Use of uninitialized value $ret ... at lib/SSLinfo.pm line 1998

EnDe commented 1 month ago

as reported by @kylak in issue 137:

Here is the result of perl -le 'print $]' : 5.016003.

And here what I have for ./o-saft.pl +cn MY_HOST:

**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. **WARNING: 204: Can't make a connection to 'MY_HOST:443' without SNI; no initial data (compare with and without SNI not possible) **WARNING: 203: connection without SNI succeded with errors; errors ignored !!Hint: use '--v' to show more information about SSLinfo::do_ssl_open() errors Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998. **WARNING: 205: Can't make a connection to 'MY_HOST:443'; target ignored !!Hint: use '--v' to show more information !!Hint: use '--socket-reuse' it may help in some cases !!Hint: use '--ignore-no-conn' to disable this check

EnDe commented 1 month ago

hmm, this error does not make sense with the latest SSLinfo,pm Can you please post the result of grep "SID_sslinfo " lib/SSLinfo.pm Thanks.

kylak commented 1 month ago

Here is the result of grep "SID_sslinfo " lib/SSLinfo.pm :

my  $SID_sslinfo    =  "@(#) SSLinfo.pm 3.19 24/07/27 14:44:43";

EnDe commented 1 month ago

strange, please post result of sed -ne '1994,+7 p' lib/SSLinfo.pm

kylak commented 1 month ago

Here is the result of sed -ne '1994,+7 p' lib/SSLinfo.pm :

        $ret = 1; # success
        goto FIN;
    } # TRY
    push(@{$_SSLinfo{'errors'}}, "_ssleay_ctx_ca() failed calling $src: $err");
    FIN:
    _trace("_ssleay_ctx_ca()\t= $ret }");
    return $ret;
} # _ssleay_ctx_ca

EnDe commented 1 month ago

should be fixed in lib/SSLinfo.pm

EnDe commented 1 month ago

BTW, you habe seen **WARNING: 205: Can't make a connection to 'MY_HOST:443'

which is an issue with your MY_HOST.

kylak commented 1 month ago

I've just tried google.fr as my host and I got this (the same 205 warning) :

[admin@v3dexpserver O-Saft-master]$ ./o-saft.pl +cn google.fr
**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
**WARNING: 204: Can't make a connection to 'google.fr:443' without SNI; no initial data (compare with and without SNI not possible)
**WARNING: 203: connection without SNI succeded with errors; errors ignored
!!Hint: use '--v' to show more information about SSLinfo::do_ssl_open() errors
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
Use of uninitialized value $ret in concatenation (.) or string at lib/SSLinfo.pm line 1998.
**WARNING: 205: Can't make a connection to 'google.fr:443'; target ignored
!!Hint: use '--v' to show more information
!!Hint: use '--socket-reuse' it may help in some cases
!!Hint: use '--ignore-no-conn' to disable this check

Is it normal?

EnDe commented 1 month ago

Hi kylak, your system becomes a real challenge;-) As one of our established goals is to run on ancient systems, we'll try to fix this issue, or at least to provide a workaround. Will take a while, in particular as I cannot yet reproduce the problem using your setup on my system.

Meanwhile, can you please post result of:

openssl version
ldd /FULL/PATH/TO/openssl | grep libssl.so # if you have ldd

If possible, you may install Net::SSLeay > 1.87 and test again.

Please note that testing for ciphers does not need openssl and Net::SSLeay by default. So you may try ./o-saft.pl +cipher MY_HOST

I'm back when I have some kind of analyse/debug script ...

kylak commented 1 month ago

Hi,

Sorry I didn't see this message or I forgot to apply the updated file.

So I've ran again ./o-saft.pl +cn google.fr with the last version of lib/SSLinfo.pm and here is what I have :

**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
**WARNING: 204: Can't make a connection to 'google.fr:443' without SNI; no initial data (compare with and without SNI not possible)
**WARNING: 203: connection without SNI succeded with errors; errors ignored
!!Hint: use '--v' to show more information about SSLinfo::do_ssl_open() errors
**WARNING: 205: Can't make a connection to 'google.fr:443'; target ignored
!!Hint: use '--v' to show more information
!!Hint: use '--socket-reuse' it may help in some cases
!!Hint: use '--ignore-no-conn' to disable this check

To answer your last message, Net::SSLeay 1.94 has been installed, and here are the results of the commands :

openssl version : OpenSSL 1.0.2k-fips 26 Jan 2017
ldd /usr/bin/openssl | grep libssl.so : libssl.so.10 => /lib64/libssl.so.10 (0x00007fdc9fbe0000)

EnDe commented 1 month ago

ok thanks, This at least shows, that your Net::SSLeay 1.55 is not the problem. Great. Have never seen libssl.so.10, may be it has to do with OpenSSL 1.0.2k-fips.

Can you please post results of:

./o-saft.pl --test-openssl
./o-saft.pl --test-ssleay
`./o-saft.pl +cn --trace=4 YOUHOST 2>&1 |grep OP

kylak commented 1 month ago

Sure, here is the result of ./o-saft.pl --test-openssl :

**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
#o-saft.pl: --testopenssl
#OTrace::_test_openssl:

=== internal data structure %_OpenSSL_opt ===
=
= Print internal data structure from SSLinfo.
=

= using /usr/bin/openssl
=-----------------------+----------------
= _OpenSSL_opt          | 1=available
=-----------------------+----------------
                -CAfile = 1
                -CApath = 1
                  -alpn = 1
                  -bugs = 1
        -client_sigalgs = 1
                  -comp = 0
                -curves = 1
                 -debug = 1
                  -dtls = 0
                 -dtls1 = 1
               -dtls1_1 = 0
               -dtls1_2 = 0
               -dtls1_3 = 0
         -fallback_scsv = 1
                   -key = 1
  -legacy_renegotiation = 1
 -legacy_server_connect = 0
   -legacyrenegotiation = 0
                   -msg = 1
                  -nbio = 1
             -nbio_test = 1
          -nextprotoneg = 1
               -no_comp = 0
-no_legacy_server_connect   = 0
      -no_renegotiation = 0
               -no_ssl2 = 0
               -no_ssl3 = 0
             -no_ticket = 1
               -no_tls1 = 0
             -no_tls1_1 = 0
             -no_tls1_2 = 0
             -no_tls1_3 = 0
             -no_tlsext = 0
                   -npn = 1
                 -pause = 1
                -prexit = 1
                 -proxy = 0
                   -psk = 1
          -psk_identity = 1
                 -quiet = 1
             -reconnect = 1
        -record_padding = 0
            -serverinfo = 1
            -servername = 1
            -serverpref = 0
             -showcerts = 1
               -sigalgs = 1
                  -ssl2 = 0
                  -ssl3 = 1
                 -state = 1
                -status = 1
                -strict = 0
                  -tls1 = 1
                -tls1_1 = 1
                -tls1_2 = 1
                -tls1_3 = 0
           -tlsextdebug = 1
                   data = <<use  --v  or  --trace to see openssl usage>>
                   done = 1
=-----------------------+----------------

Here the result of ./o-saft.pl --test-ssleay :

**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
#o-saft.pl: --testssleay
#OTrace::_test_ssleay:

=== internal data of Net::SSLeay ===
=
= Print information about Net::SSLeay capabilities.
=

=------------+------------------+-------------
= Net::SSLeay{ function         | 1=available
=------------+------------------+-------------
             ::SSLv2_method     = 0
             ::SSLv3_method     = 1
             ::SSLv23_method    = 1
             ::TLSv1_method     = 1
             ::TLSv1_1_method   = 1
             ::TLSv1_2_method   = 1
#{ following missing in Net::SSLeay (up to 1.72):
             ::TLSv1_3_method   = 0
             ::DTLSv1_method    = 0
             ::DTLSv1_2_method  = 0
             ::DTLS_method      = 0
#}
             ::CTX_new_with_method  = 1
             ::CTX_new          = 1
             ::CTX_v2_new       = 0
             ::CTX_v3_new       = 1
             ::CTX_v23_new      = 1
             ::CTX_tlsv1_new    = 1
             ::CTX_tlsv1_0_new  = 0
             ::CTX_tlsv1_1_new  = 1
             ::CTX_tlsv1_2_new  = 1
             ::CTX_tlsv1_3_new  = 0
             ::CTX_dtlsv1_new   = 0
             ::CTX_dtlsv1_2_new = 0
             ::CTX_dtlsv1_3_new = 0
             ::CTX_get_options  = 1
             ::CTX_set_options  = 1
             ::CTX_set_timeout  = 1
             ::CTX_set_alpn_protos  = 1
             ::CTX_set_next_proto_select_cb = 1
=------------+------------------+-------------
= Net::SSLeay} function
= Net::SSLeay{ constant           hex value
=------------+------------------+-------------
             ::OP_NO_SSLv2      = 0x01000000
             ::OP_NO_SSLv3      = 0x02000000
             ::OP_NO_TLSv1      = 0x04000000
             ::OP_NO_TLSv1_1    = 0x10000000
             ::OP_NO_TLSv1_2    = 0x08000000
             ::OP_NO_TLSv1_3    = <<undef>>
             ::OP_NO_DTLSv09    = <<undef>>
             ::OP_NO_DTLSv1     = <<undef>>
             ::OP_NO_DTLSv1_1   = <<undef>>
             ::OP_NO_DTLSv1_2   = <<undef>>
             ::OP_NO_DTLSv1_3   = <<undef>>
=------------+------------------+-------------
= Net::SSLeay} constant
= Net::SSLeay{ call
=------------+------------------+-------------
#      experimental ...
  Net::SSLeay::CTX_new {
             ::CTX_get_options(CTX)= 0x01000004
  Net::SSLeay::CTX_new }
  Net::SSLeay::CTX_v3_new {
             ::CTX_get_options(CTX)= 0x01000004
  Net::SSLeay::CTX_v3_new }
  Net::SSLeay::CTX_v23_new {
             ::CTX_get_options(CTX)= 0x01000004
             ::CTX_get_timeout(CTX)= 300
             ::CTX_get_verify_mode(CTX) = 0x00000000
             ::CTX_get_verify_depth(CTX)= -1
  Net::SSLeay::CTX_v23_new }
  Net::SSLeay::CTX_tlsv1_2_new {
             ::CTX_get_options(CTX)= 0x01000004
             ::CTX_get_timeout(CTX)= 7200
             ::CTX_get_verify_mode(CTX) = 0x00000000
             ::CTX_get_verify_depth(CTX)= -1
  Net::SSLeay::CTX_tlsv1_2_new }
=------------+------------------+-------------
= Net::SSLeay} call

