Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 573916 - dev-perl/IO-Socket-SSL: Incompatibility with new stable version of OpenSSL 1.0.2f
Summary: dev-perl/IO-Socket-SSL: Incompatibility with new stable version of OpenSSL 1....
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Unspecified (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Perl team
URL: https://github.com/noxxi/p5-io-socket...
Whiteboard:
Keywords:
: 573762 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-02-05 12:34 UTC by Maxim Britov
Modified: 2016-02-13 07:05 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Stripped upstream commit (6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff,449 bytes, patch)
2016-02-05 12:35 UTC, Maxim Britov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Maxim Britov 2016-02-05 12:34:25 UTC
I found troubles on my gateway with dkimproxy_out: status=deferred (conversation with 127.0.0.1[127.0.0.1] timed out while sending message body)
First entry in mail.log is 1 Feb 2016 and OpenSSL updated on 30 Jan 2016
Today I fount 98 messages stopped in mail queue.

I found fix in IO::Socket::SSL v2.023 with comment about issue with openssl 1.0.2f
Gentoo Portage contains only old version dev-perl/IO-Socket-SSL-2.12.0
Diff: https://github.com/noxxi/p5-io-socket-ssl/commit/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff

I removed changelog and version info from diff and I found it applicable to 2.12
# patch -i /tmp/111/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff -p4
patching file SSL.pm
Hunk #1 succeeded at 1235 (offset -67 lines)

dkimproxy restarted and seems works.

Please look

Reproducible: Sometimes
Comment 1 Maxim Britov 2016-02-05 12:35:46 UTC
Created attachment 424676 [details, diff]
Stripped upstream commit
Comment 2 Maxim Britov 2016-02-05 12:36:17 UTC
+2.023 2016/01/30
+- OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
+  was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
+  This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
+  which caused an endless loop. It will now ignore this result in case the TLS
+  connection was not yet established and consider the TLS connection closed
+  instead.
Comment 3 Paolo Pedroni 2016-02-08 11:15:53 UTC
*** Bug 573762 has been marked as a duplicate of this bug. ***
Comment 4 Paolo Pedroni 2016-02-08 11:19:09 UTC
I can confirm this bug, and also that the patch works.