client Init from Fileno Check ok - Peer address check and a perl process consumes all CPU time. It seems that an SSL server never returns from this non-blocking read: if ($CAN_NONBLOCK) { $client->blocking(0); → $client->read($buffer, 20, 0); is( $SSL_ERROR, SSL_WANT_READ, "Server Nonblocking Check 1"); } This happens with: openssl-1.1.1-0.pre8.4.fc29.x86_64 perl-Net-SSLeay-1.85-5.fc29.x86_64 I don't know yet the root cause. I'm creating this bug report to have something for tracking. I will work on this and post new updates here.
This t/core.t hang is triggered by perl-Net-SSLeay patch that hides ERROR_WANT_READ/ERROR_WANT_WRITE SSL_read() errors by retrying instead of propagating them.
I have ready patches for IO-Socket-SSL so that all tests pass. I decided not to implement the TLSv1.3 explicit session resumption. The code works in Fedora 30 as well as in Fedora 28 where is old OpenSSL and unpatched Net-SSLeay. Can I push them into Fedora ≥ 29?
Sure, please do.
Builds are done. My gut feeling is that IO::Socket::SSL::close() should be changed to perform full SSL connection shutdown by default. Now it defaults to plain deallocating SSL data structures and closing TCP directly. That way TLSv1.3 servers may become unhappy because of unexpected failures in accept(). We will see and if that become a real issue I will amend IO::Socket::SSL. Please report any issues.