Session re-use not working on Fedora 26 with current Net-SSLeay and IO-Socket-SSL

[pghmcfc]

I build RPM packages of perl modules including perl-Net-SSLeay and perl-IO-Socket-SSL for a range of Fedora and CentOS distributions. With current Net-SSLeay (1.88), the IO-Socket-SSL test suite fails tests t/session_ticket.t and t/sessions.t on Fedora 26:

$ make test TEST_VERBOSE=1
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" t/*.t
# openssl version compiled=0x1010008f linked=0x1010008f -- OpenSSL 1.1.0h-fips  27 Mar 2018
# Net::SSLeay version=1.88
# parent IO::Socket::IP version=0.39
...
# listen at 127.0.0.1:48269
# listen at 127.0.0.1:51889
# connect to 0: success reuse=0 version=TLSv1_2
# connect to 0: success reuse=0 version=TLSv1_2

#   Failed test 'reuse with the next session and secret[0]'
#   at t/session_ticket.t line 79.
#          got: '0'
#     expected: '1'
# connect to 1: success reuse=0 version=TLSv1_2

#   Failed test 'reuse even though server changed, since they share ticket secret'
#   at t/session_ticket.t line 79.
#          got: '0'
#     expected: '1'
# connect to 1: success reuse=0 version=TLSv1_2
# connect to 0: success reuse=0 version=TLSv1_2
# connect to 0: success reuse=0 version=TLSv1_2

#   Failed test 'reuse again since got ticket with secret[0] in last step'
#   at t/session_ticket.t line 79.
#          got: '0'
#     expected: '1'
# Looks like you failed 3 tests of 6.
t/session_ticket.t ................ 
1..6
access to server[0]
creating new ticket key1
server[0] reused=0
ok 1 - no initial session -> no reuse
access to server[0]
creating new ticket key1
server[0] reused=0
not ok 2 - reuse with the next session and secret[0]
access to server[1]
creating new ticket key1
server[1] reused=0
rotate secrets
not ok 3 - reuse even though server changed, since they share ticket secret
access to server[1]
creating new ticket key2
server[1] reused=0
rotate secrets
ok 4 - reports non-reuse since server1 changed secret to secret[1]
access to server[0]
creating new ticket key1
server[0] reused=0
ok 5 - reports non-reuse on server0 since got ticket with secret[1] in last step
access to server[0]
creating new ticket key1
server[0] reused=0
not ok 6 - reuse again since got ticket with secret[0] in last step
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/6 subtests 
Use of uninitialized value in string eq at t/sessions.t line 87.
t/sessions.t ...................... 
1..17
ok # [server]:31 Server initialization
ok # [client]:59 Context init
ok # [server]:138 Client init
ok # [client]:73 Client init, version=TLSv1_2
not ok # [client]:82 >=3 entries in cache: 0
not ok # [client]:85 127.0.0.1:59449 in cache
not ok # [client]:85 127.0.0.1:56505 in cache
not ok # [client]:85 127.0.0.1:49985 in cache
ok # [server]:143 Server send pong, received ping
not ok # [client]:88 latest (127.0.0.1:49985) on top of cache
not ok # [client]:95 session in client 0
not ok # [client]:95 session in client 1
not ok # [client]:95 session in client 2
not ok # [client]:104 client IO::Socket::SSL=GLOB(0x88d1078) reused
not ok # [client]:104 client IO::Socket::SSL=GLOB(0x8906d30) reused
not ok # [client]:104 client IO::Socket::SSL=GLOB(0x89070c0) reused
ok # [server]:151 Client again init + write + read
Failed 11/17 subtests 
...
Test Summary Report
-------------------
t/session_ticket.t              (Wstat: 768 Tests: 6 Failed: 3)
  Failed tests:  2-3, 6
  Non-zero exit status: 3
t/sessions.t                    (Wstat: 0 Tests: 17 Failed: 11)
  Failed tests:  5-8, 10-16
Files=41, Tests=791, 44 wallclock secs ( 0.12 usr  0.03 sys +  6.68 cusr  0.40 csys =  7.23 CPU)
Result: FAIL
Failed 2/41 test programs. 14/791 subtests failed.

The tests pass on all other Fedora/CentOS versions I build for (Fedora 13, CentOS 6 onwards). Points of interest:

• Fedora 26 has OpenSSL 1.1.0h; Fedora 25 has OpenSSL 1.0.2m and Fedora 27 has 1.1.0i.
• If I downgrade Net-SSLeay to 1.85_09, the tests pass
• With Net-SSLeay 1.88, IO-Socket-SSL 2.060 passes but later versions all fail the same way.
• If I patch Net-SSLeay 1.8.8 so that SSL_SESSION_up_ref is not defined (by changing the OpenSSL version check from 1.1.0 to 1.1.1), the tests pass

I can't really see any change between OpenSSL 1.1.0h and 1.1.0i that would account for this. It's possible it could be related to downstream patching but I don't know.

Any ideas?

[noxxi]

As far as I can see Fedora 26 is EOL since more than a year. Therefore I will not invest time to debug a problem which seems to exist only on a platform which is no longer supported by the vendor anyway.