diff --git a/IO-Socket-SSL-2.067-openssl-1.1.1e.patch b/IO-Socket-SSL-2.067-openssl-1.1.1e.patch new file mode 100644 index 0000000..6a64868 --- /dev/null +++ b/IO-Socket-SSL-2.067-openssl-1.1.1e.patch @@ -0,0 +1,44 @@ +--- lib/IO/Socket/SSL.pm ++++ lib/IO/Socket/SSL.pm +@@ -38,6 +38,7 @@ BEGIN { + # results from commonly used constant functions from Net::SSLeay for fast access + my $Net_SSLeay_ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ(); + my $Net_SSLeay_ERROR_WANT_WRITE = Net::SSLeay::ERROR_WANT_WRITE(); ++my $Net_SSLeay_ERROR_SSL = Net::SSLeay::ERROR_SSL(); + my $Net_SSLeay_ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL(); + my $Net_SSLeay_VERIFY_NONE = Net::SSLeay::VERIFY_NONE(); + my $Net_SSLeay_VERIFY_PEER = Net::SSLeay::VERIFY_PEER(); +@@ -1196,6 +1197,11 @@ sub _generic_read { + last; + } + } ++ if ($err == $Net_SSLeay_ERROR_SSL) { ++ # OpenSSL 1.1.1e+ ++ $data = ''; ++ last; ++ } + $self->error("SSL read error"); + } + return; +@@ -1274,6 +1280,11 @@ sub _generic_write { + } + if ( !defined($written) ) { + if ( my $err = $self->_skip_rw_error( $ssl,-1 )) { ++ # if ERROR_SSL then make it look like it used to do ++ if ( $err == $Net_SSLeay_ERROR_SSL ) { ++ $err = $Net_SSLeay_ERROR_SYSCALL; ++ $! = 0; ++ } + # if $! is not set with ERROR_SYSCALL then report as EPIPE + $! ||= EPIPE if $err == $Net_SSLeay_ERROR_SYSCALL; + $self->error("SSL write error ($err)"); +--- t/core.t ++++ t/core.t +@@ -130,6 +130,7 @@ unless (fork) { + 4.0, + ord("y"), + "Test\nBeaver\nBeaver\n"); ++ Net::SSLeay::shutdown($client->_get_ssl_object); + shutdown($client, 1); + + my $buffer="\0\0aaaaaaaaaaaaaaaaaaaa"; diff --git a/IO-Socket-SSL-2.067-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.067-use-system-default-SSL-version.patch index 732ce31..462dfb7 100644 --- a/IO-Socket-SSL-2.067-use-system-default-SSL-version.patch +++ b/IO-Socket-SSL-2.067-use-system-default-SSL-version.patch @@ -1,6 +1,6 @@ --- lib/IO/Socket/SSL.pm +++ lib/IO/Socket/SSL.pm -@@ -194,7 +194,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p +@@ -195,7 +195,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p # global defaults my %DEFAULT_SSL_ARGS = ( SSL_check_crl => 0, @@ -9,7 +9,7 @@ SSL_verify_callback => undef, SSL_verifycn_scheme => undef, # fallback cn verification SSL_verifycn_publicsuffix => undef, # fallback default list verification -@@ -2383,7 +2383,7 @@ sub new { +@@ -2394,7 +2394,7 @@ sub new { my $ssl_op = $DEFAULT_SSL_OP; diff --git a/IO-Socket-SSL-2.067-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.067-use-system-default-cipher-list.patch index 800ab64..a4d8674 100644 --- a/IO-Socket-SSL-2.067-use-system-default-cipher-list.patch +++ b/IO-Socket-SSL-2.067-use-system-default-cipher-list.patch @@ -1,6 +1,6 @@ --- lib/IO/Socket/SSL.pm +++ lib/IO/Socket/SSL.pm -@@ -202,77 +202,17 @@ my %DEFAULT_SSL_ARGS = ( +@@ -203,77 +203,17 @@ my %DEFAULT_SSL_ARGS = ( SSL_npn_protocols => undef, # meaning depends whether on server or client side SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1'] diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index c39d43a..7a2ddd9 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -3,7 +3,7 @@ Name: perl-IO-Socket-SSL Version: 2.067 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Perl library for transparent SSL License: (GPL+ or Artistic) and MPLv2.0 URL: https://metacpan.org/release/IO-Socket-SSL @@ -13,6 +13,7 @@ Patch1: IO-Socket-SSL-2.067-use-system-default-SSL-version.patch # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch, # bug #1632660, requires openssl tool Patch2: IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch +Patch3: IO-Socket-SSL-2.067-openssl-1.1.1e.patch BuildArch: noarch # Module Build BuildRequires: coreutils @@ -79,6 +80,10 @@ mod_perl. %prep %setup -q -n IO-Socket-SSL-%{version} +# Fix FTBFS with OpenSSL 1.1.1e +# https://github.com/noxxi/p5-io-socket-ssl/issues/93 +%patch3 + # Use system-wide default cipher list to support use of system-wide # crypto policy (#1076390, #1127577, CPAN RT#97816) # https://fedoraproject.org/wiki/Changes/CryptoPolicy @@ -122,6 +127,10 @@ make test %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3* %changelog +* Sat Mar 21 2020 Paul Howarth - 2.067-2 +- Fix FTBFS with OpenSSL 1.1.1e + https://github.com/noxxi/p5-io-socket-ssl/issues/93 + * Sat Feb 15 2020 Paul Howarth - 2.067-1 - Update to 2.067 - Fix memory leak on incomplete handshake (GH#92)