Comments (21)
This morning, I tried installing version 2.014. I tried several runs of nmake test
, and it did not hang.
Of course, it still fails due to issue #31 -- hence the failing test report.
I will update if I have any real insight or data points.
from p5-io-socket-ssl.
I just installed Strawberry Perl and ran cpan -u, and am hanging exactly at verify_fingerprints as well.
from p5-io-socket-ssl.
I can confirm that it also hangs occasionally on perl 5.20.3 as well.
from p5-io-socket-ssl.
I should point out that I haven't experienced the issue with the 5.23.5+ development versions and 5.24.0-RC1. I did several builds and installs, and they all went smoothly, and I haven't put much time into diagnosis.
This is with 64-bit perl
s built using MSVS 2013 on Windows 10 and Windows 10 Pro.
from p5-io-socket-ssl.
I can confirm, that test under strawberry perl, both, x86 and x64 are freeze on verify_fingerprint.
tested on strawberry perl 5.24.0 under windows 10 x64.
from p5-io-socket-ssl.
And, I still have no additional insight. For example, today's cpan-outdated|cpanm
got stuck at IO::Socket::SSL
for this reason. Then, I killed the process, tried again, and everything worked. This is on 64-bit Windows 10 Pro with VS 2013 built perl
5.25.4.
from p5-io-socket-ssl.
Hmm, it still stuck on verify-fingerprint.t under strawberry perl almost each time.
from p5-io-socket-ssl.
@zdm Interestingly, it only happened to me once for most recent three release versions x two machines. I am pretty convinced (without much evidence) that the problem is not with IO::Socket::SSL
. I haven't been motivated to spend time with a debugger, though.
from p5-io-socket-ssl.
Maybe this is related to Net::SSLeay.
But you are right, seems, that this is not simple issue.
from p5-io-socket-ssl.
I ran across this too on Strawberry Perl 5.24.1.1 (64bit) Windows 10. Has anyone made any progress to it?
from p5-io-socket-ssl.
Having this problem on Strawberry Perl 5.26.1.1 (32bit) Windows XP SP3.
from p5-io-socket-ssl.
This isn't a fix obviously but a work around for people who are using cpan-outdated -p | cpanm
in Windows where this problem seems to be occurring the most you can use cpan-outdated -p | findstr /v "IO::Socket::SSL" | cpanm
to skip updating when using cpan-outdated.
from p5-io-socket-ssl.
Having this problem on Strawberry Perl 5.22.2 (32bit) Windows 7 SP1.
First time
cpan SULLR/IO-Socket-SSL-2.059.tar.gz
-> hang
Second time
cpan SULLR/IO-Socket-SSL-2.059.tar.gz
-> hang
Third time
manuarly download IO-Socket-SSL-2.059.tar.gz and eventually dmake test. -> success
Fourth time
cpan SULLR/IO-Socket-SSL-2.059.tar.gz
-> success
from p5-io-socket-ssl.
Was having the same problem on Strawberry Perl 5.24.1, after copying @twata1's steps above it is working for me as well.
from p5-io-socket-ssl.
For version 2.072, I still have the issue as shown below, though t/sni_verify.t no longer hangs (see also #97) with some Strawberry Perl versions (64bit) Windows 8.1.
Perl | Did t/verify_fingerprint.t hang? |
---|---|
v5.16.3 | Yes |
v5.18.4 | Yes |
v5.20.3 | No |
v5.22.3 | Yes |
v5.24.4 | No |
v5.26.1 | Yes |
v5.28.2 | No |
v5.30.2 | Yes |
v5.32.1 | No |
from p5-io-socket-ssl.