And the result of ./o-saft.pl +cn --trace=4 google.fr 2>&1 |grep OP_ gave a large output. Hence, I've put the output in a joined text file. OP_.txt

EnDe commented 1 month ago

Thanks very much. Anything looks well beside the fact that you system has no CAs installed (at least not in the directories compiled into openssl or libssl). But this should not be a problem.

May be openssl-fips handles missing CA different, need to check with openssl-fips. Do you know more details about the "fips mode" which might help to narrow down the problem?

kylak commented 1 month ago

Do you know more details about the "fips mode"

No sorry...

EnDe commented 1 month ago

Is there a reason (compliance, whatever ...) why you use openssl-fips for testing? Can you install plain openssl (for example in /usr/local) then you may run ./o-saft.pl --openssl/=/usr/local/openssl/bin/openssl +cn ... If it works, you can continue testing, and gives me the proof that openssl-fips might cause the problem.

kylak commented 1 month ago

Is there a reason (compliance, whatever ...) why you use openssl-fips for testing?

I don't know sorry.

Can you install plain openssl

I tried, but I found an error on the first step of the simple installation. So normally I would have to try a "deep/detailed installation" but rather I'm wondering if I will use Docker or a container alike instead, in order to avoid errors due to the environment.

However, I still plan to install the plain openssl on the machine so that you can find and fix the problem mentioned in this issue.

EnDe commented 1 month ago

We have a docker image with a highly improved openssl too. But it's ages old, so I'd not recommend it at the moment. If you want you can try to build your own docker image, using Dockerfile, (have to admit that it's currently not tested, at least you have to change the OSAFT_VM_SHA_OSAFT variable).

kylak commented 1 month ago

Thanks for the informations.

kylak commented 1 month ago

Hi.

I've just installed OpenSSL 3.3.1.

When installing OpenSSL by details there are two folders that could (or should?) be specified, the top of the installation directory tree, and the directory for OpenSSL configuration files and the default certificate and key store.

The path I've given as argument to --openssl/ , /home/admin/Desktop/container/, corresponds to the folder that is the top of the installation directory tree.

So I've ran ./o-saft.pl --openssl/=/home/admin/Desktop/container/ +cn ... and I got :

**WARNING: 042: invalid host argument '/home/admin/Desktop/container/'; ignored
**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
**WARNING: 201: Can't get IP for host '...'; host ignored

by replacing the three dots by google.fr (./o-saft.pl --openssl/=/home/admin/Desktop/container/ +cn google.fr), I got :

**WARNING: 042: invalid host argument '/home/admin/Desktop/container/'; ignored
**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
**WARNING: 204: Can't make a connection to 'google.fr:443' without SNI; no initial data (compare with and without SNI not possible)
**WARNING: 203: connection without SNI succeded with errors; errors ignored
!!Hint: use '--v' to show more information about SSLinfo::do_ssl_open() errors
**WARNING: 205: Can't make a connection to 'google.fr:443'; target ignored
!!Hint: use '--v' to show more information
!!Hint: use '--socket-reuse' it may help in some cases
!!Hint: use '--ignore-no-conn' to disable this check

And if you meant ./o-saft.pl --openssl=/usr/local/openssl/bin/openssl +cn ... rather than ./o-saft.pl --openssl/=/usr/local/openssl/bin/openssl +cn ..., then I got for ./o-saft.pl --openssl=/home/admin/Desktop/container/ +cn ... :

