HTTPS authentication error hangs instead of returning authentication error. Fix included. [rt.cpan.org #66657]

[oalders]

Migrated from rt.cpan.org#66657 (status was 'open')

Requestors:

• Tom.Koelman@intellimagic.net

From tom.koelman@intellimagic.net on 2011-03-16 11:00:24:

Hi,

We are using LWP 5.837, bundled with ActiveState 5.10.1008 on Windows 7 64 bit, but I just took a look at the libwww-perl repository on github and the most recent commit, 93c26dd32aea887331860e7afbc68d34e141ddab, has the same issue I think.

What I was trying to do was doing a POST request on a https url that requires basic authentication, deliberately giving it wrong credentials. Instead of returning an HTTP::response object with a 401 error, the HTTP::UserAgent->request call just hang and never returned. Tracking it down I found out that the actual call that was not returning was in Net::HTTP::Methods::my_read, calling $self->sysread.

Turns out that in our case $self->sysread resolves to Net::SSL::read, which I think should have been 
LWP::Protocol::http::SocketMethods::sysread instead.

In our case Net::HTTPS isa Net::SSL and Net::SSL implements a sysread, which gets found earlier than LWP::Protocol::https::SocketMethods' sysread due to the order in which perl looks for methods in superclasses.
The origin of this problem resides in LWP::Protocol::https.pm, in which I think this line:

@ISA = qw(Net::HTTPS LWP::Protocol::http::SocketMethods);

should be:

@ISA = qw(LWP::Protocol::http::SocketMethods Net::HTTPS);

At least in our case this change fixes the problem. The wrongly authenticated request now returns with a HTTP::response object having the 401 status and doesn't hang anymore.

Regards,
Tom Koelman

From ether@cpan.org on 2017-01-25 21:41:28:

migrated queues: libwww-perl -> LWP-Protocol-https