Tests fails with Openssl 1.1.1-stable branch

[xnox]

Tests fails with Openssl 1.1.1-stable branch

I believe this is started with https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a

Seems like new behaviour happens with EOF, and this trips up io-socket-ssl testsuite.

[carnil]

This now has been reported in downstreams (here in Debian as https://bugs.debian.org/954371) after 1.1.1e based version entered unstable.

[pghmcfc]

The attached patch is a starting point for getting this working, and needs to be used in conjunction with radiator-software/p5-net-ssleay#161 applied to Net::SSLeay. It's a bit of a hack but it gets the test suite passing for me. IO-Socket-SSL-2.067-openssl-1.1.1e.patch.txt

[noxxi]

I'm not happy with the patch in the current form. It just does something without any kind of information about and explanation of the underlying issue and it seems to require some strange fix to a test. The latter actually means that the patch might also require such strange fixes to normal user programs. Such a behavior change is not what users expect and should be prevented whenever possible.

[pghmcfc]

@noxxi, yes I know, which is why I described it as a starting point. It at least indicates where to look for a better fix, which would probably involve checking for the new SSL_R_UNEXPECTED_EOF_WHILE_READING error from OpenSSL so as to be sure about the cause. As for the test, maybe it really needs fixing in Net::SSLeay but I don't know enough about this code to understand it properly.

[noxxi]

Part or even all of the problem seems to come from a behavior change in OpenSSL 1.1.1e which I consider a bug and have filed as such, see https://github.com/openssl/openssl/issues/11388 . I'll wait for a reaction to this bug report before deciding how to best deal with the issue.

[noxxi]

It looks like it is accepted now that OpenSSL 1.1.1e broke some stuff here (affects nginx, Python, ruby...) and it looks like these changes get reverted. Therefore I check for OpenSSL 1.1.1e now in Makefile.PL and refuse to build when detected: IO::Socket::SSL version 2.068, see 2c124d4. This should work around the problem and hopefully all is fixed again in OpenSSL 1.1.1f.