**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
**WARNING: 201: Can't get IP for host '...'; host ignored

and with google.fr instead of ... ( ./o-saft.pl --openssl=/home/admin/Desktop/container/ +cn google.fr), I got :

**WARNING: 058: given path '/etc/ssl/certs/' does not contain a CA file
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.
**WARNING: 204: Can't make a connection to 'google.fr:443' without SNI; no initial data (compare with and without SNI not possible)
**WARNING: 203: connection without SNI succeded with errors; errors ignored
!!Hint: use '--v' to show more information about SSLinfo::do_ssl_open() errors
**WARNING: 205: Can't make a connection to 'google.fr:443'; target ignored
!!Hint: use '--v' to show more information
!!Hint: use '--socket-reuse' it may help in some cases
!!Hint: use '--ignore-no-conn' to disable this check

Best regards.

EnDe commented 1 month ago

You've some user errors, see o-saft.pl --help=options for details:

./o-saft.pl --openssl/=/home/admin/Desktop/container/ +cn ...

The option is --openssl= not --openssl/=
--openssl=/home/admin/Desktop/container/ (correct without /)

The argument to --openssl must be a full path to the openssl executable
if the executable of openssl does not return the proper path to the CAs with openssl version -d

then you need to use any of the options --openssl-cnf=FILE or --ca-file=FILE or --ca-path=DIR

However, you should get "WARNING 148" then too.

EnDe commented 1 month ago

according the errors:

Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.

if you used an existing and working openssl executable, then please post result of (replace the path to openssl as needed): ./o-saft.pl --openssl=/usr/local/openssl/bin/openssl --test-openssl

kylak commented 1 month ago

Ok. So I realized that there was a problem in my OpenSSL installation since the binary didn't launched. This problem is now resolved. OpenSSL works.

So now, when I'm doing : ./o-saft.pl --openssl=/home/admin/Desktop/container/openssl/bin/openssl --ca-path=/etc/pki/tls +cn google.fr, I got :

**WARNING: 203: connection without SNI succeded with errors; errors ignored
!!Hint: use '--v' to show more information about SSLinfo::do_ssl_open() errors
Certificate Common Name:                *.google.fr

And here is the result of ./o-saft.pl --openssl=/home/admin/Desktop/container/openssl/bin/openssl --ca-path=/etc/pki/tls --test-openssl :

#o-saft.pl: --testopenssl
#OTrace::_test_openssl:

=== internal data structure %_OpenSSL_opt ===
=
= Print internal data structure from SSLinfo.
=

= using /home/admin/Desktop/container/openssl/bin/openssl
=-----------------------+----------------
= _OpenSSL_opt          | 1=available
=-----------------------+----------------
                -CAfile = 1
                -CApath = 1
                  -alpn = 1
                  -bugs = 1
        -client_sigalgs = 1
                  -comp = 1
                -curves = 1
                 -debug = 1
                  -dtls = 1
                 -dtls1 = 1
               -dtls1_1 = 0
               -dtls1_2 = 1
               -dtls1_3 = 0
         -fallback_scsv = 1
                   -key = 1
  -legacy_renegotiation = 1
 -legacy_server_connect = 1
   -legacyrenegotiation = 0
                   -msg = 1
                  -nbio = 1
             -nbio_test = 1
          -nextprotoneg = 1
               -no_comp = 1
-no_legacy_server_connect   = 1
      -no_renegotiation = 1
               -no_ssl2 = 0
               -no_ssl3 = 1
             -no_ticket = 1
               -no_tls1 = 1
             -no_tls1_1 = 1
             -no_tls1_2 = 1
             -no_tls1_3 = 1
             -no_tlsext = 0
                   -npn = 1
                 -pause = 0
                -prexit = 1
                 -proxy = 1
                   -psk = 1
          -psk_identity = 1
                 -quiet = 1
             -reconnect = 1
        -record_padding = 1
            -serverinfo = 1
            -servername = 1
            -serverpref = 1
             -showcerts = 1
               -sigalgs = 1
                  -ssl2 = 0
                  -ssl3 = 0
                 -state = 1
                -status = 1
                -strict = 1
                  -tls1 = 1
                -tls1_1 = 1
                -tls1_2 = 1
                -tls1_3 = 1
           -tlsextdebug = 1
                   data = <<use  --v  or  --trace to see openssl usage>>
                   done = 1
=-----------------------+----------------

EnDe commented 1 month ago

Everything works as expected (beside user errors;-). If you can reproduce

`Use of uninitialized value $_OpenSSL_opt{"data"} in split at lib/SSLinfo.pm line 2302.' then please open a new issue.

This one can be closed.

kylak commented 1 month ago

Ok, thanks !

OWASP / O-Saft

Use of uninitialized value $ret ... at lib/SSLinfo.pm line 1998 #141