573916 – dev-perl/IO-Socket-SSL: Incompatibility with new stable version of OpenSSL 1.0.2f

Bug 573916 - dev-perl/IO-Socket-SSL: Incompatibility with new stable version of OpenSSL 1.0.2f

Summary: dev-perl/IO-Socket-SSL: Incompatibility with new stable version of OpenSSL 1....

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Unspecified (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Perl team

URL:	https://github.com/noxxi/p5-io-socket...
Whiteboard:
Keywords:

Duplicates (1):	573762 (view as bug list)
Depends on:
Blocks:

Reported:	2016-02-05 12:34 UTC by Maxim Britov
Modified:	2016-02-13 07:05 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Stripped upstream commit (6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff,449 bytes, patch) 2016-02-05 12:35 UTC, Maxim Britov	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maxim Britov 2016-02-05 12:34:25 UTC

I found troubles on my gateway with dkimproxy_out: status=deferred (conversation with 127.0.0.1[127.0.0.1] timed out while sending message body)
First entry in mail.log is 1 Feb 2016 and OpenSSL updated on 30 Jan 2016
Today I fount 98 messages stopped in mail queue.

I found fix in IO::Socket::SSL v2.023 with comment about issue with openssl 1.0.2f
Gentoo Portage contains only old version dev-perl/IO-Socket-SSL-2.12.0
Diff: https://github.com/noxxi/p5-io-socket-ssl/commit/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff

I removed changelog and version info from diff and I found it applicable to 2.12
# patch -i /tmp/111/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd.diff -p4
patching file SSL.pm
Hunk #1 succeeded at 1235 (offset -67 lines)

dkimproxy restarted and seems works.

Please look

Reproducible: Sometimes

Comment 1 Maxim Britov 2016-02-05 12:35:46 UTC

Created attachment 424676 [details, diff]
Stripped upstream commit

Comment 2 Maxim Britov 2016-02-05 12:36:17 UTC

+2.023 2016/01/30
+- OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
+  was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
+  This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
+  which caused an endless loop. It will now ignore this result in case the TLS
+  connection was not yet established and consider the TLS connection closed
+  instead.

Comment 3 Paolo Pedroni 2016-02-08 11:15:53 UTC

*** Bug 573762 has been marked as a duplicate of this bug. ***

Comment 4 Paolo Pedroni 2016-02-08 11:19:09 UTC

I can confirm this bug, and also that the patch works.

Comment 5 SpanKY gentoo-dev

2016-02-13 07:05:24 UTC

bumped here:
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f80b5c9be202beafd2d52a7e60a60b9a3183f094