t\verify_fingerprint.t occasionally hangs when run via `nmake test`

[nanis]

I can't consistently reproduce this. I only notice it when my cpan-outdated | cpanm hangs. My efforts at diagnosing this have failed so far. Once I issue a prove -vb t\verify_fingerprint.t from the command line, it always gets done rather quickly, and subsequent nmake test runs don't hang either.

C:\...\IO-Socket-SSL-2.013> nmake test
...
t\verify_fingerprint.t ............ 1/12

That's where it hangs. After this, CTRL-C followed by:

C:\...\IO-Socket-SSL-2.013> prove -vb t\verify_fingerprint.t
t\verify_fingerprint.t ..                                                                       
1..12                                                                                           
ok 1 - accept fp1 for saddr1                                                                    
ok 2 - accept fp2 for saddr2                                                                    
ok 3 - reject ifp2 for saddr2                                                                   
ok 4 - reject fp2 for saddr1                                                                    
ok 5 - reject fp1 for saddr2                                                                    
ok 6 - accept fp1|fp2 for saddr1                                                                
ok 7 - accept fp1|fp2 for saddr2                                                                
ok 8 - accept fp2 for saddr2 even if ca1 given                                                  
ok 9 - accept ca2 for saddr2                                                                    
ok 10 - reject ca2 for saddr1                                                                   
ok 11 - accept ca[12] for saddr1                                                                
ok 12 - reject non-ca cert1 as ca for saddr1                                                    
ok                                                                                              
All tests successful.                                                                           
Files=1, Tests=12,  4 wallclock secs ( 0.06 usr +  0.05 sys =  0.11 CPU)                        
Result: PASS

I know this is very little information to go on. I'll update if I can figure out anything else.

OS:

Windows 8.1 Pro 64-bit.

Summary of my perl5 (revision 5 version 20 subversion 2) configuration:

  Platform:
    osname=MSWin32, osvers=6.3, archname=MSWin32-x64-multi-thread
    uname=''
    config_args='undef'
    hint=recommended, useposix=true, d_sigaction=undef
    useithreads=define, usemultiplicity=define
    use64bitint=define, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cl', ccflags ='-nologo -GF -W3 -O1 -Os -favor:INTEL64 -MD -Zi -DNDEBUG -GL -fp:precise -DWIN32 -D_CONSOLE -DNO_STRICT -DWIN64 -DCONSERVATIVE -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE  -DUSE_64_BIT_ALL -DPERL_TEXTMODE_SCRIPTS -DUSE_SITECUSTOMIZE -DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO',
    optimize='-O1 -Os -favor:INTEL64 -MD -Zi -DNDEBUG -GL -fp:precise',
    cppflags='-DWIN32'
    ccversion='18.00.31101', gccversion='', gccosandvers=''
    intsize=4, longsize=4, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=undef, longlongsize=8, d_longdbl=define, longdblsize=8
    ivtype='__int64', ivsize=8, nvtype='double', nvsize=8, Off_t='__int64', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='link', ldflags ='-nologo -nodefaultlib -debug -opt:ref,icf -ltcg  -libpath:"c:\opt\perl-5.20.2\lib\CORE"  -machine:AMD64 "/manifestdependency:type='Win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'"'
    libpth="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\lib\amd64"
    libs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib  comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    perllibs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib  comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    libc=msvcrt.lib, so=dll, useshrplib=true, libperl=perl520.lib
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_win32.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags='-dll -nologo -nodefaultlib -debug -opt:ref,icf -ltcg  -libpath:"c:\opt\perl-5.20.2\lib\CORE"  -machine:AMD64 "/manifestdependency:type='Win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'"'

Characteristics of this binary (from libperl): 
  Compile-time options: HAS_TIMES HAVE_INTERP_INTERN MULTIPLICITY
                        PERLIO_LAYERS PERL_DONT_CREATE_GVSV
                        PERL_HASH_FUNC_ONE_AT_A_TIME_HARD
                        PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS
                        PERL_MALLOC_WRAP PERL_NEW_COPY_ON_WRITE
                        PERL_PRESERVE_IVUV USE_64_BIT_ALL USE_64_BIT_INT
                        USE_ITHREADS USE_LARGE_FILES USE_LOCALE
                        USE_LOCALE_COLLATE USE_LOCALE_CTYPE
                        USE_LOCALE_NUMERIC USE_PERLIO USE_PERL_ATOF
                        USE_SITECUSTOMIZE
  Built under MSWin32
  Compiled at Feb 16 2015 08:44:56
  %ENV:
    PERLDOC_PAGER="c:\opt\cygwin64\bin\less.exe -+C -E -F -g -i"
  @INC:
    c:/opt/perl-5.20.2/site/lib/MSWin32-x64-multi-thread
    c:/opt/perl-5.20.2/site/lib
    c:/opt/perl-5.20.2/lib
    .

OpenSSL:

C:\> c:\opt\openssl\bin\openssl.exe version
OpenSSL 1.0.2a 19 Mar 2015

Visual Studio 2013:

cl /?
Microsoft (R) C/C++ Optimizing Compiler Version 18.00.31101 for x64

nmake /?
Microsoft (R) Program Maintenance Utility Version 12.00.21005.1

[nanis]

This morning, I tried installing version 2.014. I tried several runs of nmake test, and it did not hang.

Of course, it still fails due to issue #31 -- hence the failing test report.

I will update if I have any real insight or data points.

[jacoby]

I just installed Strawberry Perl and ran cpan -u, and am hanging exactly at verify_fingerprints as well.

[nawglan]

I can confirm that it also hangs occasionally on perl 5.20.3 as well.

[nanis]

I should point out that I haven't experienced the issue with the 5.23.5+ development versions and 5.24.0-RC1. I did several builds and installs, and they all went smoothly, and I haven't put much time into diagnosis.

This is with 64-bit perls built using MSVS 2013 on Windows 10 and Windows 10 Pro.

[zdm]

I can confirm, that test under strawberry perl, both, x86 and x64 are freeze on verify_fingerprint.

tested on strawberry perl 5.24.0 under windows 10 x64.

[nanis]

And, I still have no additional insight. For example, today's cpan-outdated|cpanm got stuck at IO::Socket::SSL for this reason. Then, I killed the process, tried again, and everything worked. This is on 64-bit Windows 10 Pro with VS 2013 built perl 5.25.4.

[zdm]

Hmm, it still stuck on verify-fingerprint.t under strawberry perl almost each time.

[nanis]

@zdm Interestingly, it only happened to me once for most recent three release versions x two machines. I am pretty convinced (without much evidence) that the problem is not with IO::Socket::SSL. I haven't been motivated to spend time with a debugger, though.

[zdm]

Maybe this is related to Net::SSLeay. But you are right, seems, that this is not simple issue.

[jfroebe]

I ran across this too on Strawberry Perl 5.24.1.1 (64bit) Windows 10. Has anyone made any progress to it?

[konomikitten]

Having this problem on Strawberry Perl 5.26.1.1 (32bit) Windows XP SP3.

[konomikitten]

This isn't a fix obviously but a work around for people who are using cpan-outdated -p | cpanm in Windows where this problem seems to be occurring the most you can use cpan-outdated -p | findstr /v "IO::Socket::SSL" | cpanm to skip updating when using cpan-outdated.

[twata1]

Having this problem on Strawberry Perl 5.22.2 (32bit) Windows 7 SP1.

First time cpan SULLR/IO-Socket-SSL-2.059.tar.gz -> hang

Second time cpan SULLR/IO-Socket-SSL-2.059.tar.gz -> hang

Third time manuarly download IO-Socket-SSL-2.059.tar.gz and eventually dmake test. -> success

Fourth time cpan SULLR/IO-Socket-SSL-2.059.tar.gz -> success

[n-tropy247]

Was having the same problem on Strawberry Perl 5.24.1, after copying @twata1's steps above it is working for me as well.

[twata1]

For version 2.072, I still have the issue as shown below, though t/sni_verify.t no longer hangs (see also #97) with some Strawberry Perl versions (64bit) Windows 8.1.

Perl	Did t/verify_fingerprint.t hang?
v5.16.3	Yes
v5.18.4	Yes
v5.20.3	No
v5.22.3	Yes
v5.24.4	No
v5.26.1	Yes
v5.28.2	No
v5.30.2	Yes
v5.32.1	No

[CmdrStukov]

re: IO::Socket::SSL v2.072 if it helps,

I am on Windows Server 2016, running OpenSSL v3.0.1 and Net::SSLeay v1.91_01

The patch below gets me past the hanging:

--- a/t/sni_verify.t    Mon Aug 16 13:45:46 2021
+++ b/t/sni_verify.t    Mon Nov 29 16:53:25 2021
@@ -71,6 +71,13 @@
        print "ok # client ssl connect $host\n";
        $client->verify_hostname($host,'http') or print "not ";
        print "ok # client verify hostname in cert $host\n";
+        
+        if ($client) {
+            # Shutdown TLS properly. Otherwise TLSv1.3 server will receive SIGPIPE
+            # in SSL_accept() and dies.
+            # .
+            $client->close('SSL_fast_shutdown' => 0);
+        }
    } else {
        print "not ok # client ssl connect $host - $SSL_ERROR\n";
        print "ok # skip connect failed\n";
@@ -86,6 +93,9 @@
    my $name = $csock->get_servername;
    print "not " if ! $name or $name ne $host;
    print "ok # server got SNI name $host\n";
+    if ($csock) {
+        $csock->close('SSL_fast_shutdown' => 0);
+    }
     } else {
    print "not ok # server accept - $SSL_ERROR\n";
    print "ok # skip accept failed\n";

But I still encounter errors;

C:\Data\build\IO-Socket-SSL-2.072>perl Makefile.PL
Should I do external tests?
These test will detect if there are network problems and fail soft,
so please disable them only if you definitely don't want to have any
network traffic to external sites.  [Y/n] n
Checking if your kit is complete...
Looks good
Warning: prerequisite Mozilla::CA 0 not found.
Generating a nmake-style Makefile
Writing Makefile for IO::Socket::SSL
Writing MYMETA.yml and MYMETA.json

C:\Data\build\IO-Socket-SSL-2.072>nmake

Microsoft (R) Program Maintenance Utility Version 14.29.30136.0
Copyright (C) Microsoft Corporation.  All rights reserved.

cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm
cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm
cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod
cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm
cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm

C:\Data\build\IO-Socket-SSL-2.072>nmake test

Microsoft (R) Program Maintenance Utility Version 14.29.30136.0
Copyright (C) Microsoft Corporation.  All rights reserved.

        "C:\perl-5.34.0\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t
t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021
# Net::SSLeay version=1.91_01
t\01loadmodule.t .................. 1/3 # parent IO::Socket::IP version=0.41
t\01loadmodule.t .................. ok
t\acceptSSL-timeout.t ............. ok
t\alpn.t .......................... ok
t\auto_verify_hostname.t .......... ok
t\cert_formats.t .................. ok
t\cert_no_file.t .................. ok
t\compatibility.t ................. ok
t\connectSSL-timeout.t ............ Dubious, test returned 1 (wstat 256, 0x100)
Failed 8/16 subtests
t\core.t .......................... 1/48

#   Failed test 'Client Sysread Check'
#   Failed test 'Server Getlines Check 1'
#   at t\core.t line 137.
#   at t\core.t line 251.
#          got: '  aaaaaaaaaaaaaaaaaaaa'
#          got: '0'
#     expected: '  waaaanf'
#     expected: '6'

#   Failed test 'Client Getline Check'
#   at t\core.t line 147.

#          got: undef
#   Failed test 'Server Getlines Check 2'
#     expected: 'Test
#   at t\core.t line 253.
# '
#          got: undef
#     expected: '1.04
# '

#   Failed test 'Client Getc Check'
#   at t\core.t line 149.
#          got: '0'
#     expected: '$'

#   Failed test 'Client Getlines Check 1'

#   at t\core.t line 152.
#   Failed test 'Server Getlines Check 3'
#   at t\core.t line 255.
#          got: '0'
#     expected: '6'
#          got: undef
#     expected: '4

# '
#   Failed test 'Client Getlines Check 2'
#   at t\core.t line 154.
#          got: undef
#     expected: '1.04
# '

#   Failed test 'Server Getlines Check 4'
#   Failed test 'Client Getlines Check 3'
#   at t\core.t line 257.
#   at t\core.t line 156.
#          got: undef
#     expected: '4
#          got: undef
# '
#     expected: 'y
# '
Use of uninitialized value in join or string at t\core.t line 259.

#   Failed test 'Client Getlines Check 4'
#   at t\core.t line 158.
Use of uninitialized value in join or string at t\core.t line 259.
Use of uninitialized value in join or string at t\core.t line 259.
#          got: undef
#     expected: 'y
# '
Use of uninitialized value in join or string at t\core.t line 160.
Use of uninitialized value in join or string at t\core.t line 160.
Use of uninitialized value in join or string at t\core.t line 160.

#   Failed test 'Server Getlines Check 5'
#   Failed test 'Client Getlines Check 5'
#   at t\core.t line 259.
#   at t\core.t line 160.
#          got: ''
#          got: ''
#     expected: 'Test
#     expected: 'Test
# Beaver
# Beaver
# Beaver
# Beaver
# '
# '
t\core.t .......................... Failed 13/48 subtests
t\dhe.t ........................... ok
t\ecdhe.t ......................... ok
t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available
t\io-socket-ip.t .................. skipped: (no reason given)
t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform
t\mitm.t .......................... ok
t\multiple-cert-rsa-ecc.t ......... ok
t\nonblock.t ...................... ok
t\npn.t ........................... ok
t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x160301 from client
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 connect_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 start_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# server accepted new client
# wait for initial data from client
# got 0x656e64 from client
# client requested end of tests
t\plain_upgrade_downgrade.t ....... ok
t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support
# failed to accept TLSv1
# looks like OpenSSL was compiled without TLSv1 support
# looks like OpenSSL was compiled without TLSv1_1 support
# failed to accept TLSv1_1
# failed to accept TLSv1_3
t\protocol_version.t .............. ok
t\public_suffix_lib_encode_idn.t .. ok
t\public_suffix_lib_libidn.t ...... ok
t\public_suffix_lib_uri.t ......... ok
t\public_suffix_ssl.t ............. ok
t\readline.t ...................... 1/19 Use of uninitialized value $c[0] in string eq at t\readline.t line 34.
t\readline.t ...................... 4/19 Use of uninitialized value $b in string eq at t\readline.t line 48.
Use of uninitialized value $b in concatenation (.) or string at t\readline.t line 48.
Use of uninitialized value $c[0] in string eq at t\readline.t line 58.
Use of uninitialized value $c[0] in string eq at t\readline.t line 71.
Use of uninitialized value $c[0] in string eq at t\readline.t line 84.
t\readline.t ...................... Failed 5/19 subtests
t\session_cache.t ................. ok
t\session_ticket.t ................ # listen at 127.0.0.1:50529
# listen at 127.0.0.1:50530
# connect to 0: success reuse=0 version=TLSv1_3
t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=1 version=TLSv1_3
t\session_ticket.t ................ ok
t\sessions.t ...................... ok
t\set_curves.t .................... Failed 1/6 subtests
t\signal-readline.t ............... skipped: signals not relevant on this platform
t\sni.t ........................... Failed 1/17 subtests
        (less 1 skipped subtest: 15 okay)
t\sni_verify.t .................... ok
t\start-stopssl.t ................. ok
t\startssl-failed.t ............... ok
t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124.
t\startssl.t ...................... Failed 1/21 subtests
t\sysread_write.t ................. ok
t\verify_fingerprint.t ............ ok
t\verify_hostname.t ............... ok
t\verify_hostname_standalone.t .... ok
t\verify_partial_chain.t .......... ok

