Bug#839576: libio-socket-ssl-perl: Cannot use SSL_key_file with ACL permissions

Steffen Ullrich sullr at cpan.org
Sun Oct 2 19:43:55 UTC 2016 

Hi,

This issue is fixed in IO::Socket::SSL version 2.017 or with commit 
https://github.com/noxxi/p5-io-socket-ssl/commit/7432b34 in case you want to 
backport this change.

Regards,
Steffen Ullrich,
Maintainer IO::Socket::SSL


On Sun, 02 Oct 2016 12:05:23 +0200 Michael Braun <michael-dev at fami-braun.de> wrote:
> Package: libio-socket-ssl-perl
> Version: 2.002-2+deb8u1
> Severity: normal
>
> Dear Maintainer,
>
> I upgraded from wheezy to jessie. The issue did not occur before.
>
> I am running a perl daemon as some non-root user that uses SSL_key_file with IO::Socket::SSL->start_SSL($client, SSL_server => 1, SSL_key_file => ..., ...).
>
> The key file given is owned by root:root, but getfacl reports user:$daemonuser:r-- and using "sudo -u $daemonuser cat $SSL_key_file" works fine.
>
> Though, the daemon does not longer accept clients writing to STDERR "SSL_key_file ... is not accessible at /usr/share/perl5/IO/Socket/SSL.pm line 2010".
>
> That source line reads like it is supposed to check readiblity of the key file given. I expect it to pass as the file is actually readable and start SSL communication with the client.
>
> Regards,
> M. Braun
>
>
> -- System Information:
> Debian Release: 8.6
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.2.1-040201-generic (SMP w/8 CPU cores)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.utf8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages libio-socket-ssl-perl depends on:
> ii  libnet-ssleay-perl  1.65-1+deb8u1
> ii  netbase             5.3
> ii  perl                5.20.2-3+deb8u6
>
> Versions of packages libio-socket-ssl-perl recommends:
> ii  libio-socket-inet6-perl     2.72-1
> ii  libsocket6-perl             0.25-1+b1
> ii  liburi-perl                 1.64-1
> ii  perl                        5.20.2-3+deb8u6
> ii  perl-base [libsocket-perl]  5.20.2-3+deb8u6
>
> Versions of packages libio-socket-ssl-perl suggests:
> ii  ca-certificates  20141019+deb8u1
>
> -- no debconf information
>
>

More information about the pkg-perl-maintainers mailing list