Bug#606249: libio-socket-ssl-perl: verify_callback invoked 3 times per connection

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Dec 7 19:45:02 UTC 2010 

Package: libio-socket-ssl-perl
Version: 1.35-1
Severity: normal

If i supply a verify_callback, i find it gets invoked three times for
a single connection, if the callback is approved each time (if the
callback ever fails, it looks like it shortcuts the repeated verify
attempts).  This is surprising to me.  if it is intentional, i think
it should be better-documented at least.

If it is not intentional, it's possible that the bug is in
Net::SSLeay, or even further down in the stack.  Feel free to
re-assign as you see fit.

Attached is a simple test case if you want to verify for yourself.
when i run it i get:

0 dkg at pip:~/tmp$ ./demoproblem.pl 
DEBUG: .../IO/Socket/SSL.pm:1461: new ctx 163340976
DEBUG: .../IO/Socket/SSL.pm:332: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:334: socket connected
DEBUG: .../IO/Socket/SSL.pm:347: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:1453: ok=0 cert=163571568
verify called (7 ok)
DEBUG: .../IO/Socket/SSL.pm:1453: ok=0 cert=163571568
verify called (7 ok)
DEBUG: .../IO/Socket/SSL.pm:1453: ok=1 cert=163146456
verify called (7 ok)
DEBUG: .../IO/Socket/SSL.pm:390: Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:445: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:1497: free ctx 163340976 open=163340976
DEBUG: .../IO/Socket/SSL.pm:1502: free ctx 163340976 callback
DEBUG: .../IO/Socket/SSL.pm:1505: OK free ctx 163340976
got 8271 characters
0 dkg at pip:~/tmp$ 

thanks for maintaining IO::Socket::SSL in debian!

       --dkg

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.36-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libio-socket-ssl-perl depends on:
ii  libnet-ssleay-perl            1.36-1     Perl module for Secure Sockets Lay
ii  netbase                       4.43       Basic TCP/IP networking system
ii  perl                          5.10.1-16  Larry Wall's Practical Extraction 

Versions of packages libio-socket-ssl-perl recommends:
ii  libnet-libidn-perl          0.12.ds-1+b1 Perl bindings for GNU Libidn

Versions of packages libio-socket-ssl-perl suggests:
pn  libio-socket-inet6-perl       <none>     (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demoproblem.pl
Type: text/x-perl
Size: 946 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101207/7d698cfb/attachment-0001.pl>

More information about the pkg-perl-maintainers mailing list