Test Summary Report
-------------------
t\connectSSL-timeout.t          (Wstat: 256 Tests: 10 Failed: 2)
  Failed tests:  9-10
  Non-zero exit status: 1
  Parse errors: Bad plan.  You planned 16 tests but ran 10.
t\core.t                        (Wstat: 0 Tests: 48 Failed: 13)
  Failed tests:  22-34
t\readline.t                    (Wstat: 0 Tests: 19 Failed: 5)
  Failed tests:  4, 7, 10, 13, 16
t\set_curves.t                  (Wstat: 0 Tests: 6 Failed: 1)
  Failed test:  5
t\sni.t                         (Wstat: 0 Tests: 17 Failed: 1)
  Failed test:  16
t\startssl.t                    (Wstat: 0 Tests: 21 Failed: 1)
  Failed test:  21
Files=40, Tests=765, 50 wallclock secs ( 0.39 usr +  0.25 sys =  0.64 CPU)
Result: FAIL
Failed 6/40 test programs. 23/765 subtests failed.
NMAKE : fatal error U1077: 'C:\perl-5.34.0\bin\perl.exe' : return code '0xff'
Stop.

[noxxi]

New version 2.073 should fix the problems with openssl 3.0 in at least core.t, connectSSL-timeout.t and readline.t . I don't have any problem with the other tests myself though.

[CmdrStukov]

FYI

IO::Socket::SSL v2.074 - t\verify_fingerprint.t consistently hangs for me on perl v5.35.7 but on different subtests

OS: Windows Server 2016 Perl version: 5.35.7 Openssl version: 3.0.1 (static compile) NET::SSLeay version: 1.91_03

Attempt 1 - hung on t\verify_fingerprint.t subtest 8/13

C:\Data\build>cd p5-io-socket-ssl-2.074

C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL
Should I do external tests?
These test will detect if there are network problems and fail soft,
so please disable them only if you definitely don't want to have any
network traffic to external sites.  [Y/n] n
Checking if your kit is complete...
Looks good
Generating a nmake-style Makefile
Writing Makefile for IO::Socket::SSL
Writing MYMETA.yml and MYMETA.json

C:\Data\build\p5-io-socket-ssl-2.074>nmake

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm
cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm
cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm
cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod
cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm

C:\Data\build\p5-io-socket-ssl-2.074>nmake test

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

        "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t
t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021
t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03
# parent IO::Socket::IP version=0.41
t\01loadmodule.t .................. ok
t\acceptSSL-timeout.t ............. ok
t\alpn.t .......................... ok
t\auto_verify_hostname.t .......... ok
t\cert_formats.t .................. ok
t\cert_no_file.t .................. ok
t\compatibility.t ................. ok
t\connectSSL-timeout.t ............ ok
t\core.t .......................... ok
t\dhe.t ........................... ok
t\ecdhe.t ......................... ok
t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available
t\io-socket-ip.t .................. skipped: (no reason given)
t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform
t\mitm.t .......................... ok
t\multiple-cert-rsa-ecc.t ......... ok
t\nonblock.t ...................... ok
t\npn.t ........................... ok
t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x160301 from client
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 connect_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 start_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# server accepted new client
# wait for initial data from client
# got 0x656e64 from client
# client requested end of tests
t\plain_upgrade_downgrade.t ....... ok
t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support
# failed to accept TLSv1
# looks like OpenSSL was compiled without TLSv1 support
# failed to accept TLSv1_1
# looks like OpenSSL was compiled without TLSv1_1 support
t\protocol_version.t .............. ok
t\public_suffix_lib_encode_idn.t .. ok
t\public_suffix_lib_libidn.t ...... ok
t\public_suffix_lib_uri.t ......... ok
t\public_suffix_ssl.t ............. ok
t\readline.t ...................... ok
t\session_cache.t ................. ok
t\session_ticket.t ................ # listen at 127.0.0.1:60587
# listen at 127.0.0.1:60588
# connect to 0: success reuse=0 version=TLSv1_3
t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=1 version=TLSv1_3
t\session_ticket.t ................ ok
t\sessions.t ...................... ok
t\set_curves.t .................... Failed 2/6 subtests
t\signal-readline.t ............... skipped: signals not relevant on this platform
t\sni.t ........................... Failed 3/17 subtests
        (less 3 skipped subtests: 11 okay)
t\sni_verify.t .................... Failed 4/17 subtests
        (less 4 skipped subtests: 9 okay)
t\start-stopssl.t ................. ok
t\startssl-failed.t ............... ok
t\startssl.t ...................... 5/21 Use of uninitialized value $l in string ne at t\startssl.t line 124.
t\startssl.t ...................... Failed 1/21 subtests
t\sysread_write.t ................. ok
t\verify_fingerprint.t ............ 8/13

Attempt 2 - hung on t\verify_fingerprint.t subtest 6/13

C:\Data\build>rmdir /s /q p5-io-socket-ssl-2.074

C:\Data\build>cd p5-io-socket-ssl-2.074

C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL
Should I do external tests?
These test will detect if there are network problems and fail soft,
so please disable them only if you definitely don't want to have any
network traffic to external sites.  [Y/n] n
Checking if your kit is complete...
Looks good
Generating a nmake-style Makefile
Writing Makefile for IO::Socket::SSL
Writing MYMETA.yml and MYMETA.json

C:\Data\build\p5-io-socket-ssl-2.074>nmake

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm
cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm
cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm
cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm
cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod

C:\Data\build\p5-io-socket-ssl-2.074>nmake test

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

        "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t
t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021
t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03
# parent IO::Socket::IP version=0.41
t\01loadmodule.t .................. ok
t\acceptSSL-timeout.t ............. ok
t\alpn.t .......................... ok
t\auto_verify_hostname.t .......... ok
t\cert_formats.t .................. ok
t\cert_no_file.t .................. ok
t\compatibility.t ................. ok
t\connectSSL-timeout.t ............ ok
t\core.t .......................... ok
t\dhe.t ........................... ok
t\ecdhe.t ......................... ok
t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available
t\io-socket-ip.t .................. skipped: (no reason given)
t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform
t\mitm.t .......................... ok
t\multiple-cert-rsa-ecc.t ......... ok
t\nonblock.t ...................... ok
t\npn.t ........................... ok
t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x160301 from client
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 connect_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 start_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# server accepted new client
# wait for initial data from client
# got 0x656e64 from client
# client requested end of tests
t\plain_upgrade_downgrade.t ....... ok
t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support
# failed to accept TLSv1
# looks like OpenSSL was compiled without TLSv1 support
# failed to accept TLSv1_1
# looks like OpenSSL was compiled without TLSv1_1 support
t\protocol_version.t .............. ok
t\public_suffix_lib_encode_idn.t .. ok
t\public_suffix_lib_libidn.t ...... ok
t\public_suffix_lib_uri.t ......... ok
t\public_suffix_ssl.t ............. ok
t\readline.t ...................... ok
t\session_cache.t ................. ok
t\session_ticket.t ................ # listen at 127.0.0.1:61084
# listen at 127.0.0.1:61085
# connect to 0: success reuse=0 version=TLSv1_3
t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=1 version=TLSv1_3
t\session_ticket.t ................ ok
t\sessions.t ...................... ok
t\set_curves.t .................... Failed 3/6 subtests
t\signal-readline.t ............... skipped: signals not relevant on this platform
t\sni.t ........................... Failed 2/17 subtests
t\sni.t ........................... Failed 2/17 subtests
        (less 2 skipped subtests: 13 okay)
t\sni_verify.t .................... Failed 4/17 subtests
        (less 4 skipped subtests: 9 okay)
t\start-stopssl.t ................. ok
t\startssl-failed.t ............... ok
t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124.
t\startssl.t ...................... Failed 1/21 subtests
t\sysread_write.t ................. ok
t\verify_fingerprint.t ............ 6/13

