SSL module negotiation [rt.cpan.org #29704]

[oalders]

Migrated from rt.cpan.org#29704 (status was 'open')

Requestors:

• amefford@corp.untd.com

Attachments:

• cpan-29704-no-io-socket-ssl.pl
• cpan-29704.pl
• cpan-29704.pl

From amefford@corp.untd.com on 2007-10-02 00:46:50:

It appears there is a bug in your SSL module negotiation.  While the
documentation stats Crypt::SSLeay is preferred, IO::Socket::SSL will be
used instead if loaded.  I came across this after trying to determine
why some P12 SSL transactions were failing.  The cause was found to be
having loaded IMAP::Client which loaded IO::Socket::SSL;  Crypt::SSLeay
uses env vars for P12 but IO::Socket::SSL doesn't seem to honor the same
vars.

 

This illustrates the problem:

perl -e 'use Net::SSL;use Crypt::SSLeay; use IO::Socket::SSL; use
Net::HTTPS; print $Net::HTTPS::SSL_SOCKET_CLASS,"\n";'

 

It seems that the Net::SSL::VERSION is not being set until after using
all the modules where IO::Socket::SSL::VERSION is being set.  The
difference I think is that IO::Socket::SSL::VERSION uses a BEGIN block
to set the Version where Net::SSL does not.

 

Now that I have found my issue there are many work-a-rounds, but this
was quite difficult to track down so I thought I'd let you know.

 

Aaron Mefford

Software Developement Manager

United Online Webservices

Desk: 801.437.6055

AIM: aaronmefford

 

From ether@cpan.org on 2017-01-25 21:42:11:

migrated queues: libwww-perl -> Net-HTTPS

From jkeenan@cpan.org on 2017-03-28 20:01:04:

On Mon Oct 01 20:46:50 2007, amefford@corp.untd.com wrote:
> It appears there is a bug in your SSL module negotiation.  While the
> documentation stats Crypt::SSLeay is preferred, IO::Socket::SSL will be
> used instead if loaded.  I came across this after trying to determine
> why some P12 SSL transactions were failing.  The cause was found to be
> having loaded IMAP::Client which loaded IO::Socket::SSL;  Crypt::SSLeay
> uses env vars for P12 but IO::Socket::SSL doesn't seem to honor the same
> vars.
> 
>  
> 
> This illustrates the problem:
> 
> perl -e 'use Net::SSL;use Crypt::SSLeay; use IO::Socket::SSL; use
> Net::HTTPS; print $Net::HTTPS::SSL_SOCKET_CLASS,"\n";'
> 
>  
> 
> It seems that the Net::SSL::VERSION is not being set until after using
> all the modules where IO::Socket::SSL::VERSION is being set.  The
> difference I think is that IO::Socket::SSL::VERSION uses a BEGIN block
> to set the Version where Net::SSL does not.
> 
>  
> 
> Now that I have found my issue there are many work-a-rounds, but this
> was quite difficult to track down so I thought I'd let you know.
> 
>  
> 
> Aaron Mefford
> 
> Software Developement Manager
> 
> United Online Webservices
> 
> Desk: 801.437.6055
> 
> AIM: aaronmefford
> 
>  
> 

Current status, running file attached.
#####
$ perl cpan-29704.pl
Perl version:                           v5.24.1
$Net::SSL::VERSION                      2.86
$Crypt::SSLeay::VERSION                 0.72
$IO::Socket::SSL::VERSION               2.043
$Net::HTTPS::VERSION                    6.12

$Net::HTTPS::SSL_SOCKET_CLASS:          IO::Socket::SSL
#####

But if I comment out the lines referring to IO::Socket::SSL, I get:

#####
$ perl cpan-29704-no-io-socket-ssl.pl 
Perl version:                           v5.24.1
$Net::SSL::VERSION                      2.86
$Crypt::SSLeay::VERSION                 0.72
$Net::HTTPS::VERSION                    6.12

$Net::HTTPS::SSL_SOCKET_CLASS:          Net::SSL
#####

Hence, problem persists.

Thank you very much.
Jim Keenan

From jkeenan@cpan.org on 2017-03-28 20:02:23:

On Tue Mar 28 16:01:04 2017, JKEENAN wrote:
> On Mon Oct 01 20:46:50 2007, amefford@corp.untd.com wrote:
> > It appears there is a bug in your SSL module negotiation.  While the
> > documentation stats Crypt::SSLeay is preferred, IO::Socket::SSL will be
> > used instead if loaded.  I came across this after trying to determine
> > why some P12 SSL transactions were failing.  The cause was found to be
> > having loaded IMAP::Client which loaded IO::Socket::SSL;  Crypt::SSLeay
> > uses env vars for P12 but IO::Socket::SSL doesn't seem to honor the same
> > vars.
> > 
> >  
> > 
> > This illustrates the problem:
> > 
> > perl -e 'use Net::SSL;use Crypt::SSLeay; use IO::Socket::SSL; use
> > Net::HTTPS; print $Net::HTTPS::SSL_SOCKET_CLASS,"\n";'
> > 
> >  
> > 
> > It seems that the Net::SSL::VERSION is not being set until after using
> > all the modules where IO::Socket::SSL::VERSION is being set.  The
> > difference I think is that IO::Socket::SSL::VERSION uses a BEGIN block
> > to set the Version where Net::SSL does not.
> > 
> >  
> > 
> > Now that I have found my issue there are many work-a-rounds, but this
> > was quite difficult to track down so I thought I'd let you know.
> > 
> >  
> > 
> > Aaron Mefford
> > 
> > Software Developement Manager
> > 
> > United Online Webservices
> > 
> > Desk: 801.437.6055
> > 
> > AIM: aaronmefford
> > 
> >  
> > 
> 
> Current status, running file attached.
> #####
> $ perl cpan-29704.pl
> Perl version:                           v5.24.1
> $Net::SSL::VERSION                      2.86
> $Crypt::SSLeay::VERSION                 0.72
> $IO::Socket::SSL::VERSION               2.043
> $Net::HTTPS::VERSION                    6.12
> 
> $Net::HTTPS::SSL_SOCKET_CLASS:          IO::Socket::SSL
> #####
> 
> But if I comment out the lines referring to IO::Socket::SSL, I get:
> 
> #####
> $ perl cpan-29704-no-io-socket-ssl.pl 
> Perl version:                           v5.24.1
> $Net::SSL::VERSION                      2.86
> $Crypt::SSLeay::VERSION                 0.72
> $Net::HTTPS::VERSION                    6.12
> 
> $Net::HTTPS::SSL_SOCKET_CLASS:          Net::SSL
> #####
> 
> Hence, problem persists.
> 
> Thank you very much.
> Jim Keenan


First file attached was incorrect; correcting.