Import of MIKEM/Net-SSLeay-1.58 from CPAN.

gitpan-cpan-distribution: Net-SSLeay gitpan-cpan-version: 1.58 gitpan-cpan-path: MIKEM/Net-SSLeay-1.58.tar.gz gitpan-cpan-author: MIKEM gitpan-cpan-maturity: released
gitpan · Oct 26, 2014 · b0940aa · b0940aa
1 parent 4d52a2d
commit b0940aa
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 13 deletions.
diff --git a/Changes b/Changes
@@ -1,11 +1,20 @@
 Revision history for Perl extension Net::SSLeay.
 
+1.58 2014-01-15
+     Always use size_t for strlen() return value, requested by Alexander Bluhm.
+     t/external/20_cert_chain.t was missing from dist.
+     Version number in META.yml was incorrect
+     Improvements to test t/external/20_cert_chain.t to provoke following bug:
+     Fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain
+     after use.
+     Fixed a problem when compiling against openssl where OPENSSL_NO_EC is set.
+
 1.57 2014-01-09
      Fixed remaining problems with test suite: pod coverage and kwalitee tests
      are only enabled with RELEASE_TESTING=1
 
 1.56 2014-01-08
-     Fixed a typo in documentaiton of BEAST Attack, patched by gregor
+     Fixed a typo in documentation of BEAST Attack, patched by gregor
      herrmann.
      Added LICENSE file copied form OpenSSL distribution to prevent complaints
      from various versions of kwalitee.

diff --git a/MANIFEST b/MANIFEST
@@ -81,6 +81,7 @@ t/data/verisign.crl.der
 t/data/verisign.crl.pem
 t/external/08_external.t
 t/external/15_altnames.t
+t/external/20_cert_chain.t
 t/handle/external/10_destroy.t
 t/handle/external/50_external.t
 t/handle/local/05_use.t

diff --git a/META.yml b/META.yml
@@ -28,4 +28,4 @@ requires:
 resources:
   bugtracker: https://rt.cpan.org/Public/Dist/Display.html?Name=net-ssleay
   repository: http://svn.debian.org/wsvn/net-ssleay
-version: 1.56
+version: 1.58
diff --git a/SSLeay.xs b/SSLeay.xs
@@ -8,7 +8,7 @@
  *
  * Change data removed. See Changes
  *
- * $Id: SSLeay.xs 391 2014-01-07 07:28:35Z mikem-guest $
+ * $Id: SSLeay.xs 397 2014-01-14 23:27:17Z mikem-guest $
  * 
  * The distribution and use of this module are subject to the conditions
  * listed in LICENSE file at the root of OpenSSL-0.9.6b
@@ -780,8 +780,8 @@ int next_proto_helper_AV2protodata(AV * list, unsigned char *out)
     if (last_index<0) return 0;
     for(i=0; i<=last_index; i++) {
         char *p = SvPV_nolen(*av_fetch(list, i, 0));
-        int len = strlen(p);
-        if (len<0 || len>255) return 0;
+        size_t len = strlen(p);
+        if (len>255) return 0;
         if (out) {
             /* if out == NULL we only calculate the length of output */
             out[ptr] = (unsigned char)len;
@@ -811,7 +811,7 @@ int next_proto_select_cb_invoke(SSL *ssl, unsigned char **out, unsigned char *ou
 {
     SV *cb_func, *cb_data;
     unsigned char *next_proto_data;
-    unsigned char next_proto_len;
+    size_t next_proto_len;
     int next_proto_status;
     SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
     STRLEN n_a;
@@ -941,7 +941,7 @@ int alpn_select_cb_invoke(SSL *ssl, const unsigned char **out, unsigned char *ou
 {
     SV *cb_func, *cb_data;
     unsigned char *alpn_data;
-    unsigned char alpn_len;
+    size_t alpn_len;
     SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
     STRLEN n_a;
 
@@ -1010,7 +1010,8 @@ int alpn_select_cb_invoke(SSL *ssl, const unsigned char **out, unsigned char *ou
 int pem_password_cb_invoke(char *buf, int bufsize, int rwflag, void *data) {
     dSP;
     char *str;
-    int count = -1, str_len = 0;
+    int count = -1;
+    size_t str_len = 0;
     simple_cb_data_t* cb = (simple_cb_data_t*)data;
     STRLEN n_a;
 
@@ -1633,7 +1634,6 @@ SSL_get_peer_cert_chain(s)
 	    x = sk_X509_value(chain, i);
 	    XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
 	}
-	sk_X509_free(chain);
 
 void
 SSL_set_verify(s,mode,callback)
@@ -3252,7 +3252,7 @@ PEM_get_string_PrivateKey(pk,passwd=NULL,enc_alg=NULL)
         BIO *bp;
         int i, n;
         char *buf;
-        int passwd_len = 0;
+        size_t passwd_len = 0;
         pem_password_cb * cb = NULL;
         void * u = NULL;
     CODE:
@@ -4221,7 +4221,7 @@ SSL_CTX_set_tmp_rsa(ctx,rsa)
      SSL_CTX *	ctx
      RSA *	rsa
 
-#if OPENSSL_VERSION_NUMBER > 0x10000000L
+#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
 
 EC_KEY *
 EC_KEY_new_by_curve_name(nid)

diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
@@ -4,7 +4,7 @@
 # Copyright (C) 2005 Florian Ragwitz <rafl@debian.org>, All Rights Reserved.
 # Copyright (C) 2005 Mike McCauley <mikem@airspayce.com>, All Rights Reserved.
 #
-# $Id: SSLeay.pm 392 2014-01-07 22:10:38Z mikem-guest $
+# $Id: SSLeay.pm 397 2014-01-14 23:27:17Z mikem-guest $
 #
 # Change data removed from here. See Changes
 # The distribution and use of this module are subject to the conditions
@@ -61,7 +61,7 @@ $Net::SSLeay::slowly = 0;
 $Net::SSLeay::random_device = '/dev/urandom';
 $Net::SSLeay::how_random = 512;
 
-$VERSION = '1.57';
+$VERSION = '1.58'; # Dont foget to set verison in META.yml too
 @ISA = qw(Exporter);
 
 #BEWARE:

diff --git a/t/external/20_cert_chain.t b/t/external/20_cert_chain.t
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use Test::More;
+use Socket;
+use Net::SSLeay qw( die_if_ssl_error );
+
+Net::SSLeay::randomize();
+Net::SSLeay::load_error_strings();
+Net::SSLeay::ERR_load_crypto_strings();
+Net::SSLeay::SSLeay_add_ssl_algorithms();
+
+my @sites = qw( www.verisign.com );
+
+if (@sites) {
+    plan tests => scalar @sites * 3;
+}
+else {
+    plan skip_all => 'No external hosts specified for SSL testing';
+}
+
+for my $site (@sites) {
+    SKIP: {
+	my $port = getservbyname  ('https', 'tcp');
+	my $dest_ip = gethostbyname ( $site );
+
+	socket  (S, &AF_INET, &SOCK_STREAM, 0)  or die "socket: $!";
+	connect (S, sockaddr_in($port, $dest_ip) ) or die "connect: $!";
+	select  (S); $| = 1; select (STDOUT);
+
+	my $ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
+	my $ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!");
+	Net::SSLeay::set_fd($ssl, fileno(S));   # Must use fileno
+	Net::SSLeay::connect($ssl);
+	die_if_ssl_error('bulk: ssl connect');
+
+        my @chain = Net::SSLeay::get_peer_cert_chain($ssl);
+        ok(scalar @chain, 'get_peer_cert_chain returns some elements');
+	SKIP: {
+		if( ! scalar @chain ) {
+			skip('check returned no certificate chain!', 2);
+		}
+		my $x509 = $chain[0];
+		ok(my $subject = Net::SSLeay::X509_get_subject_name($x509), "X509_get_subject_name");
+		like(Net::SSLeay::X509_NAME_oneline($subject), qr|/OU=.*?/CN=|, "X509_NAME_oneline");
+	};
+        Net::SSLeay::free($ssl);
+        Net::SSLeay::CTX_free($ctx);
+    }
+}