Individually checking verify_fingerprint.t This also hangs after printing ok 13 - accept leaf cert1 as trust anchor for saddr1

t\sysread_write.t ................. ok
t\verify_fingerprint.t ............ 6/13
C:\Data\build\p5-io-socket-ssl-2.074>
C:\Data\build\p5-io-socket-ssl-2.074>perl -Mblib t\verify_fingerprint.t
1..13
ok 1 - accept fp1 for saddr1
ok 2 - accept fp1 pubkey for saddr1
ok 3 - accept fp2 for saddr2
ok 4 - reject ifp2 for saddr2
ok 5 - reject fp2 for saddr1
ok 6 - reject fp1 for saddr2
ok 7 - accept fp1|fp2 for saddr1
ok 8 - accept fp1|fp2 for saddr2
ok 9 - accept fp2 for saddr2 even if ca1 given
ok 10 - accept ca2 for saddr2
ok 11 - reject ca2 for saddr1
ok 12 - accept ca[12] for saddr1
ok 13 - accept leaf cert1 as trust anchor for saddr1

C:\Data\build\p5-io-socket-ssl-2.074>
C:\Data\build\p5-io-socket-ssl-2.074>
C:\Data\build\p5-io-socket-ssl-2.074>
C:\Data\build\p5-io-socket-ssl-2.074>perl -Mblib t\verify_fingerprint.t
1..13
ok 1 - accept fp1 for saddr1
ok 2 - accept fp1 pubkey for saddr1
ok 3 - accept fp2 for saddr2
ok 4 - reject ifp2 for saddr2
ok 5 - reject fp2 for saddr1
ok 6 - reject fp1 for saddr2
ok 7 - accept fp1|fp2 for saddr1
ok 8 - accept fp1|fp2 for saddr2
ok 9 - accept fp2 for saddr2 even if ca1 given
ok 10 - accept ca2 for saddr2
ok 11 - reject ca2 for saddr1
ok 12 - accept ca[12] for saddr1
ok 13 - accept leaf cert1 as trust anchor for saddr1

[noxxi]

I'm not sure about the cause of the problem. Given that the server process is already running the latest idea I have is that the TCP connection is done with the listener socket inside the parent process. Could you please check with the small patch from 55a8d7d which makes sure that only one process has actually the server socket?

[CmdrStukov]

The patch from 55a8d7d works sometimes for my environment:

OS: Windows Server 2016 Perl version: 5.35.7 Openssl version: 3.0.1 (static compile) NET::SSLeay version: 1.91_03

Attempts to reproduce the following are met with varying degrees of success. Sometimes t\verify_fingerprint.t hangs; sometimes it does not (see final paragraph at the end of this comment).

Attempt 1:

C:\Data\build>rmdir /s /q p5-io-socket-ssl-2.074

C:\Data\build>7z x p5-io-socket-ssl-2.074.tar.gz -aoa -tgzip -so | 7z x -aoa -si -ttar -o.\

7-Zip 21.07 (x64) : Copyright (c) 1999-2021 Igor Pavlov : 2021-12-26

Extracting archive:
--
Path =
Type = tar
Code Page = UTF-8
Characteristics = ASCII

Everything is Ok

Folders: 10
Files: 87
Size:       766219
Compressed: 51200

C:\Data\build>cd /D .\p5-io-socket-ssl-2.074

C:\Data\build\p5-io-socket-ssl-2.074>set PATCH_DIR=C:\Data\Patches\IO-Socket-SSL-2.074

C:\Data\build\p5-io-socket-ssl-2.074>type %PATCH_DIR%\0003-verify_fingerprint.t.patch
--- a/t/verify_fingerprint.t    Fri Jan 07 15:08:53 2022
+++ b/t/verify_fingerprint.t    Tue Jan 18 09:33:49 2022
@@ -80,8 +80,11 @@
     defined( my $pid = fork()) or die $!;
     if ( $pid ) {
        push @child,$pid;
+    my $saddr = '127.0.0.1:'.$sock->sockport;
+       close($sock);
        return (
-           '127.0.0.1:'.$sock->sockport,
+           # '127.0.0.1:'.$sock->sockport,
+        $saddr,
            map { [
                'sha1$'.Net::SSLeay::X509_get_fingerprint($_,'sha1'),
                'sha1$pub$'.unpack("H*",Net::SSLeay::X509_pubkey_digest($_,

C:\Data\build\p5-io-socket-ssl-2.074>patch -p1 < %PATCH_DIR%\0003-verify_fingerprint.t.patch
patching file t/verify_fingerprint.t

C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL
Should I do external tests?
These test will detect if there are network problems and fail soft,
so please disable them only if you definitely don't want to have any
network traffic to external sites.  [Y/n] n
Checking if your kit is complete...
Looks good
Generating a nmake-style Makefile
Writing Makefile for IO::Socket::SSL
Writing MYMETA.yml and MYMETA.json

C:\Data\build\p5-io-socket-ssl-2.074>nmake

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm
cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm
cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod
cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm
cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm

C:\Data\build\p5-io-socket-ssl-2.074>nmake test

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

        "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t
t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021
t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03
# parent IO::Socket::IP version=0.41
t\01loadmodule.t .................. ok
t\acceptSSL-timeout.t ............. ok
t\alpn.t .......................... ok
t\auto_verify_hostname.t .......... ok
t\cert_formats.t .................. ok
t\cert_no_file.t .................. ok
t\compatibility.t ................. ok
t\connectSSL-timeout.t ............ ok
t\core.t .......................... ok
t\dhe.t ........................... ok
t\ecdhe.t ......................... ok
t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available
t\io-socket-ip.t .................. skipped: (no reason given)
t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform
t\mitm.t .......................... ok
t\multiple-cert-rsa-ecc.t ......... ok
t\nonblock.t ...................... ok
t\npn.t ........................... ok
t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x160301 from client
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 connect_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 start_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# server accepted new client
# wait for initial data from client
# got 0x656e64 from client
# client requested end of tests
t\plain_upgrade_downgrade.t ....... ok
t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support
# failed to accept TLSv1
# looks like OpenSSL was compiled without TLSv1 support
# failed to accept TLSv1_1
# looks like OpenSSL was compiled without TLSv1_1 support
t\protocol_version.t .............. ok
t\public_suffix_lib_encode_idn.t .. ok
t\public_suffix_lib_libidn.t ...... ok
t\public_suffix_lib_uri.t ......... ok
t\public_suffix_ssl.t ............. ok
t\readline.t ...................... ok
t\session_cache.t ................. ok
t\session_ticket.t ................ # listen at 127.0.0.1:54772
# listen at 127.0.0.1:54773
# connect to 0: success reuse=0 version=TLSv1_3
t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=1 version=TLSv1_3
t\session_ticket.t ................ 3/6 # connect to 1: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=1 version=TLSv1_3
t\session_ticket.t ................ ok
t\sessions.t ...................... ok
t\set_curves.t .................... Failed 1/6 subtests
t\signal-readline.t ............... skipped: signals not relevant on this platform
t\sni.t ........................... Failed 1/17 subtests
        (less 1 skipped subtest: 15 okay)
t\sni_verify.t .................... Failed 4/17 subtests
        (less 4 skipped subtests: 9 okay)
t\start-stopssl.t ................. ok
t\startssl-failed.t ............... ok
t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124.
t\startssl.t ...................... Failed 1/21 subtests
t\sysread_write.t ................. ok
t\verify_fingerprint.t ............ ok
t\verify_hostname.t ............... ok
t\verify_hostname_standalone.t .... ok
t\verify_partial_chain.t .......... ok

Test Summary Report
-------------------
t\set_curves.t                  (Wstat: 0 Tests: 6 Failed: 1)
  Failed test:  5
t\sni.t                         (Wstat: 0 Tests: 17 Failed: 1)
  Failed test:  16
t\sni_verify.t                  (Wstat: 0 Tests: 17 Failed: 4)
  Failed tests:  10, 12, 14, 16
t\startssl.t                    (Wstat: 0 Tests: 21 Failed: 1)
  Failed test:  21
Files=40, Tests=772, 90 wallclock secs ( 0.36 usr +  0.31 sys =  0.67 CPU)
Result: FAIL
Failed 4/40 test programs. 7/772 subtests failed.
NMAKE : fatal error U1077: 'C:\perl-5.35.7\bin\perl.exe' : return code '0xff'
Stop.

C:\Data\build\p5-io-socket-ssl-2.074>

Attempt 1 + n:

C:\Data\build\p5-io-socket-ssl-2.074>cd ..

C:\Data\build>rmdir /s /q p5-io-socket-ssl-2.074

C:\Data\build>7z x p5-io-socket-ssl-2.074.tar.gz -aoa -tgzip -so | 7z x -aoa -si -ttar -o.\

7-Zip 21.07 (x64) : Copyright (c) 1999-2021 Igor Pavlov : 2021-12-26

Extracting archive:
--
Path =
Type = tar
Code Page = UTF-8
Characteristics = ASCII

Everything is Ok

Folders: 10
Files: 87
Size:       766219
Compressed: 51200

C:\Data\build>cd /D .\p5-io-socket-ssl-2.074

C:\Data\build\p5-io-socket-ssl-2.074>set PATCH_DIR=C:\Data\Patches\IO-Socket-SSL-2.074

C:\Data\build\p5-io-socket-ssl-2.074>patch -p1 < %PATCH_DIR%\0003-verify_fingerprint.t.patch
patching file t/verify_fingerprint.t

C:\Data\build\p5-io-socket-ssl-2.074>perl Makefile.PL
Should I do external tests?
These test will detect if there are network problems and fail soft,
so please disable them only if you definitely don't want to have any
network traffic to external sites.  [Y/n] n
Checking if your kit is complete...
Looks good
Generating a nmake-style Makefile
Writing Makefile for IO::Socket::SSL
Writing MYMETA.yml and MYMETA.json

C:\Data\build\p5-io-socket-ssl-2.074>nmake

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

cp lib/IO/Socket/SSL/Intercept.pm blib\lib\IO\Socket\SSL\Intercept.pm
cp lib/IO/Socket/SSL.pod blib\lib\IO\Socket\SSL.pod
cp lib/IO/Socket/SSL/Utils.pm blib\lib\IO\Socket\SSL\Utils.pm
cp lib/IO/Socket/SSL.pm blib\lib\IO\Socket\SSL.pm
cp lib/IO/Socket/SSL/PublicSuffix.pm blib\lib\IO\Socket\SSL\PublicSuffix.pm

C:\Data\build\p5-io-socket-ssl-2.074>nmake test

Microsoft (R) Program Maintenance Utility Version 14.29.30138.0
Copyright (C) Microsoft Corporation.  All rights reserved.

