rpms / perl-IO-Socket-SSL

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-beta-stream-2.066 c8-stream-2.066 c8-stream-5.24 c8-stream-5.26 c8s c8s-stream-2.066 c9 c9-beta
  1.   c8-stream-5.24
  2.   SOURCES
  3.   IO-Socket-SSL-2.059-Do-two-way-shutdown-in-t-sni_verify.t.patch
Blob Blame History Raw 
From 84a3bc6c273977bcd4b709e0d9a3d9fcdd58e36d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 17 Aug 2018 14:46:33 +0200
Subject: [PATCH] Do two-way shutdown in t/sni_verify.t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenSSL 1.1.1-pre7 sigipipes TLSv1.3 server if client does not
shutdown TLS properly.
<https://github.com/openssl/openssl/issues/6904>

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 t/sni_verify.t | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/t/sni_verify.t b/t/sni_verify.t
index b3b299b..b5ac4bd 100644
--- a/t/sni_verify.t
+++ b/t/sni_verify.t
@@ -71,6 +71,13 @@ if ( $pid == 0 ) {
 
 	$client->verify_hostname($host,'http') or print "not ";
 	print "ok # client verify hostname in cert $host\n";
+
+	if ($client) {
+	    # Shutdown TLS properly. Otherwise TLSv1.3 server will receive SIGPIPE
+	    # in SSL_accept() and dies.
+	    # <https://github.com/openssl/openssl/issues/6904>.
+	    $client->close('SSL_fast_shutdown' => 0);
+	}
     }
     exit;
 }
@@ -81,5 +88,8 @@ for my $host (@tests) {
     my $name = $csock->get_servername;
     print "not " if ! $name or $name ne $host;
     print "ok # server got SNI name $host\n";
+    if ($csock) {
+        $csock->close('SSL_fast_shutdown' => 0);
+    }
 }
 wait;
-- 
2.14.4

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation