Hello community,
here is the log from the commit of package perl-IO-Socket-SSL
checked in at Mon Oct 8 12:27:32 CEST 2007.
--------
--- perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes 2007-06-11 10:53:01.000000000 +0200
+++ /mounts/work_src_done/STABLE/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes 2007-10-08 09:49:41.000000000 +0200
@@ -1,0 +2,10 @@
+Mon Oct 8 09:24:08 CEST 2007 - anicka@suse.cz
+
+- update to 1.09
+ * new method stop_SSL as opposite of start_SSL
+ * try to make it clearer that thread support is buggy
+ * make sure that Scalar::Util has support for dualvar
+ (Makefile.PL,SSL.pm) because the perl*only version has
+ has no dualvar
+
+-------------------------------------------------------------------
Old:
----
IO-Socket-SSL-1.07-store_set_flags.diff
IO-Socket-SSL-1.07.tar.bz2
New:
----
IO-Socket-SSL-1.09-store_set_flags.diff
IO-Socket-SSL-1.09.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-IO-Socket-SSL.spec ++++++
--- /var/tmp/diff_new_pack.bB9600/_old 2007-10-08 12:27:25.000000000 +0200
+++ /var/tmp/diff_new_pack.bB9600/_new 2007-10-08 12:27:25.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package perl-IO-Socket-SSL (Version 1.07)
+# spec file for package perl-IO-Socket-SSL (Version 1.09)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -12,16 +12,16 @@
Name: perl-IO-Socket-SSL
BuildRequires: perl-Net_SSLeay perl-libwww-perl
-Version: 1.07
+Version: 1.09
Release: 1
Provides: p_iossl
Obsoletes: p_iossl
Requires: perl-Net_SSLeay perl-libwww-perl
Requires: perl = %{perl_version}
-Autoreqprov: on
+AutoReqProv: on
Group: Development/Libraries/Perl
License: Artistic License
-URL: http://cpan.org/modules/by-module/IO
+Url: http://cpan.org/modules/by-module/IO
Summary: IO::Socket::SSL Perl Module
Source: IO-Socket-SSL-%{version}.tar.bz2
Patch: IO-Socket-SSL-%{version}-store_set_flags.diff
@@ -64,8 +64,14 @@
%{perl_vendorlib}/IO
%{perl_vendorarch}/auto/IO
/var/adm/perl-modules/%{name}
-
%changelog
+* Mon Oct 08 2007 - anicka@suse.cz
+- update to 1.09
+ * new method stop_SSL as opposite of start_SSL
+ * try to make it clearer that thread support is buggy
+ * make sure that Scalar::Util has support for dualvar
+ (Makefile.PL,SSL.pm) because the perl*only version has
+ has no dualvar
* Mon Jun 11 2007 - anicka@suse.cz
- update to 1.07
* fix t/nonblock.t on systems which have by default a larger
++++++ IO-Socket-SSL-1.07-store_set_flags.diff -> IO-Socket-SSL-1.09-store_set_flags.diff ++++++
--- perl-IO-Socket-SSL/IO-Socket-SSL-1.07-store_set_flags.diff 2006-07-18 17:38:07.000000000 +0200
+++ /mounts/work_src_done/STABLE/perl-IO-Socket-SSL/IO-Socket-SSL-1.09-store_set_flags.diff 2007-10-08 09:48:22.000000000 +0200
@@ -1,6 +1,6 @@
--- SSL.pm
+++ SSL.pm
-@@ -727,7 +727,7 @@
+@@ -938,7 +938,7 @@
if ($arg_hash->{'SSL_check_crl'}) {
if (Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x0090702f)
{
++++++ IO-Socket-SSL-1.07.tar.bz2 -> IO-Socket-SSL-1.09.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/IO-Socket-SSL-1.07/Changes new/IO-Socket-SSL-1.09/Changes
--- old/IO-Socket-SSL-1.07/Changes 2007-06-06 15:57:04.000000000 +0200
