I build RPM packages of perl modules including perl-Net-SSLeay and perl-IO-Socket-SSL for a range of Fedora and CentOS distributions. With current Net-SSLeay (1.88), the IO-Socket-SSL test suite fails tests t/session_ticket.t and t/sessions.t on Fedora 26:
$ make test TEST_VERBOSE=1
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(1, 'blib/lib', 'blib/arch')" t/*.t
# openssl version compiled=0x1010008f linked=0x1010008f -- OpenSSL 1.1.0h-fips 27 Mar 2018
# Net::SSLeay version=1.88
# parent IO::Socket::IP version=0.39
...
# listen at 127.0.0.1:48269
# listen at 127.0.0.1:51889
# connect to 0: success reuse=0 version=TLSv1_2
# connect to 0: success reuse=0 version=TLSv1_2
# Failed test 'reuse with the next session and secret[0]'
# at t/session_ticket.t line 79.
# got: '0'
# expected: '1'
# connect to 1: success reuse=0 version=TLSv1_2
# Failed test 'reuse even though server changed, since they share ticket secret'
# at t/session_ticket.t line 79.
# got: '0'
# expected: '1'
# connect to 1: success reuse=0 version=TLSv1_2
# connect to 0: success reuse=0 version=TLSv1_2
# connect to 0: success reuse=0 version=TLSv1_2
# Failed test 'reuse again since got ticket with secret[0] in last step'
# at t/session_ticket.t line 79.
# got: '0'
# expected: '1'
# Looks like you failed 3 tests of 6.
t/session_ticket.t ................
1..6
access to server[0]
creating new ticket key1
server[0] reused=0
ok 1 - no initial session -> no reuse
access to server[0]
creating new ticket key1
server[0] reused=0
not ok 2 - reuse with the next session and secret[0]
access to server[1]
creating new ticket key1
server[1] reused=0
rotate secrets
not ok 3 - reuse even though server changed, since they share ticket secret
access to server[1]
creating new ticket key2
server[1] reused=0
rotate secrets
ok 4 - reports non-reuse since server1 changed secret to secret[1]
access to server[0]
creating new ticket key1
server[0] reused=0
ok 5 - reports non-reuse on server0 since got ticket with secret[1] in last step
access to server[0]
creating new ticket key1
server[0] reused=0
not ok 6 - reuse again since got ticket with secret[0] in last step
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/6 subtests
Use of uninitialized value in string eq at t/sessions.t line 87.
t/sessions.t ......................
1..17
ok # [server]:31 Server initialization
ok # [client]:59 Context init
ok # [server]:138 Client init
ok # [client]:73 Client init, version=TLSv1_2
not ok # [client]:82 >=3 entries in cache: 0
not ok # [client]:85 127.0.0.1:59449 in cache
not ok # [client]:85 127.0.0.1:56505 in cache
not ok # [client]:85 127.0.0.1:49985 in cache
ok # [server]:143 Server send pong, received ping
not ok # [client]:88 latest (127.0.0.1:49985) on top of cache
not ok # [client]:95 session in client 0
not ok # [client]:95 session in client 1
not ok # [client]:95 session in client 2
not ok # [client]:104 client IO::Socket::SSL=GLOB(0x88d1078) reused
not ok # [client]:104 client IO::Socket::SSL=GLOB(0x8906d30) reused
not ok # [client]:104 client IO::Socket::SSL=GLOB(0x89070c0) reused
ok # [server]:151 Client again init + write + read
Failed 11/17 subtests
...
Test Summary Report
-------------------
t/session_ticket.t (Wstat: 768 Tests: 6 Failed: 3)
Failed tests: 2-3, 6
Non-zero exit status: 3
t/sessions.t (Wstat: 0 Tests: 17 Failed: 11)
Failed tests: 5-8, 10-16
Files=41, Tests=791, 44 wallclock secs ( 0.12 usr 0.03 sys + 6.68 cusr 0.40 csys = 7.23 CPU)
Result: FAIL
Failed 2/41 test programs. 14/791 subtests failed.
The tests pass on all other Fedora/CentOS versions I build for (Fedora 13, CentOS 6 onwards).
Points of interest:
Fedora 26 has OpenSSL 1.1.0h; Fedora 25 has OpenSSL 1.0.2m and Fedora 27 has 1.1.0i.
If I downgrade Net-SSLeay to 1.85_09, the tests pass
With Net-SSLeay 1.88, IO-Socket-SSL 2.060 passes but later versions all fail the same way.
If I patch Net-SSLeay 1.8.8 so that SSL_SESSION_up_ref is not defined (by changing the OpenSSL version check from 1.1.0 to 1.1.1), the tests pass
I can't really see any change between OpenSSL 1.1.0h and 1.1.0i that would account for this. It's possible it could be related to downstream patching but I don't know.
As far as I can see Fedora 26 is EOL since more than a year. Therefore I will not invest time to debug a problem which seems to exist only on a platform which is no longer supported by the vendor anyway.
I build RPM packages of perl modules including perl-Net-SSLeay and perl-IO-Socket-SSL for a range of Fedora and CentOS distributions. With current Net-SSLeay (1.88), the IO-Socket-SSL test suite fails tests t/session_ticket.t and t/sessions.t on Fedora 26:
The tests pass on all other Fedora/CentOS versions I build for (Fedora 13, CentOS 6 onwards). Points of interest:
I can't really see any change between OpenSSL 1.1.0h and 1.1.0i that would account for this. It's possible it could be related to downstream patching but I don't know.
Any ideas?