rpms / perl-Net-SSLeay

Clone
Source Code
GIT

Blame SOURCES/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8-beta-stream-2.066 c8-stream-2.066 c8-stream-5.24 c8-stream-5.26 c8s-stream-2.066 c9 c9-beta
  1.   20bab0b1267a65ed1f42c26f34579602181fd537
  2.   SOURCES
  3.   Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
Blob History Raw
20bab0 
From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001
20bab0 
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
20bab0 
Date: Tue, 14 Aug 2018 16:55:52 +0200
20bab0 
Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t
20bab0 
MIME-Version: 1.0
20bab0 
Content-Type: text/plain; charset=UTF-8
20bab0 
Content-Transfer-Encoding: 8bit
20bab0
20bab0 
t/local/36_verify.t fails randomly with OpenSSL 1.1.1:
20bab0
20bab0 
    #   Failed test 'Verify callback result and get_verify_result are equal'
20bab0 
    #   at t/local/36_verify.t line 111.
20bab0 
    #          got: '-1'
20bab0 
    #     expected: '0'
20bab0 
    #   Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'
20bab0 
    #   at t/local/36_verify.t line 118.
20bab0 
    #          got: '-1'
20bab0 
    #     expected: '43'
20bab0 
    Bailout called.  Further testing stopped:  failed to connect to server: Connection refused
20bab0 
    FAILED--Further testing stopped: failed to connect to server: Connection refused
20bab0
20bab0 
I believe this because TLSv1.3 server can generate SIGPIPE if a client
20bab0 
disconnects too soon.
20bab0
20bab0 
Signed-off-by: Petr Písař <ppisar@redhat.com>
20bab0 
---
20bab0 
 t/local/36_verify.t | 10 ++++++++++
20bab0 
 1 file changed, 10 insertions(+)
20bab0
20bab0 
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
20bab0 
index e55b138..2837288 100644
20bab0 
--- a/t/local/36_verify.t
20bab0 
+++ b/t/local/36_verify.t
20bab0 
@@ -266,10 +266,20 @@ sub run_server
20bab0
20bab0 
     return if $pid != 0;
20bab0
20bab0 
+    $SIG{'PIPE'} = 'IGNORE';
20bab0 
     my $ctx = Net::SSLeay::CTX_new();
20bab0 
     Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
20bab0 
     my $ret = Net::SSLeay::CTX_check_private_key($ctx);
20bab0 
     BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1;
20bab0 
+    if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) {
20bab0 
+        # TLS 1.3 server sends session tickets after a handhake as part of
20bab0 
+        # the SSL_accept(). If a client finishes all its job including closing
20bab0 
+        # TCP connectino before a server sends the tickets, SSL_accept() fails
20bab0 
+        # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
20bab0 
+        # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
20bab0 
+        my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0);
20bab0 
+        BAIL_OUT("Session tickets disabled") unless $ret;
20bab0 
+    }
20bab0
20bab0 
     while (1)
20bab0 
     {
20bab0 
--
20bab0 
2.14.4
20bab0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation