[perl-IO-Socket-IP/f19] Fix multihomed SSL
Petr Pisar
ppisar at fedoraproject.org
Wed Jul 9 07:25:26 UTC 2014
commit 6f804a3698febc0fd4f11b5102b7d44715913179
Author: Petr Písař <ppisar at redhat.com>
Date: Wed Jul 9 09:21:46 2014 +0200
Fix multihomed SSL
IO-Socket-IP-0.30-multihomed_SSL.patch | 58 ++++++++++++++++++++++++++++++++
perl-IO-Socket-IP.spec | 8 ++++-
2 files changed, 65 insertions(+), 1 deletions(-)
---
diff --git a/IO-Socket-IP-0.30-multihomed_SSL.patch b/IO-Socket-IP-0.30-multihomed_SSL.patch
new file mode 100644
index 0000000..1223385
--- /dev/null
+++ b/IO-Socket-IP-0.30-multihomed_SSL.patch
@@ -0,0 +1,58 @@
+Am Di 08. Jul 2014, 06:35:58, PEVANS schrieb:
+> I may have to revert this one because it's causing bad knock-on
+> effects with IO::Socket::SSL:
+>
+> https://rt.cpan.org/Ticket/Display.html?id=97050
+>
+> Basically: the very thing it was supposed to fix, it has broken. Meh.
+
+Yes, unfortunately it wasn't as easy as I thought because the calling scheme inside IO::Socket::* (i.e. new -> configure -> connect ) isn't that simple if you have a class hierarchy and also try to implement multi-homing :(
+
+But I think I have a working patch (included, against 0.30).
+The basic idea of the patch is that one has to distinguish between an error at the transport layer which can be solved with IP based multi-homing and an error at the application layer. One could expect the system error to be reflected inside $!, while an application error will probably not set $! (e.g. IO::Socket::SSL sets an $SSL_ERROR variable). So if connect fails, but $! is not set, one can assume error at the application layer and stop trying to fix it with IP based multi-homing.
+
+The other difference in the patch is to change $self->IO::Socket::IP::connect($addr) to CORE::connect($self,$addr), because if you have a look at the connect function it simple calls CORE::connect if an $addr argument is given. It was already right to not use $self->connect in this place, it was only a problem if called from inside the new - configure - connect chain.
+
+With this patch the tests inside IO::Socket::IP pass and also the tests of IO::Socket::SSL.
+
+Regards,
+Steffen
+
+<https://rt.cpan.org/Public/Bug/Display.html?id=95983>
+
+diff --git a/lib/IO/Socket/IP.pm b/lib/IO/Socket/IP.pm
+index 1911145..16eb7c8 100644
+--- a/lib/IO/Socket/IP.pm
++++ b/lib/IO/Socket/IP.pm
+@@ -601,7 +601,7 @@ sub setup
+ }
+
+ if( defined( my $addr = $info->{peeraddr} ) ) {
+- if( $self->IO::Socket::IP::connect( $addr ) ) {
++ if( $self->connect( $addr ) ) {
+ $! = 0;
+ return 1;
+ }
+@@ -611,6 +611,13 @@ sub setup
+ return 0;
+ }
+
++ # If connect failed but we have no system error there must be an error
++ # at the application layer, like a bad certificate with
++ # IO::Socket::SSL.
++ # In this case don't continue IP based multi-homing because the problem
++ # cannot be solved at the IP layer.
++ return 0 if ! $!;
++
+ ${*$self}{io_socket_ip_errors}[0] = $!;
+ next;
+ }
+@@ -651,7 +658,7 @@ sub connect
+ # (still in progress). This even works on MSWin32.
+ my $addr = ${*$self}{io_socket_ip_infos}[${*$self}{io_socket_ip_idx}]{peeraddr};
+
+- if( $self->IO::Socket::IP::connect( $addr ) or $! == EISCONN ) {
++ if( CORE::connect( $self, $addr ) or $! == EISCONN ) {
+ delete ${*$self}{io_socket_ip_connect_in_progress};
+ $! = 0;
+ return 1;
diff --git a/perl-IO-Socket-IP.spec b/perl-IO-Socket-IP.spec
index 2c059f6..7b30952 100644
--- a/perl-IO-Socket-IP.spec
+++ b/perl-IO-Socket-IP.spec
@@ -1,11 +1,13 @@
Name: perl-IO-Socket-IP
Version: 0.30
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Drop-in replacement for IO::Socket::INET supporting both IPv4 and IPv6
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/IO-Socket-IP/
Source0: http://www.cpan.org/authors/id/P/PE/PEVANS/IO-Socket-IP-%{version}.tar.gz
+# Fix multihomed SSL, bug #1116600, CPAN RT#95983
+Patch0: IO-Socket-IP-0.30-multihomed_SSL.patch
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl(base)
@@ -33,6 +35,7 @@ arguments and methods are provided in a backward-compatible way.
%prep
%setup -q -n IO-Socket-IP-%{version}
+%patch0 -p1
%build
perl Build.PL installdirs=vendor
@@ -53,6 +56,9 @@ rm -f t/21nonblocking-connect-internet.t
%{_mandir}/man3/*
%changelog
+* Wed Jul 09 2014 Petr Pisar <ppisar at redhat.com> - 0.30-2
+- Fix multihomed SSL (bug #1116600)
+
* Mon Jul 07 2014 Petr Pisar <ppisar at redhat.com> - 0.30-1
- 0.30 bump
More information about the scm-commits
mailing list