re: IO::Socket::SSL v2.072 if it helps,
I am on Windows Server 2016, running OpenSSL v3.0.1 and Net::SSLeay v1.91_01
The patch below gets me past the hanging:
--- a/t/sni_verify.t Mon Aug 16 13:45:46 2021 +++ b/t/sni_verify.t Mon Nov 29 16:53:25 2021 @@ -71,6 +71,13 @@ print "ok # client ssl connect $host\n"; $client->verify_hostname($host,'http') or print "not "; print "ok # client verify hostname in cert $host\n"; + + if ($client) { + # Shutdown TLS properly. Otherwise TLSv1.3 server will receive SIGPIPE + # in SSL_accept() and dies. + # . + $client->close('SSL_fast_shutdown' => 0); + } } else { print "not ok # client ssl connect $host - $SSL_ERROR\n"; print "ok # skip connect failed\n"; @@ -86,6 +93,9 @@ my $name = $csock->get_servername; print "not " if ! $name or $name ne $host; print "ok # server got SNI name $host\n"; + if ($csock) { + $csock->close('SSL_fast_shutdown' => 0); + } } else { print "not ok # server accept - $SSL_ERROR\n"; print "ok # skip accept failed\n";
But I still encounter errors;
C:\Data\build\IO-Socket-SSL-2.072>perl Makefile.PL Should I do external tests? These test will detect if there are network problems and fail soft, so please disable them only if you definitely don't want to have any network traffic to external sites. [Y/n] n Checking if your kit is complete... Looks good Warning: prerequisite Mozilla::CA 0 not found. Generating a nmake-style Makefile Writing Makefile for IO::Socket::SSL Writing MYMETA.yml and MYMETA.json C:\Data\build\IO-Socket-SSL-2.072>nmake Microsoft (R) Program Maintenance Utility Version 14.29.30136.0 Copyright (C) Microsoft Corporation. All rights reserved. cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm C:\Data\build\IO-Socket-SSL-2.072>nmake test Microsoft (R) Program Maintenance Utility Version 14.29.30136.0 Copyright (C) Microsoft Corporation. All rights reserved. "C:\perl-5.34.0\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021 # Net::SSLeay version=1.91_01 t\01loadmodule.t .................. 1/3 # parent IO::Socket::IP version=0.41 t\01loadmodule.t .................. ok t\acceptSSL-timeout.t ............. ok t\alpn.t .......................... ok t\auto_verify_hostname.t .......... ok t\cert_formats.t .................. ok t\cert_no_file.t .................. ok t\compatibility.t ................. ok t\connectSSL-timeout.t ............ Dubious, test returned 1 (wstat 256, 0x100) Failed 8/16 subtests t\core.t .......................... 1/48 # Failed test 'Client Sysread Check' # Failed test 'Server Getlines Check 1' # at t\core.t line 137. # at t\core.t line 251. # got: ' aaaaaaaaaaaaaaaaaaaa' # got: '0' # expected: ' waaaanf' # expected: '6' # Failed test 'Client Getline Check' # at t\core.t line 147. # got: undef # Failed test 'Server Getlines Check 2' # expected: 'Test # at t\core.t line 253. # ' # got: undef # expected: '1.04 # ' # Failed test 'Client Getc Check' # at t\core.t line 149. # got: '0' # expected: '$' # Failed test 'Client Getlines Check 1' # at t\core.t line 152. # Failed test 'Server Getlines Check 3' # at t\core.t line 255. # got: '0' # expected: '6' # got: undef # expected: '4 # ' # Failed test 'Client Getlines Check 2' # at t\core.t line 154. # got: undef # expected: '1.04 # ' # Failed test 'Server Getlines Check 4' # Failed test 'Client Getlines Check 3' # at t\core.t line 257. # at t\core.t line 156. # got: undef # expected: '4 # got: undef # ' # expected: 'y # ' Use of uninitialized value in join or string at t\core.t line 259. # Failed test 'Client Getlines Check 4' # at t\core.t line 158. Use of uninitialized value in join or string at t\core.t line 259. Use of uninitialized value in join or string at t\core.t line 259. # got: undef # expected: 'y # ' Use of uninitialized value in join or string at t\core.t line 160. Use of uninitialized value in join or string at t\core.t line 160. Use of uninitialized value in join or string at t\core.t line 160. # Failed test 'Server Getlines Check 5' # Failed test 'Client Getlines Check 5' # at t\core.t line 259. # at t\core.t line 160. # got: '' # got: '' # expected: 'Test # expected: 'Test # Beaver # Beaver # Beaver # Beaver # ' # ' t\core.t .......................... Failed 13/48 subtests t\dhe.t ........................... ok t\ecdhe.t ......................... ok t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available t\io-socket-ip.t .................. skipped: (no reason given) t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform t\mitm.t .......................... ok t\multiple-cert-rsa-ecc.t ......... ok t\nonblock.t ...................... ok t\npn.t ........................... ok t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x160301 from client # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 connect_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 start_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # server accepted new client # wait for initial data from client # got 0x656e64 from client # client requested end of tests t\plain_upgrade_downgrade.t ....... ok t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support # failed to accept TLSv1 # looks like OpenSSL was compiled without TLSv1 support # looks like OpenSSL was compiled without TLSv1_1 support # failed to accept TLSv1_1 # failed to accept TLSv1_3 t\protocol_version.t .............. ok t\public_suffix_lib_encode_idn.t .. ok t\public_suffix_lib_libidn.t ...... ok t\public_suffix_lib_uri.t ......... ok t\public_suffix_ssl.t ............. ok t\readline.t ...................... 1/19 Use of uninitialized value $c[0] in string eq at t\readline.t line 34. t\readline.t ...................... 4/19 Use of uninitialized value $b in string eq at t\readline.t line 48. Use of uninitialized value $b in concatenation (.) or string at t\readline.t line 48. Use of uninitialized value $c[0] in string eq at t\readline.t line 58. Use of uninitialized value $c[0] in string eq at t\readline.t line 71. Use of uninitialized value $c[0] in string eq at t\readline.t line 84. t\readline.t ...................... Failed 5/19 subtests t\session_cache.t ................. ok t\session_ticket.t ................ # listen at 127.0.0.1:50529 # listen at 127.0.0.1:50530 # connect to 0: success reuse=0 version=TLSv1_3 t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=1 version=TLSv1_3 t\session_ticket.t ................ ok t\sessions.t ...................... ok t\set_curves.t .................... Failed 1/6 subtests t\signal-readline.t ............... skipped: signals not relevant on this platform t\sni.t ........................... Failed 1/17 subtests (less 1 skipped subtest: 15 okay) t\sni_verify.t .................... ok t\start-stopssl.t ................. ok t\startssl-failed.t ............... ok t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124. t\startssl.t ...................... Failed 1/21 subtests t\sysread_write.t ................. ok t\verify_fingerprint.t ............ ok t\verify_hostname.t ............... ok t\verify_hostname_standalone.t .... ok t\verify_partial_chain.t .......... ok Test Summary Report ------------------- t\connectSSL-timeout.t (Wstat: 256 Tests: 10 Failed: 2) Failed tests: 9-10 Non-zero exit status: 1 Parse errors: Bad plan. You planned 16 tests but ran 10. t\core.t (Wstat: 0 Tests: 48 Failed: 13) Failed tests: 22-34 t\readline.t (Wstat: 0 Tests: 19 Failed: 5) Failed tests: 4, 7, 10, 13, 16 t\set_curves.t (Wstat: 0 Tests: 6 Failed: 1) Failed test: 5 t\sni.t (Wstat: 0 Tests: 17 Failed: 1) Failed test: 16 t\startssl.t (Wstat: 0 Tests: 21 Failed: 1) Failed test: 21 Files=40, Tests=765, 50 wallclock secs ( 0.39 usr + 0.25 sys = 0.64 CPU) Result: FAIL Failed 6/40 test programs. 23/765 subtests failed. NMAKE : fatal error U1077: 'C:\perl-5.34.0\bin\perl.exe' : return code '0xff' Stop.
from p5-io-socket-ssl.
New version 2.073 should fix the problems with openssl 3.0 in at least core.t, connectSSL-timeout.t and readline.t . I don't have any problem with the other tests myself though.
from p5-io-socket-ssl.
FYI
IO::Socket::SSL v2.074 - t\verify_fingerprint.t consistently hangs for me on perl v5.35.7 but on different subtests
OS: Windows Server 2016
Perl version: 5.35.7
Openssl version: 3.0.1 (static compile)
NET::SSLeay version: 1.91_03
Attempt 1 - hung on t\verify_fingerprint.t subtest 8/13
C:\Data\build>cd p5-io-socket-ssl-2.074 C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL Should I do external tests? These test will detect if there are network problems and fail soft, so please disable them only if you definitely don't want to have any network traffic to external sites. [Y/n] n Checking if your kit is complete... Looks good Generating a nmake-style Makefile Writing Makefile for IO::Socket::SSL Writing MYMETA.yml and MYMETA.json C:\Data\build\p5-io-socket-ssl-2.074>nmake Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm C:\Data\build\p5-io-socket-ssl-2.074>nmake test Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021 t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03 # parent IO::Socket::IP version=0.41 t\01loadmodule.t .................. ok t\acceptSSL-timeout.t ............. ok t\alpn.t .......................... ok t\auto_verify_hostname.t .......... ok t\cert_formats.t .................. ok t\cert_no_file.t .................. ok t\compatibility.t ................. ok t\connectSSL-timeout.t ............ ok t\core.t .......................... ok t\dhe.t ........................... ok t\ecdhe.t ......................... ok t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available t\io-socket-ip.t .................. skipped: (no reason given) t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform t\mitm.t .......................... ok t\multiple-cert-rsa-ecc.t ......... ok t\nonblock.t ...................... ok t\npn.t ........................... ok t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x160301 from client # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 connect_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 start_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # server accepted new client # wait for initial data from client # got 0x656e64 from client # client requested end of tests t\plain_upgrade_downgrade.t ....... ok t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support # failed to accept TLSv1 # looks like OpenSSL was compiled without TLSv1 support # failed to accept TLSv1_1 # looks like OpenSSL was compiled without TLSv1_1 support t\protocol_version.t .............. ok t\public_suffix_lib_encode_idn.t .. ok t\public_suffix_lib_libidn.t ...... ok t\public_suffix_lib_uri.t ......... ok t\public_suffix_ssl.t ............. ok t\readline.t ...................... ok t\session_cache.t ................. ok t\session_ticket.t ................ # listen at 127.0.0.1:60587 # listen at 127.0.0.1:60588 # connect to 0: success reuse=0 version=TLSv1_3 t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=1 version=TLSv1_3 t\session_ticket.t ................ ok t\sessions.t ...................... ok t\set_curves.t .................... Failed 2/6 subtests t\signal-readline.t ............... skipped: signals not relevant on this platform t\sni.t ........................... Failed 3/17 subtests (less 3 skipped subtests: 11 okay) t\sni_verify.t .................... Failed 4/17 subtests (less 4 skipped subtests: 9 okay) t\start-stopssl.t ................. ok t\startssl-failed.t ............... ok t\startssl.t ...................... 5/21 Use of uninitialized value $l in string ne at t\startssl.t line 124. t\startssl.t ...................... Failed 1/21 subtests t\sysread_write.t ................. ok t\verify_fingerprint.t ............ 8/13
Attempt 2 - hung on t\verify_fingerprint.t subtest 6/13
C:\Data\build>rmdir /s /q p5-io-socket-ssl-2.074 C:\Data\build>cd p5-io-socket-ssl-2.074 C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL Should I do external tests? These test will detect if there are network problems and fail soft, so please disable them only if you definitely don't want to have any network traffic to external sites. [Y/n] n Checking if your kit is complete... Looks good Generating a nmake-style Makefile Writing Makefile for IO::Socket::SSL Writing MYMETA.yml and MYMETA.json C:\Data\build\p5-io-socket-ssl-2.074>nmake Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod C:\Data\build\p5-io-socket-ssl-2.074>nmake test Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021 t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03 # parent IO::Socket::IP version=0.41 t\01loadmodule.t .................. ok t\acceptSSL-timeout.t ............. ok t\alpn.t .......................... ok t\auto_verify_hostname.t .......... ok t\cert_formats.t .................. ok t\cert_no_file.t .................. ok t\compatibility.t ................. ok t\connectSSL-timeout.t ............ ok t\core.t .......................... ok t\dhe.t ........................... ok t\ecdhe.t ......................... ok t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available t\io-socket-ip.t .................. skipped: (no reason given) t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform t\mitm.t .......................... ok t\multiple-cert-rsa-ecc.t ......... ok t\nonblock.t ...................... ok t\npn.t ........................... ok t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x160301 from client # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 connect_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 start_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # server accepted new client # wait for initial data from client # got 0x656e64 from client # client requested end of tests t\plain_upgrade_downgrade.t ....... ok t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support # failed to accept TLSv1 # looks like OpenSSL was compiled without TLSv1 support # failed to accept TLSv1_1 # looks like OpenSSL was compiled without TLSv1_1 support t\protocol_version.t .............. ok t\public_suffix_lib_encode_idn.t .. ok t\public_suffix_lib_libidn.t ...... ok t\public_suffix_lib_uri.t ......... ok t\public_suffix_ssl.t ............. ok t\readline.t ...................... ok t\session_cache.t ................. ok t\session_ticket.t ................ # listen at 127.0.0.1:61084 # listen at 127.0.0.1:61085 # connect to 0: success reuse=0 version=TLSv1_3 t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=1 version=TLSv1_3 t\session_ticket.t ................ ok t\sessions.t ...................... ok t\set_curves.t .................... Failed 3/6 subtests t\signal-readline.t ............... skipped: signals not relevant on this platform t\sni.t ........................... Failed 2/17 subtests t\sni.t ........................... Failed 2/17 subtests (less 2 skipped subtests: 13 okay) t\sni_verify.t .................... Failed 4/17 subtests (less 4 skipped subtests: 9 okay) t\start-stopssl.t ................. ok t\startssl-failed.t ............... ok t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124. t\startssl.t ...................... Failed 1/21 subtests t\sysread_write.t ................. ok t\verify_fingerprint.t ............ 6/13
Individually checking verify_fingerprint.t
This also hangs after printing ok 13 - accept leaf cert1 as trust anchor for saddr1
t\sysread_write.t ................. ok t\verify_fingerprint.t ............ 6/13 C:\Data\build\p5-io-socket-ssl-2.074> C:\Data\build\p5-io-socket-ssl-2.074>perl -Mblib t\verify_fingerprint.t 1..13 ok 1 - accept fp1 for saddr1 ok 2 - accept fp1 pubkey for saddr1 ok 3 - accept fp2 for saddr2 ok 4 - reject ifp2 for saddr2 ok 5 - reject fp2 for saddr1 ok 6 - reject fp1 for saddr2 ok 7 - accept fp1|fp2 for saddr1 ok 8 - accept fp1|fp2 for saddr2 ok 9 - accept fp2 for saddr2 even if ca1 given ok 10 - accept ca2 for saddr2 ok 11 - reject ca2 for saddr1 ok 12 - accept ca[12] for saddr1 ok 13 - accept leaf cert1 as trust anchor for saddr1 C:\Data\build\p5-io-socket-ssl-2.074> C:\Data\build\p5-io-socket-ssl-2.074> C:\Data\build\p5-io-socket-ssl-2.074> C:\Data\build\p5-io-socket-ssl-2.074>perl -Mblib t\verify_fingerprint.t 1..13 ok 1 - accept fp1 for saddr1 ok 2 - accept fp1 pubkey for saddr1 ok 3 - accept fp2 for saddr2 ok 4 - reject ifp2 for saddr2 ok 5 - reject fp2 for saddr1 ok 6 - reject fp1 for saddr2 ok 7 - accept fp1|fp2 for saddr1 ok 8 - accept fp1|fp2 for saddr2 ok 9 - accept fp2 for saddr2 even if ca1 given ok 10 - accept ca2 for saddr2 ok 11 - reject ca2 for saddr1 ok 12 - accept ca[12] for saddr1 ok 13 - accept leaf cert1 as trust anchor for saddr1
from p5-io-socket-ssl.
I'm not sure about the cause of the problem. Given that the server process is already running the latest idea I have is that the TCP connection is done with the listener socket inside the parent process. Could you please check with the small patch from 55a8d7d which makes sure that only one process has actually the server socket?
from p5-io-socket-ssl.
The patch from 55a8d7d works sometimes for my environment:
OS: Windows Server 2016
Perl version: 5.35.7
Openssl version: 3.0.1 (static compile)
NET::SSLeay version: 1.91_03
Attempts to reproduce the following are met with varying degrees of success.
Sometimes t\verify_fingerprint.t
hangs; sometimes it does not (see final paragraph at the end of this comment).
Attempt 1:
C:\Data\build>rmdir /s /q p5-io-socket-ssl-2.074 C:\Data\build>7z x p5-io-socket-ssl-2.074.tar.gz -aoa -tgzip -so | 7z x -aoa -si -ttar -o.\ 7-Zip 21.07 (x64) : Copyright (c) 1999-2021 Igor Pavlov : 2021-12-26 Extracting archive: -- Path = Type = tar Code Page = UTF-8 Characteristics = ASCII Everything is Ok Folders: 10 Files: 87 Size: 766219 Compressed: 51200 C:\Data\build>cd /D .\p5-io-socket-ssl-2.074 C:\Data\build\p5-io-socket-ssl-2.074>set PATCH_DIR=C:\Data\Patches\IO-Socket-SSL-2.074 C:\Data\build\p5-io-socket-ssl-2.074>type %PATCH_DIR%\0003-verify_fingerprint.t.patch --- a/t/verify_fingerprint.t Fri Jan 07 15:08:53 2022 +++ b/t/verify_fingerprint.t Tue Jan 18 09:33:49 2022 @@ -80,8 +80,11 @@ defined( my $pid = fork()) or die $!; if ( $pid ) { push @child,$pid; + my $saddr = '127.0.0.1:'.$sock->sockport; + close($sock); return ( - '127.0.0.1:'.$sock->sockport, + # '127.0.0.1:'.$sock->sockport, + $saddr, map { [ 'sha1$'.Net::SSLeay::X509_get_fingerprint($_,'sha1'), 'sha1$pub$'.unpack("H*",Net::SSLeay::X509_pubkey_digest($_, C:\Data\build\p5-io-socket-ssl-2.074>patch -p1 < %PATCH_DIR%\0003-verify_fingerprint.t.patch patching file t/verify_fingerprint.t C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL Should I do external tests? These test will detect if there are network problems and fail soft, so please disable them only if you definitely don't want to have any network traffic to external sites. [Y/n] n Checking if your kit is complete... Looks good Generating a nmake-style Makefile Writing Makefile for IO::Socket::SSL Writing MYMETA.yml and MYMETA.json C:\Data\build\p5-io-socket-ssl-2.074>nmake Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm C:\Data\build\p5-io-socket-ssl-2.074>nmake test Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021 t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03 # parent IO::Socket::IP version=0.41 t\01loadmodule.t .................. ok t\acceptSSL-timeout.t ............. ok t\alpn.t .......................... ok t\auto_verify_hostname.t .......... ok t\cert_formats.t .................. ok t\cert_no_file.t .................. ok t\compatibility.t ................. ok t\connectSSL-timeout.t ............ ok t\core.t .......................... ok t\dhe.t ........................... ok t\ecdhe.t ......................... ok t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available t\io-socket-ip.t .................. skipped: (no reason given) t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform t\mitm.t .......................... ok t\multiple-cert-rsa-ecc.t ......... ok t\nonblock.t ...................... ok t\npn.t ........................... ok t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x160301 from client # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 connect_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 start_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # server accepted new client # wait for initial data from client # got 0x656e64 from client # client requested end of tests t\plain_upgrade_downgrade.t ....... ok t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support # failed to accept TLSv1 # looks like OpenSSL was compiled without TLSv1 support # failed to accept TLSv1_1 # looks like OpenSSL was compiled without TLSv1_1 support t\protocol_version.t .............. ok t\public_suffix_lib_encode_idn.t .. ok t\public_suffix_lib_libidn.t ...... ok t\public_suffix_lib_uri.t ......... ok t\public_suffix_ssl.t ............. ok t\readline.t ...................... ok t\session_cache.t ................. ok t\session_ticket.t ................ # listen at 127.0.0.1:54772 # listen at 127.0.0.1:54773 # connect to 0: success reuse=0 version=TLSv1_3 t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=1 version=TLSv1_3 t\session_ticket.t ................ 3/6 # connect to 1: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=1 version=TLSv1_3 t\session_ticket.t ................ ok t\sessions.t ...................... ok t\set_curves.t .................... Failed 1/6 subtests t\signal-readline.t ............... skipped: signals not relevant on this platform t\sni.t ........................... Failed 1/17 subtests (less 1 skipped subtest: 15 okay) t\sni_verify.t .................... Failed 4/17 subtests (less 4 skipped subtests: 9 okay) t\start-stopssl.t ................. ok t\startssl-failed.t ............... ok t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124. t\startssl.t ...................... Failed 1/21 subtests t\sysread_write.t ................. ok t\verify_fingerprint.t ............ ok t\verify_hostname.t ............... ok t\verify_hostname_standalone.t .... ok t\verify_partial_chain.t .......... ok Test Summary Report ------------------- t\set_curves.t (Wstat: 0 Tests: 6 Failed: 1) Failed test: 5 t\sni.t (Wstat: 0 Tests: 17 Failed: 1) Failed test: 16 t\sni_verify.t (Wstat: 0 Tests: 17 Failed: 4) Failed tests: 10, 12, 14, 16 t\startssl.t (Wstat: 0 Tests: 21 Failed: 1) Failed test: 21 Files=40, Tests=772, 90 wallclock secs ( 0.36 usr + 0.31 sys = 0.67 CPU) Result: FAIL Failed 4/40 test programs. 7/772 subtests failed. NMAKE : fatal error U1077: 'C:\perl-5.35.7\bin\perl.exe' : return code '0xff' Stop. C:\Data\build\p5-io-socket-ssl-2.074>
Attempt 1 + n:
C:\Data\build\p5-io-socket-ssl-2.074>cd .. C:\Data\build>rmdir /s /q p5-io-socket-ssl-2.074 C:\Data\build>7z x p5-io-socket-ssl-2.074.tar.gz -aoa -tgzip -so | 7z x -aoa -si -ttar -o.\ 7-Zip 21.07 (x64) : Copyright (c) 1999-2021 Igor Pavlov : 2021-12-26 Extracting archive: -- Path = Type = tar Code Page = UTF-8 Characteristics = ASCII Everything is Ok Folders: 10 Files: 87 Size: 766219 Compressed: 51200 C:\Data\build>cd /D .\p5-io-socket-ssl-2.074 C:\Data\build\p5-io-socket-ssl-2.074>set PATCH_DIR=C:\Data\Patches\IO-Socket-SSL-2.074 C:\Data\build\p5-io-socket-ssl-2.074>patch -p1 < %PATCH_DIR%\0003-verify_fingerprint.t.patch patching file t/verify_fingerprint.t C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL Should I do external tests? These test will detect if there are network problems and fail soft, so please disable them only if you definitely don't want to have any network traffic to external sites. [Y/n] n Checking if your kit is complete... Looks good Generating a nmake-style Makefile Writing Makefile for IO::Socket::SSL Writing MYMETA.yml and MYMETA.json C:\Data\build\p5-io-socket-ssl-2.074>nmake Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm C:\Data\build\p5-io-socket-ssl-2.074>nmake test Microsoft (R) Program Maintenance Utility Version 14.29.30138.0 Copyright (C) Microsoft Corporation. All rights reserved. "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021 t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03 # parent IO::Socket::IP version=0.41 t\01loadmodule.t .................. ok t\acceptSSL-timeout.t ............. ok t\alpn.t .......................... ok t\auto_verify_hostname.t .......... ok t\cert_formats.t .................. ok t\cert_no_file.t .................. ok t\compatibility.t ................. ok t\connectSSL-timeout.t ............ ok t\core.t .......................... ok t\dhe.t ........................... ok t\ecdhe.t ......................... ok t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available t\io-socket-ip.t .................. skipped: (no reason given) t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform t\mitm.t .......................... ok t\multiple-cert-rsa-ecc.t ......... ok t\nonblock.t ...................... ok t\npn.t ........................... ok t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x160301 from client # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 connect_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # -- test: newSSL:0 start_SSL stop_SSL connect_SSL # server accepted new client # wait for initial data from client # got 0x666f6f from client # server: got plain data at start of connection # server: TLS upgrade # server: TLS downgrade # server: TLS upgrade#2 # server accepted new client # wait for initial data from client # got 0x656e64 from client # client requested end of tests t\plain_upgrade_downgrade.t ....... ok t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support # failed to accept TLSv1 # looks like OpenSSL was compiled without TLSv1 support # failed to accept TLSv1_1 # looks like OpenSSL was compiled without TLSv1_1 support t\protocol_version.t .............. ok t\public_suffix_lib_encode_idn.t .. ok t\public_suffix_lib_libidn.t ...... ok t\public_suffix_lib_uri.t ......... ok t\public_suffix_ssl.t ............. ok t\readline.t ...................... ok t\session_cache.t ................. ok t\session_ticket.t ................ # listen at 127.0.0.1:55786 # listen at 127.0.0.1:55787 # connect to 0: success reuse=0 version=TLSv1_3 t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=1 version=TLSv1_3 t\session_ticket.t ................ ok t\sessions.t ...................... ok t\set_curves.t .................... Failed 2/6 subtests t\signal-readline.t ............... skipped: signals not relevant on this platform t\sni.t ........................... Failed 3/17 subtests (less 3 skipped subtests: 11 okay) t\sni_verify.t .................... Failed 4/17 subtests (less 4 skipped subtests: 9 okay) t\start-stopssl.t ................. ok t\startssl-failed.t ............... ok t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124. t\startssl.t ...................... Failed 1/21 subtests t\sysread_write.t ................. ok t\verify_fingerprint.t ............ 8/13 Terminating on signal SIGINT(2) NMAKE : fatal error U1058: terminated by user Stop. C:\Data\build\p5-io-socket-ssl-2.074>
I have found that for it to work consistently - the following three conditions need to be met:
- all associated [orphaned] Perl processes must be killed
- the developer command prompt needs to be closed and re-opened anew
- start from a cleanly extracted p5-io-socket-ssl-2.074.tar.gz archive
from p5-io-socket-ssl.
As for the recent Perl builds using Visual Studio, I am concerned about the Windows section of perl5260delta.
from p5-io-socket-ssl.
Related Issues (20)
- t/nonblock.t: Failing on FreeBSD-12 and -13 HOT 16
- CERT_asHash() returns certificate validity date out by local UTC offset HOT 7
- TLS-SRP (client) support HOT 1
- Support Net::LibIDN2? HOT 1
- Issue with failing t/cert_formats.t for OpenSSL 3.0.0 HOT 3
- .../IO/Socket/SSL.pm:1177: global error: Undefined SSL object HOT 5
- start_SSL causes debug error "Undefined SSL object" HOT 1
- OpenSSL-3.0.0 support HOT 4
- "no cipher match" after upgrade to IO::Socket::SSL 2.073 HOT 2
- Test set_curves.t appears to be sensitive to timing HOT 6
- Failed to compile perl-IO-Socket-SSL-1.94-7 HOT 1
- IO-Socket-SSL fails tests on OpenBSD HOT 4
- When will 2.075 hit CPAN? HOT 2
- Two test failures on threaded debugging perl HOT 4
- Self-signed certificate allowed for any IP address HOT 4
- Default SSL_version should be restricted to TLS 1.2+ HOT 4
- IPv6 iPAddress subjectAltName verification fails without SSL_verifycn_name HOT 1
- Scan Flagged Potential Compliance Issue with these Certs -- Need to confirm HOT 1
- t/external/ocsp.t: Failing external test HOT 1
- Use of uninitialized value $2 in concatenation (.) or string at /usr/local/lib/perl5/site_perl/IO/Socket/SSL.pm line 792. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from p5-io-socket-ssl.