+++ new/IO-Socket-SSL-1.09/Changes 2007-09-13 21:22:05.000000000 +0200
@@ -1,3 +1,14 @@
+v1.09
+ - new method stop_SSL as opposite of start_SSL based on a idea
+ of Bron Gondwana
+ To support this method the SSL_shutdown handling had to be
+ fixed, e.g. in close a proper unidirectional shutdown
+ should be done while in stop_SSL a bidirectional shutdown
+ - try to make it clearer that thread support is buggy
+v1.08
+ - make sure that Scalar::Util has support for dualvar
+ (Makefile.PL,SSL.pm) because the perl-only version has
+ has no dualvar
v1.07
- fix t/nonblock.t on systems which have by default a larger
socket buffer. Set SO_SNDBUF explicitly with setsockopt
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/IO-Socket-SSL-1.07/Makefile.PL new/IO-Socket-SSL-1.09/Makefile.PL
--- old/IO-Socket-SSL-1.07/Makefile.PL 2006-07-20 07:44:36.000000000 +0200
+++ new/IO-Socket-SSL-1.09/Makefile.PL 2007-08-10 10:54:23.000000000 +0200
@@ -50,11 +50,20 @@
}
}
+{
+ # make sure that we have dualvar from the XS Version of Scalar::Util
+ if ( eval { require Scalar::Util } ) {
+ eval { Scalar::Util::dualvar( 0,'' ) };
+ die "You need the XS Version of Scalar::Util for dualvar() support"
+ if $@
+ }
+}
+
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
# the contents of the Makefile that is written.
WriteMakefile(
'NAME' => 'IO::Socket::SSL',
- 'AUTHOR' => 'Peter Behroozi & Marko Asplund',
+ 'AUTHOR' => 'Steffen Ullrich & Peter Behroozi & Marko Asplund',
'ABSTRACT' => 'Nearly transparent SSL encapsulation for IO::Socket::INET.',
'VERSION_FROM' => 'SSL.pm',
'DISTNAME' => 'IO-Socket-SSL',
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/IO-Socket-SSL-1.07/MANIFEST new/IO-Socket-SSL-1.09/MANIFEST
--- old/IO-Socket-SSL-1.07/MANIFEST 2006-08-02 22:39:05.000000000 +0200
+++ new/IO-Socket-SSL-1.09/MANIFEST 2007-09-13 13:24:51.000000000 +0200
@@ -30,5 +30,6 @@
t/cert_no_file.t
t/dhe.t
t/readline.t
+t/start-stopssl.t
util/export_certs.pl
META.yml
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/IO-Socket-SSL-1.07/SSL.pm new/IO-Socket-SSL-1.09/SSL.pm
--- old/IO-Socket-SSL-1.07/SSL.pm 2007-06-06 15:57:16.000000000 +0200
+++ new/IO-Socket-SSL-1.09/SSL.pm 2007-09-13 21:19:34.000000000 +0200
@@ -17,11 +17,22 @@
use IO::Socket;
use Net::SSLeay 1.21;
use Exporter ();
-use Scalar::Util 'dualvar';
use Errno 'EAGAIN';
use Carp;
use strict;
+# from openssl/ssl.h, should be better in Net::SSLeay
+use constant SSL_SENT_SHUTDOWN => 1;
+use constant SSL_RECEIVED_SHUTDOWN => 2;
+
+# non-XS Versions of Scalar::Util will fail
+BEGIN{
+ eval { use Scalar::Util 'dualvar'; dualvar(0,'') };
+ die "You need the XS Version of Scalar::Util for dualvar() support"
+ if $@;
+}
+
+
use vars qw(@ISA $VERSION $DEBUG $SSL_ERROR $GLOBAL_CONTEXT_ARGS @EXPORT );
{
@@ -41,7 +52,7 @@
BEGIN {
# Declare @ISA, $VERSION, $GLOBAL_CONTEXT_ARGS
@ISA = qw(IO::Socket::INET);
- $VERSION = '1.07';
+ $VERSION = '1.09';
$GLOBAL_CONTEXT_ARGS = {};
#Make $DEBUG another name for $Net::SSLeay::trace
@@ -537,33 +548,94 @@
sub close {
my $self = shift || return _invalid_object();
my $close_args = (ref($_[0]) eq 'HASH') ? $_[0] : {@_};
+
+ return if ! $self->stop_SSL(
+ SSL_fast_shutdown => 1,
+ %$close_args,
+ _SSL_ioclass_downgrade => 0,
+ );
+
+ if ( ! $close_args->{_SSL_in_DESTROY} ) {
+ untie( *$self );
+ return $self->SUPER::close;
+ }
+ return 1;
+}
+
+sub stop_SSL {
+ my $self = shift || return _invalid_object();
+ my $stop_args = (ref($_[0]) eq 'HASH') ? $_[0] : {@_};
return $self->error("SSL object already closed") unless (${*$self}{'_SSL_opened'});
if (my $ssl = ${*$self}{'_SSL_object'}) {
- local $SIG{PIPE} = sub{};
- $close_args->{'SSL_no_shutdown'} or Net::SSLeay::shutdown($ssl);
+ my $shutdown_done;
+ if ( $stop_args->{SSL_no_shutdown} ) {
+ $shutdown_done = 1;
+ } else {
+ my $fast = $stop_args->{SSL_fast_shutdown};
+ my $status = Net::SSLeay::get_shutdown($ssl);
+ if ( $status == SSL_RECEIVED_SHUTDOWN
+ || ( $status != 0 && $fast )) {
+ # shutdown done
+ $shutdown_done = 1;
+ } else {
+ # need to initiate/continue shutdown
+ local $SIG{PIPE} = sub{};
+ for my $try (1,2 ) {
+ my $rv = Net::SSLeay::shutdown($ssl);
+ if ( $rv < 0 ) {
+ # non-blocking socket?
+ $self->_set_rw_error( $ssl,$rv );
+ # need to try again
+ return;
+ } elsif ( $rv
+ || ( $rv == 0 && $fast )) {
+ # shutdown finished
+ $shutdown_done = 1;
+ last;
+ } else {
+ # shutdown partly finished (e.g. one direction)
+ # call again
+ }
+ }
+ }
+ }
+
+ return if ! $shutdown_done;
Net::SSLeay::free($ssl);
- delete ${*$self}{'_SSL_object'};
+ delete ${*$self}{_SSL_object};
}
- if ($close_args->{'SSL_ctx_free'}) {
- my $ctx = ${*$self}{'_SSL_ctx'};
- delete ${*$self}{'_SSL_ctx'};
- $ctx->DESTROY();
+ if ($stop_args->{'SSL_ctx_free'}) {
+ my $ctx = delete ${*$self}{'_SSL_ctx'};
+ $ctx && $ctx->DESTROY();
}
- if (${*$self}{'_SSL_certificate'}) {
- Net::SSLeay::X509_free(${*$self}{'_SSL_certificate'});
+ if (my $cert = delete ${*$self}{'_SSL_certificate'}) {
+ Net::SSLeay::X509_free($cert);
}
${*$self}{'_SSL_opened'} = 0;
- my $arg_hash = ${*$self}{'_SSL_arguments'};
- untie(*$self) unless ($arg_hash->{'SSL_server'}
- or $close_args->{_SSL_in_DESTROY});
- $self->SUPER::close unless ($close_args->{_SSL_in_DESTROY});
+ if ( ! $stop_args->{_SSL_in_DESTROY} ) {
+
+ my $downgrade = $stop_args->{_SSL_ioclass_downgrade};
+ if ( $downgrade || ! defined $downgrade ) {
+ # rebless to original class from start_SSL
+ if ( my $orig_class = delete ${*$self}{'_SSL_ioclass_upgraded'} ) {
+ bless $self,$orig_class;
+ untie(*$self);
+ # FIXME: if original class was tied too we need to restore the tie
+ }
+ # remove all _SSL related from *$self
+ my @sslkeys = grep { m{^_?SSL_} } keys %{*$self};
+ delete @{*$self}{@sslkeys} if @sslkeys;
+ }
+ }
+ return 1;
}
+
sub kill_socket {
my $self = shift;
shutdown($self, 2);
@@ -612,6 +684,7 @@
$socket->configure_SSL($arg_hash) or bless($socket, $original_class) && return;
${*$socket}{'_SSL_fileno'} = $original_fileno;
+ ${*$socket}{'_SSL_ioclass_upgraded'} = $original_class;
my $start_handshake = $arg_hash->{SSL_startHandshake};
if ( ! defined($start_handshake) || $start_handshake ) {
@@ -1076,6 +1149,8 @@
If you are using non-blocking sockets read on, as version 0.98 added better
support for non-blocking.
+If you are trying to use it with threads see the BUGS section.
+
=head1 METHODS
IO::Socket::SSL inherits its methods from IO::Socket::INET, overriding them
@@ -1268,6 +1343,13 @@
on the socket in question so that the close operation can complete without problems
if you have used shutdown() or are working on a copy of a socket.
+=item SSL_fast_shutdown
+
+If set to true only a unidirectional shutdown will be done, e.g. only the
+close_notify (see SSL_shutdown(3)) will be called. Otherwise a bidrectional
+shutdown will be done. If used within close() it defaults to true, if used
+within stop_SSL() it defaults to false.
+
=item SSL_ctx_free
If you want to make sure that the SSL context of the socket is destroyed when
@@ -1334,6 +1416,17 @@
just upgrade the socket set B explicitly to 0. If you call start_SSL
w/o this parameter it will revert to blocking behavior for accept_SSL and connect_SSL.
+=item B
+
+This is the opposite of start_SSL(), e.g. it will shutdown the SSL connection
+and return to the class before start_SSL(). It gets the same arguments as close(),
+in fact close() calls stop_SSL() (but without downgrading the class).
+
+Will return true if it suceeded and undef if failed. This might be the case for
+non-blocking sockets. In this case $! is set to EAGAIN and the ssl error to
+SSL_WANT_READ or SSL_WANT_WRITE. In this case the call should be retried again with
+the same arguments once the socket is ready is until it succeeds.
+
=item B<< IO::Socket::SSL->new_from_fd($fd, ...) >>
This will convert a socket identified via a file descriptor into an SSL socket.
@@ -1459,6 +1552,8 @@
This is because IO::Socket::SSL is based on Net::SSLeay which
uses a global object to access some of the API of openssl
and is therefore not threadsafe.
+It might probably work if you don't use SSL_verify_cb and
+SSL_password_cb.
IO::Socket::SSL does not work together with Storable::fd_retrieve/fd_store.
See BUGS file for more information and how to work around the problem.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/IO-Socket-SSL-1.07/t/start-stopssl.t new/IO-Socket-SSL-1.09/t/start-stopssl.t
--- old/IO-Socket-SSL-1.07/t/start-stopssl.t 1970-01-01 01:00:00.000000000 +0100
+++ new/IO-Socket-SSL-1.09/t/start-stopssl.t 2007-09-13 21:37:06.000000000 +0200
@@ -0,0 +1,120 @@
+
+use strict;
+use IO::Socket::INET;
+use IO::Socket::SSL;
+
+if ( grep { $^O =~m{$_} } qw( MacOS VOS vmesa riscos amigaos ) ) {
+ print "1..0 # Skipped: fork not implemented on this platform\n";
+ exit
+}
+
+use vars qw( $SSL_SERVER_ADDR );
+do "t/ssl_settings.req" || do "ssl_settings.req";
+
+$|=1;
+my @tests = qw( start stop start close );
+print "1..16\n";
+
+my $server = IO::Socket::INET->new(
+ LocalAddr => $SSL_SERVER_ADDR,
+ Listen => 2,
+ ReuseAddr => 1,
+) || die "not ok #tcp listen failed: $!\n";
+print "ok #listen\n";
+my ($SSL_SERVER_PORT) = unpack_sockaddr_in( $server->sockname );
+
+defined( my $pid = fork() ) || die $!;
+$pid ? server():client();
+wait;
+exit(0);
+
+
+sub client {
+ close($server);
+ my $client = IO::Socket::INET->new( "$SSL_SERVER_ADDR:$SSL_SERVER_PORT" ) or
+ die "not ok #client connect: $!\n";
+ $client->autoflush;
+ print "ok #client connect\n";
+
+ for my $test (@tests) {
+ alarm(15);
+ #print STDERR "begin test $test\n";
+ if ( $test eq 'start' ) {
+ print $client "start\n";
+ sleep(1); # avoid race condition, if client calls start but server is not yet available
+
+ #print STDERR ">>$$(client) start\n";
+ IO::Socket::SSL->start_SSL( $client )
+ || die "not ok #client::start_SSL: $SSL_ERROR\n";
+ #print STDERR "<<$$(client) start\n";
+ print "ok # client::start_SSL\n";
+
+ ref($client) eq "IO::Socket::SSL" or print "not ";
+ print "ok # client::class=".ref($client)."\n";
+
+ } elsif ( $test eq 'stop' ) {
+ print $client "stop\n";
+ $client->stop_SSL || die "not ok #client::stop_SSL\n";
+ print "ok # client::stop_SSL\n";
+
+ ref($client) eq "IO::Socket::INET" or print "not ";
+ print "ok # client::class=".ref($client)."\n";
+
+ } elsif ( $test eq 'close' ) {
+ print $client "close\n";
+ my $class = ref($client);
+ $client->close || die "not ok # client::close\n";
+ print "ok # client::close\n";
+
+ ref($client) eq $class or print "not ";
+ print "ok # client::class=".ref($client)."\n";
+ last;
+ }
+ #print STDERR "cont test $test\n";
+
+ defined( my $line = <$client> ) or return;
+ die "'$line'" if $line ne "OK\n";
+ }
+}
+
+
+sub server {
+ my $client = $server->accept || die $!;
+ $client->autoflush;
+ while (1) {
+ alarm(15);
+ defined( my $line = <$client> ) or last;
+ chomp($line);
+ if ( $line eq 'start' ) {
+ #print STDERR ">>$$ start\n";
+ IO::Socket::SSL->start_SSL( $client,
+ SSL_server => 1,
+ SSL_cert_file => "certs/client-cert.pem",
+ SSL_key_file => "certs/client-key.pem"
+ ) || die "not ok #server::start_SSL: $SSL_ERROR\n";
+ #print STDERR "<<$$ start\n";
+
+ ref($client) eq "IO::Socket::SSL" or print "not ";
+ print "ok # server::class=".ref($client)."\n";
+ print $client "OK\n";
+
+ } elsif ( $line eq 'stop' ) {
+ $client->stop_SSL || die "not ok #server::stop_SSL\n";
+ print "ok #server::stop_SSL\n";
+
+ ref($client) eq "IO::Socket::INET" or print "not ";
+ print "ok # class=".ref($client)."\n";
+ print $client "OK\n";
+
+ } elsif ( $line eq 'close' ) {
+ my $class = ref($client);
+ $client->close || die "not ok #server::close\n";
+ print "ok #server::close\n";
+
+ ref($client) eq $class or print "not ";
+ print "ok # class=".ref($client)."\n";
+ last;
+ }
+ }
+}
+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org