-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ruby's Travis is not working with OpenSSL 1.1.1 #227
Comments
The way of skip was slightly changed ruby/ruby@bf26f84 |
Thank you for taking a look at these issues.
TLS 1.3, which is new in OpenSSL 1.1.1, handles a client certificate differently from TLS 1.2. rubygems/rubygems#2388 is tracking the issue.
I don't know about macOS, but https://bugs.ruby-lang.org/issues/14713 seems relevant. I guess we should apply a patch like this? /cc @nobu diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index c6bfb8312d91..be596ed19fae 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1820,6 +1820,14 @@ ossl_ssl_write_internal(VALUE self, VALUE str, VALUE opts)
rb_io_wait_readable(FPTR_TO_FD(fptr));
continue;
case SSL_ERROR_SYSCALL:
+#ifdef __APPLE__
+ /*
+ * send can return EPROTOTYPE if the socket is torn down in the
+ * middle of the syscall. Retry to get a proper errno.
+ */
+ if (errno == EPROTOTYPE)
+ continue;
+#endif
if (errno) rb_sys_fail(0);
default:
ossl_raise(eSSLError, "SSL_write"); |
Windows (RubyInstaller2) Ruby 2.5.3 is using 1.1.1, and also ruby-loco trunk. The failure Also, this is intermittent:
I have not found a way to repro the error locally. The normal error raised (using 1.1.1) is:
Happy to help, but given that this is moving from RubyGems -> net/http -> openssl, I'm not sure what, where, or who. The RubyGems code could just allow for the error... |
Errno::EPROTOTYPE is not supposed to be raised by SSLSocket#write. However, on macOS, send(2) which is called via SSL_write() can occasionally return EPROTOTYPE. Retry SSL_write() so that we get a proper error, just as ext/socket does. Reference: https://bugs.ruby-lang.org/issues/14713 Reference: ruby#227
Errno::EPROTOTYPE is not supposed to be raised by SSLSocket#write. However, on macOS, send(2) which is called via SSL_write() can occasionally return EPROTOTYPE. Retry SSL_write() so that we get a proper error, just as ext/socket does. Reference: https://bugs.ruby-lang.org/issues/14713 Reference: ruby#227
Errno::EPROTOTYPE is not supposed to be raised by SSLSocket#write. However, on macOS, send(2) which is called via SSL_write() can occasionally return EPROTOTYPE. Retry SSL_write() so that we get a proper error, just as ext/socket does. Reference: https://bugs.ruby-lang.org/issues/14713 Reference: ruby#227
Errno::EPROTOTYPE is not supposed to be raised by SSLSocket#write. However, on macOS, send(2) which is called via SSL_write() can occasionally return EPROTOTYPE. Retry SSL_write() so that we get a proper error, just as ext/socket does. Reference: https://bugs.ruby-lang.org/issues/14713 Reference: ruby/openssl#227 ruby/openssl@2e700c80bf
Recently we added osx build that installs OpenSSL 1.1.1 to Travis of ruby repository. As we got 2 test failures by that, tentatively we skipped those test cases on Travis osx build ruby/ruby@40d0708.
OpenSSL::SSL::SSLError "SSL_read: tlsv1 alert decrypt error"
Errno::EPROTOTYPE "Protocol wrong type for socket"
This issue failure seems related to OpenSSL. Once that's fixed, please remove the skip code for Travis.
The text was updated successfully, but these errors were encountered: