rpms / perl-Net-SSLeay

Clone
Source Code
GIT

Blame SOURCES/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8-beta-stream-2.066 c8-stream-2.066 c8-stream-5.24 c8-stream-5.26 c8s-stream-2.066 c9 c9-beta
  1.   c8-stream-5.24
  2.   SOURCES
  3.   Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
Blob History Raw
087f9f 
From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001
087f9f 
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
087f9f 
Date: Tue, 14 Aug 2018 16:55:52 +0200
087f9f 
Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t
087f9f 
MIME-Version: 1.0
087f9f 
Content-Type: text/plain; charset=UTF-8
087f9f 
Content-Transfer-Encoding: 8bit
087f9f
087f9f 
t/local/36_verify.t fails randomly with OpenSSL 1.1.1:
087f9f
087f9f 
    #   Failed test 'Verify callback result and get_verify_result are equal'
087f9f 
    #   at t/local/36_verify.t line 111.
087f9f 
    #          got: '-1'
087f9f 
    #     expected: '0'
087f9f 
    #   Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'
087f9f 
    #   at t/local/36_verify.t line 118.
087f9f 
    #          got: '-1'
087f9f 
    #     expected: '43'
087f9f 
    Bailout called.  Further testing stopped:  failed to connect to server: Connection refused
087f9f 
    FAILED--Further testing stopped: failed to connect to server: Connection refused
087f9f
087f9f 
I believe this because TLSv1.3 server can generate SIGPIPE if a client
087f9f 
disconnects too soon.
087f9f
087f9f 
Signed-off-by: Petr Písař <ppisar@redhat.com>
087f9f 
---
087f9f 
 t/local/36_verify.t | 10 ++++++++++
087f9f 
 1 file changed, 10 insertions(+)
087f9f
087f9f 
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
087f9f 
index e55b138..2837288 100644
087f9f 
--- a/t/local/36_verify.t
087f9f 
+++ b/t/local/36_verify.t
087f9f 
@@ -266,10 +266,20 @@ sub run_server
087f9f
087f9f 
     return if $pid != 0;
087f9f
087f9f 
+    $SIG{'PIPE'} = 'IGNORE';
087f9f 
     my $ctx = Net::SSLeay::CTX_new();
087f9f 
     Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
087f9f 
     my $ret = Net::SSLeay::CTX_check_private_key($ctx);
087f9f 
     BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1;
087f9f 
+    if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) {
087f9f 
+        # TLS 1.3 server sends session tickets after a handhake as part of
087f9f 
+        # the SSL_accept(). If a client finishes all its job including closing
087f9f 
+        # TCP connectino before a server sends the tickets, SSL_accept() fails
087f9f 
+        # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
087f9f 
+        # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
087f9f 
+        my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0);
087f9f 
+        BAIL_OUT("Session tickets disabled") unless $ret;
087f9f 
+    }
087f9f
087f9f 
     while (1)
087f9f 
     {
087f9f 
--
087f9f 
2.14.4
087f9f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation