Skip to content

Skip OpenSSL 3.x-specific tests on LibreSSL#181

Merged
timlegge merged 2 commits intocpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-libressl-test-skips
Apr 24, 2026
Merged

Skip OpenSSL 3.x-specific tests on LibreSSL#181
timlegge merged 2 commits intocpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-libressl-test-skips

Conversation

@toddr-bot
Copy link
Copy Markdown
Contributor

@toddr-bot toddr-bot commented Apr 23, 2026
edited
Loading

What

Skip two OpenSSL 3.x-specific tests that fail on LibreSSL (OpenBSD).

Why

CPAN Testers FAIL on OpenBSD 7.4 (Perl 5.36.1, LibreSSL 3.8.x).

Crypt::OpenSSL::Guess::openssl_version() returns $major="3.8" for LibreSSL, which satisfies the >= 3.0 checks meant for real OpenSSL 3.x. But LibreSSL uses the pre-3.x code path internally (OPENSSL_VERSION_NUMBER < 0x30000000L), so:

  • use_sslv23_padding is a valid XS function (not the Perl croak stub)
  • RSA_verify ignores the padding mode setting (no cross-padding rejection)

How

Detect LibreSSL via the third return value of openssl_version(), which is undef for LibreSSL (no letter suffix in version string) and defined ("" or a letter) for OpenSSL. Skip the two affected tests when LibreSSL is detected.

Testing

Full test suite passes on OpenSSL 3.5 (619 tests). The SSLv23 croak test and cross-padding test still run correctly on real OpenSSL 3.x.

🤖 Generated with Claude Code

Quality Report

Changes: 2 files changed, 10 insertions(+), 5 deletions(-)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

@toddr-bot @claude
Skip OpenSSL 3.x-specific tests on LibreSSL
a5dfbc9 
LibreSSL reports version >= 3.0 via openssl_version() but uses the
pre-3.x code path (OPENSSL_VERSION_NUMBER < 0x30000000L). This caused
two test failures on OpenBSD:

- t/padding.t: use_sslv23_padding is a valid XS function on LibreSSL
  (RSA_SSLV23_PADDING still exists) so it does not croak
- t/pkcs1_sign.t: RSA_verify on pre-3.x/LibreSSL ignores the padding
  mode setting, so cross-padding verification succeeds

Detect LibreSSL via the third return value of openssl_version() which
is undef for LibreSSL (no letter suffix) and defined for OpenSSL.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
timlegge
timlegge reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@timlegge timlegge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@toddr-bot review

Comment thread t/padding.t Outdated
# sslv23 is unsupported on OpenSSL 3.x
# sslv23 is unsupported on OpenSSL 3.x but LibreSSL still supports it
# openssl_version() returns undef for the third element on LibreSSL
my $is_libressl = !defined $patch;
Copy link
Copy Markdown
Member

@timlegge timlegge Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the lack of a patch level is indicative of it being libressl

@toddr
Copy link
Copy Markdown
Member

toddr commented Apr 23, 2026

@toddr-bot rebase

@toddr-bot
Detect LibreSSL via version string instead of undefined patch level
a3788e2 
Changes look good. Here's the summary:

- Replaced `!defined $patch` LibreSSL detection with explicit `openssl version` output check for "LibreSSL" string, per @timlegge's review that the lack of a patch level is not reliably indicative of LibreSSL
- Used `find_openssl_exec(find_openssl_prefix())` from `Crypt::OpenSSL::Guess` to locate the correct OpenSSL binary (same approach the module uses internally)
- Moved `$is_libressl` detection to the top of each file alongside other version detection, removed inline declarations and stale comments
- Applied to both `t/padding.t` and `t/pkcs1_sign.t`
@toddr-bot
Copy link
Copy Markdown
Contributor Author

toddr-bot commented Apr 23, 2026

Rebase with requested adjustments

Branch koan.toddr.bot/fix-libressl-test-skips was rebased onto main and review feedback was applied.

Changes applied

  • Changes look good. Here's the summary:
  • Replaced !defined $patch LibreSSL detection with explicit openssl version output check for "LibreSSL" string, per @timlegge's review that the lack of a patch level is not reliably indicative of LibreSSL
  • Used find_openssl_exec(find_openssl_prefix()) from Crypt::OpenSSL::Guess to locate the correct OpenSSL binary (same approach the module uses internally)
  • Moved $is_libressl detection to the top of each file alongside other version detection, removed inline declarations and stale comments
  • Applied to both t/padding.t and t/pkcs1_sign.t

Stats

2 files changed, 10 insertions(+), 7 deletions(-)
Actions performed
  • Already-solved check: negative (confidence=high, reasoning=None of the recent commits on main address LibreSSL-specific test skipping for sslv23 padding or cro)
  • Rebased koan.toddr.bot/fix-libressl-test-skips onto upstream/main
  • Applied review feedback
  • Pre-push CI check: previous run passed
  • Force-pushed koan.toddr.bot/fix-libressl-test-skips to origin
  • CI check enqueued in ## CI (async)

CI status

CI will be checked asynchronously.

Automated by Kōan

timlegge
timlegge approved these changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@timlegge timlegge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on openbsd 7.7

@timlegge timlegge marked this pull request as ready for review April 24, 2026 07:07
@timlegge timlegge merged commit 6d3b4d8 into cpan-authors:main Apr 24, 2026
28 checks passed
@toddr-bot toddr-bot deleted the koan.toddr.bot/fix-libressl-test-skips branch April 24, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@toddr-bot @toddr @timlegge