        "C:\perl-5.35.7\bin\perl.exe" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib\lib', 'blib\arch')" t\*.t
t\01loadmodule.t .................. # openssl version compiled=0x30000010 linked=0x30000010 -- OpenSSL 3.0.1 14 Dec 2021
t\01loadmodule.t .................. 1/3 # Net::SSLeay version=1.91_03
# parent IO::Socket::IP version=0.41
t\01loadmodule.t .................. ok
t\acceptSSL-timeout.t ............. ok
t\alpn.t .......................... ok
t\auto_verify_hostname.t .......... ok
t\cert_formats.t .................. ok
t\cert_no_file.t .................. ok
t\compatibility.t ................. ok
t\connectSSL-timeout.t ............ ok
t\core.t .......................... ok
t\dhe.t ........................... ok
t\ecdhe.t ......................... ok
t\io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available
t\io-socket-ip.t .................. skipped: (no reason given)
t\memleak_bad_handshake.t ......... skipped: ps not implemented on this platform
t\mitm.t .......................... ok
t\multiple-cert-rsa-ecc.t ......... ok
t\nonblock.t ...................... ok
t\npn.t ........................... ok
t\plain_upgrade_downgrade.t ....... # -- test: newINET start_SSL stop_SSL start_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
t\plain_upgrade_downgrade.t ....... 1/15 # server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x160301 from client
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 connect_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# -- test: newSSL:0 start_SSL stop_SSL connect_SSL
# server accepted new client
# wait for initial data from client
# got 0x666f6f from client
# server: got plain data at start of connection
# server: TLS upgrade
# server: TLS downgrade
# server: TLS upgrade#2
# server accepted new client
# wait for initial data from client
# got 0x656e64 from client
# client requested end of tests
t\plain_upgrade_downgrade.t ....... ok
t\protocol_version.t .............. 1/? # looks like OpenSSL was compiled without SSLv3 support
# failed to accept TLSv1
# looks like OpenSSL was compiled without TLSv1 support
# failed to accept TLSv1_1
# looks like OpenSSL was compiled without TLSv1_1 support
t\protocol_version.t .............. ok
t\public_suffix_lib_encode_idn.t .. ok
t\public_suffix_lib_libidn.t ...... ok
t\public_suffix_lib_uri.t ......... ok
t\public_suffix_ssl.t ............. ok
t\readline.t ...................... ok
t\session_cache.t ................. ok
t\session_ticket.t ................ # listen at 127.0.0.1:55786
# listen at 127.0.0.1:55787
# connect to 0: success reuse=0 version=TLSv1_3
t\session_ticket.t ................ 1/6 # connect to 0: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=1 version=TLSv1_3
t\session_ticket.t ................ ok
t\sessions.t ...................... ok
t\set_curves.t .................... Failed 2/6 subtests
t\signal-readline.t ............... skipped: signals not relevant on this platform
t\sni.t ........................... Failed 3/17 subtests
        (less 3 skipped subtests: 11 okay)
t\sni_verify.t .................... Failed 4/17 subtests
        (less 4 skipped subtests: 9 okay)
t\start-stopssl.t ................. ok
t\startssl-failed.t ............... ok
t\startssl.t ...................... 1/21 Use of uninitialized value $l in string ne at t\startssl.t line 124.
t\startssl.t ...................... Failed 1/21 subtests
t\sysread_write.t ................. ok
t\verify_fingerprint.t ............ 8/13 Terminating on signal SIGINT(2)
NMAKE : fatal error U1058: terminated by user
Stop.

C:\Data\build\p5-io-socket-ssl-2.074>

I have found that for it to work consistently - the following three conditions need to be met:

1. all associated [orphaned] Perl processes must be killed
2. the developer command prompt needs to be closed and re-opened anew
3. start from a cleanly extracted p5-io-socket-ssl-2.074.tar.gz archive

[twata1]

As for the recent Perl builds using Visual Studio, I am concerned about the Windows section of perl5260delta.

[PhilterPaper]

2.084 on Strawberry Perl 5.26 and 5.38 both installed (upgraded) fine via cpan (using the default "yes" to external tests). 5.32 hung on verify_fingerprint.t 1/13 (with the default "yes"), but installed OK if "no" to external tests. Tried it twice, to make sure it wasn't a fluke. Hope that's helpful.