fix FreeBSD FAIL because of renegotiate()
Apocalypse
14 years ago
0 | 0 | Revision history for Perl extension POE::Component::SSLify. |
1 | ||
2 | * 0.17 | |
3 | ||
4 | Fixed the t/simple.t test to PASS on FreeBSD because Net::SSLeay::renegotiate was buggy on it, thanks CPANTesters! | |
5 | Added note about OpenSSL functions in the POD. | |
1 | 6 | |
2 | 7 | * 0.16 |
3 | 8 |
Binary diff not shown
2 | 2 | |
3 | 3 | # Initialize our version |
4 | 4 | use vars qw( $VERSION ); |
5 | $VERSION = '0.16'; | |
5 | $VERSION = '0.17'; | |
6 | 6 | |
7 | 7 | # Import the SSL death routines |
8 | 8 | use Net::SSLeay qw( die_now die_if_ssl_error ); |
2 | 2 | |
3 | 3 | # Initialize our version |
4 | 4 | use vars qw( $VERSION ); |
5 | $VERSION = '0.16'; | |
5 | $VERSION = '0.17'; | |
6 | 6 | |
7 | 7 | # Import the SSL death routines |
8 | 8 | use Net::SSLeay qw( die_now die_if_ssl_error ); |
2 | 2 | |
3 | 3 | # Initialize our version |
4 | 4 | use vars qw( $VERSION ); |
5 | $VERSION = '0.16'; | |
5 | $VERSION = '0.17'; | |
6 | 6 | |
7 | 7 | # We need Net::SSLeay or all's a failure! |
8 | 8 | BEGIN { |
14 | 14 | die $@; |
15 | 15 | } else { |
16 | 16 | # Check to make sure the versions are what we want |
17 | # TODO what if Net::SSLeay is upgraded to 1.4? :( | |
17 | 18 | if ( ! ( defined $Net::SSLeay::VERSION and |
18 | 19 | $Net::SSLeay::VERSION =~ /^1\.3/ ) ) { |
19 | 20 | warn 'Please upgrade Net::SSLeay to v1.30+ installed: v' . $Net::SSLeay::VERSION; |
344 | 345 | } |
345 | 346 | } |
346 | 347 | |
348 | =head2 OpenSSL functions | |
349 | ||
350 | Theoretically you can do anything that Net::SSLeay exports from the OpenSSL libs on the socket. However, I have not tested every | |
351 | possible function against SSLify, so use them carefully! If you have success, please report back to me so I can update this doc! | |
352 | ||
353 | =head3 Net::SSLeay::renegotiate | |
354 | ||
355 | This function has been tested ( it's in t/simple.t ) but it doesn't work on FreeBSD! I tracked it down to this security advisory: | |
356 | L<http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc> which explains it in detail. The test will skip this function | |
357 | if it detects that you're on a FreeBSD system. However, if you have the updated OpenSSL library that fixes this you can use it. | |
358 | ||
347 | 359 | =head1 FUNCTIONS |
348 | 360 | |
349 | 361 | =head2 Client_SSLify |
1 | 1 | |
2 | 2 | # Thanks to ASCENT for this test! |
3 | 3 | |
4 | use strict; | |
5 | use warnings; | |
6 | use Test::More tests => 22; | |
4 | use strict; use warnings; | |
5 | ||
6 | my $numtests; | |
7 | BEGIN { | |
8 | $numtests = 22; | |
9 | ||
10 | eval "use Test::NoWarnings"; | |
11 | if ( ! $@ ) { | |
12 | # increment by one | |
13 | $numtests++; | |
14 | ||
15 | } | |
16 | } | |
17 | ||
18 | use Test::More tests => $numtests; | |
7 | 19 | |
8 | 20 | use POE; |
9 | 21 | use POE::Component::Client::TCP; |
108 | 120 | { |
109 | 121 | ok(1, "CLIENT: recv: $line"); |
110 | 122 | |
111 | ## Force SSL renegotiation | |
112 | my $ssl = tied(*{$heap->{server}->get_output_handle})->{ssl}; | |
113 | my $reneg_num = Net::SSLeay::num_renegotiations($ssl); | |
123 | # Skip 2 Net::SSLeay::renegotiate() tests on FreeBSD because of | |
124 | # http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc | |
125 | TODO: { | |
126 | local $TODO = "Net::SSLeay::renegotiate() does not work on all platforms"; | |
114 | 127 | |
115 | ok(1 == Net::SSLeay::renegotiate($ssl), 'CLIENT: SSL renegotiation'); | |
116 | my $handshake = Net::SSLeay::do_handshake($ssl); | |
117 | my $err = Net::SSLeay::get_error($ssl, $handshake); | |
128 | ## Force SSL renegotiation | |
129 | my $ssl = tied(*{$heap->{server}->get_output_handle})->{ssl}; | |
130 | my $reneg_num = Net::SSLeay::num_renegotiations($ssl); | |
118 | 131 | |
119 | ## 1 == Successful handshake, ERROR_WANT_(READ|WRITE) == non-blocking. | |
120 | ok($handshake == 1 || $err == ERROR_WANT_READ || $err == ERROR_WANT_WRITE, 'CLIENT: SSL handshake'); | |
121 | ok($reneg_num < Net::SSLeay::num_renegotiations($ssl), 'CLIENT: Increased number of negotiations'); | |
132 | ok(1 == Net::SSLeay::renegotiate($ssl), 'CLIENT: SSL renegotiation'); | |
133 | my $handshake = Net::SSLeay::do_handshake($ssl); | |
134 | my $err = Net::SSLeay::get_error($ssl, $handshake); | |
135 | ||
136 | ## 1 == Successful handshake, ERROR_WANT_(READ|WRITE) == non-blocking. | |
137 | ok($handshake == 1 || $err == ERROR_WANT_READ || $err == ERROR_WANT_WRITE, 'CLIENT: SSL handshake'); | |
138 | ok($reneg_num < Net::SSLeay::num_renegotiations($ssl), 'CLIENT: Increased number of negotiations'); | |
139 | } | |
122 | 140 | |
123 | 141 | $heap->{server}->put('ping2'); |
124 | 142 | } |